Outside of what @OtakarKlier already mentioned I would ensure that the peer doesn't have an active commit lock which would prevent the active unit from syncing the configuration. As for the Antivirus version you may want to ensure that you've staged the scheduled install times so that you don't have both firewalls downloading and pushing the updates at the same time, that can cause a few issues.
I've outlined the follow three steps in likelyhood that they will actually fix your issue. Work through this list and see if that doens't fix your issue.
1) Have you logged into the peer firewall and verified that it doesn't have an active commit lock or half-complete configuration statements that are blocking the active member from pushing the running-config to the peer. If you can get access to the peer firewall then ensure that you don't have any active locks and revert to running-config to ensure that all possible changes are wiped away; then from the active member run 'request high-availability sync-to-remote running-config', 'request high-availability sync-to-remote runtime-state'.
2) Outside of that you can monitor the ha-agent logs by running 'less mp-log ha_agent.log' which should show an error that would give some insight into what exactly is causing the sync issue.
3) You can also try restarting the mgmtsrvr process on the passive device by running 'debug software restart process management-server'; I've seen instances where this needs to be ran on both to actually bring the config back in-sync, but usually just the passive will fix any issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!