Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PAN-OS 3.17 - High Availability - Not Sync Properly

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN-OS 3.17 - High Availability - Not Sync Properly

Not applicable

I am configuring 2 PA 2020's for a customer and am having the following problems w/the HA pair once built.  Has anyone came across this issue?

***** Text below was sent to my internal technical team *****

I have HA setup, configured and the failover active/passive tested okay w/no issues.  However the synching of the running config is having issues.  The below output is from the Active box when I manually push the running config  the other box.

02/08 10:43:53  ha  critical    config-failure  HA Group 1: running configuration not synchronized after 3 retries

02/08 10:37:49  ha  informational    ha1-link-change  HA1 link up

02/08 10:37:49  ha  informational    connect-change  HA Group 1: HA1 connection up
02/08 10:37:47  ha  high    config-not-synch  HA Group 1: commit on peer device with running configuration not synchronized; synchronize manually

Thanks,
Jeff

6 REPLIES 6

L6 Presenter

Hi,

Is the technician syncing from the UI first and is that also failing with the same output? Just confirming that the following command is being executed on the Active device if syncing from UI is not working:

pantac@PA-4050> request high-availability sync-to-remote running-config

-Renato

Hi Renato,

Yes, I have tried running the command from the Active firewall and it failed.  I just did a maintenance mode recovery and now the 2 boxes are in Sync.  Let's see if it stays in sync over the course of this day as I am still in the process of building out their configuration.

Thanks for your resonse,
Jeff

Okay the HA pair is not syncing again...  Here is what I get when I run the command manually

Server error : Failed to synchrnize running configuration

Hi Jeff,

Would you mind calling into Support to get further assistance with this issue? We'll do a better job of root cause analysis if we can obtain logs and perhaps a gotomeeting session as well.

Regards,

Renato   

L4 Transporter

It generally happens on my PA-2050s when they have been up longer than 70+ days.

After working w/support and their developers yesterday afternoon the issue w/our HA issue appears to be a bug and should be fixed within the next few weeks.

Thanks Steve @ Palo for your help yesterday!

Jeff

  • 4721 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!