Running configuration not synchronized after failure. 4 but if your issue is like the following , you can try to upgrade 5. The trigger for this issue is believed to be a connectivity problem between the HA peers at some point in time. I am running version 5. The configuration seems syncing,,, and some external files might be the issue if still not synced. So it is annoying but appears to be pretty benign for us. Is there something I can do to get FW01's config back in sync with Panorama, so those two recently deleted rules will get deleted on FW01? (the config is valid and I dont see errors thats blocking it). log I see the following lines as an example: Feb 25, 2019 · So you may want to focus on the rest of the output from the config audit - on the configuration that is synchronized between member and will sync if you run "sync to peer" Symptom Alert regarding "Out of Sync Peers - Configuration" Environment PAN-OS High-availability Cause The running config of one of the devices is not synchronized with its HA Peer. 8. Sep 26, 2018 · In High Availability (HA), management settings are not synchronized to the peer device so you can receive sync errors due to inconsistencies in the management settings. Jul 5, 2016 · Solved: I tried it twice, same result every time. I commited change from Panorama to Active firewall and noticed 'Not synchronized' message - 94384 Jul 8, 2020 · But it seems, there is no HA auto running-config sync to HA-peer. Oct 3, 2012 · It will show the following:- Running Configuration: not synchronized Out-of-sync Reason: Failure to complete config sync >However at this time the the active device running configuration will show "synchronized. 1. Output of show high-availability state indicate failure of synchronization of running configuration. A manual sync was not working, nor did a reboot of both devices (sequentially) help. I recommend that you don’t try to make any configuration changes until both firewalls are at the same version. Is it still looking NOT synced ??? (though GUI ? or cli). check: Mar 31, 2020 · After running a config comparison there are no differences that would qualify it to be out of sync. The Running Config not synchronized is normal, and should recover once both firewalls are at the same version. 8 as the Auto deletion of DLP directory/plugin on downgrade to 9. The warning dissapears as soon as the Dec 5, 2022 · Symptom Command show high-availability all shows running configuration not synchronized Out-of-sync Reason: Version mismatch with Peer for OC When trying to synchronize running config (request high-availability sync-to-remote running-config), it gives error: Sep 25, 2018 · High Availability (HA) config sync will synchronize the running configuration, but the actual HA settings are not synchronized. The previous message is generated when "Commit All" is done on both of the HA firewalls in the pair, and "Merge with Device Candidate Config" is set on Panorama. Feb 28, 2023 · Paloalto(PA-200)で、HA構成でActive(正系)機器からPassive(副系)機器へ設定コンフィグを同期する方法(CLI)をまとめていきます!「request high-availability sync-to-remote running-config」は初期構築でHAを組んだ後に正系から副系にコンフィグを同期したい時に便利なコマンドです。 Jan 17, 2024 · This article provides a solution to the configuration sync error "Running configuration not synchronized after failure". If the ABOVE is the case please open a support ticket with Palo Alto Networks and get the issue looked upon. If using HA Path Monitoring, the options are to add a Virtual Wire, VLAN, or Virtual Router that will be monitored. This article provides a solution to the configuration sync error "Running configuration not synchronized after failure". 02/08 10:43:53 ha critical config-failure HA Group 1: running configuration not synchronized after 3 retries When forming a failover pair, the joining unit clears its running configuration and replicates the entire configuration from the active unit. After the unit joins the failover pair, any configuration change on the active unit are also replicated on the standby unit to We are facing the issue with HA running config not synchronized >> We have restarted the both active and passive firewall management server and push the configuration by execute the cli command ' request high-availability sync-to-remote running-config' but its showing as " Failed to synchronize running configuration with HA peer". Else you need to troubleshoot this. Mar 17, 2014 · I will randomly - once a week get a message "SYSTEM ALERT : critical : HA Group 1 : Running configuration not synchronized after retries. Jul 31, 2020 · These messages are normal when initially you form a cluster, or after reloading a member. The mismatch is shown in the High Availability widget. A little more details: Aug 16, 2023 · Note that after you upgrade just 1 firewall, the HA widget on the firewall DASHBOARD tab will show PAN-OS version mismatch, and Running Config being not-synchronized. I have tried restarting the passive device, did not solve the problem, also tried to delete the HA config, save the running configs from the active unit and imported them on the passive unit to make sure that both devices have Jan 8, 2013 · For whatever reason, I had a Palo Alto Networks cluster that was not able to sync. The issue is resolved temporarily by performing manual sync from the Primary/Active. Jan 17, 2024 · HA Group XX: Running configuration not synchronized after failure. 2. ( severity eq critical ) and ( description contains 'HA Group 1: Running configuration not synchronized after failure' ) We have PA setup in active active and both PA shows this above error. 1 is only fixed in 9. Oct 10, 2019 · 'HA Group 1: Running configuration not synchronized after failure' Go to solution myky L3 Networker Sep 22, 2022 · Configuration Synchronization: Enabled: yes Running Configuration: not synchronized Out-of-sync Reason: Version mismatch with Peer for DLP After sharing this with Palo TAC, they suggested to upgrade both firewalls to 9. On the dashboard I can tell that all versions are matching, however automatic sync is not working (yes its enabled), but manual sync works. Resolution To fix this problem: Sync to peer under the high-availability widget: Login to the UI of the "active" Firewall for A/P setup ("active primary" Firewall for A/A setup) and on the Dashboard tab check the Jun 19, 2019 · Hi Team We are facing the issue with HA running config not synchronized >> We have restarted the both active and passive firewall management server and push the configuration by execute the cli command ' request high-availability sync-to-remote running-config' but its showing as " Failed to synchronize running configuration with HA peer". The firewalls themselves show as "config in sync". 0. If I wait a few seconds and refresh this status and the configs are synch'd. 5 or open a case. Progress Customer CommunityLoading × Sorry to interrupt CSS Error Refresh Hi guys, I have 2 PA-805s in HA A/P mode running PAN-OS 10. The message that the running config is not synchronized is caused by the possible different layout of the XML configuration file in the new version. To avoid configuration conflicts, always make configuration changes on the active (active/passive) or active-primary (active/active) peer and wait for the changes to sync to the peer before making any Jun 17, 2013 · 06-17-2013 09:50 AM I did not see this with 5. Upon completing full configuration sync, the joining unit assumes the standby ready role and establishes the failover pair. From the ha_agent. If you have enabled configuration synchronization on both peers in an HA pair, most of the configuration settings you configure on one peer will automatically sync to the other peer upon commit. Jun 22, 2018 · While all logs stated that sync was done successfully, dashboard still stated that config is not synced. Recently, the 2 devices were not being able to automatically sync however I am able to sync manually. Dec 5, 2022 · Symptom Command show high-availability all shows running configuration not synchronized Out-of-sync Reason: Version mismatch with Peer for OC When trying to synchronize running config (request high-availability sync-to-remote running-config), it gives error: Feb 10, 2011 · The below output is from the Active box when I manually push the running config the other box. If I check on the dashboard-HighAvailability - I see the config is not synchronized. Its partner does not have those two rules that have been recently deleted. Jan 28, 2020 · HA is formed between Primary and Secondary Panorama but running configuration is not synchronized. In my case, the solution was to check the SSL certificates. Automatic configuration synchronization was not occurring between peers in an HA configuration after a policy change. In dashboard (High Availability) i am in red "not syncronized" status and need to sync manually. Finally, the PAN support told me to “Export device state” on the active unit, import it on the passive one, do some changes, and commit. Indeed, this fixed it. Mar 31, 2020 · Passive 2020/02/24 22:34:49 critical ha config- 0 HA Group 5: Running configuration not synchronized after failure The previous message is generated when "Commit All" is done on both of the HA firewalls in the pair, and "Merge with Device Candidate Config" is set on Panorama. . Sep 25, 2018 · When performing a major or minor software upgrade of the HA pair, we expect to see a configuration mismatch after upgrading only one device in the pair. Oct 9, 2019 · Interesting part is by the time I login to the firewalls locally they show sync'd so very confused by the error. lrdciz nnpsbnn gbeudi agxrg btdsw thur gxcsuo afn fvkhqp hirod