Cannot Sync from Active to Passive Member in HA Pair

Cannot Sync from Active to Passive Member in HA Pair

44863
Created On 09/27/18 07:47 AM - Last Modified 02/07/19 23:36 PM


Resolution

Issue

Cannot sync from active to passive device in high availability (HA) pair. However, sync from the passive to active device occurs with no issues.

Note: Another symptom that may arise is that the passive device encounters problems updating the apps and threat content.

 

Cause

The issue may occur because the symbolic link needed for the global.xml file is lost. Look for the following message inside of the mp\ms.log on the passive device:

> less mp-log ms.log

...

Error: pan_file_to_xml(pan_xml_utils.c:373): file /opt/pancfg/mgmt/global/global.xml doesn't exist

 

Resolution

The simplest way to resolve this issue is to restart the management server on the passive device. Reboot the passive Palo Alto Networks firewall or manually restart the management server on the CLI using the following command:

> debug software restart management-server

Note: Restarting the management server disconnects you from the WebGUI. Be sure to save any changes or commit before performing this step.

 

After the management server restarts (in a couple of minutes), log into the WebGUI, then sync from the active member.

 

owner: jdelio



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8NCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language