Cannot Sync from Active to Passive Member in HA Pair
Cannot sync from active to passive device in high availability (HA) pair. However, sync from the passive to active device occurs with no issues.
Note: Another symptom that may arise is that the passive device encounters problems updating the apps and threat content.
The issue may occur because the symbolic link needed for the global.xml file is lost. Look for the following message inside of the mp\ms.log on the passive device:
> less mp-log ms.log
Error: pan_file_to_xml(pan_xml_utils.c:373): file /opt/pancfg/mgmt/global/global.xml doesn't exist
The simplest way to resolve this issue is to restart the management server on the passive device. Reboot the passive Palo Alto Networks firewall or manually restart the management server on the CLI using the following command:
> debug software restart management-server
Note: Restarting the management server disconnects you from the WebGUI. Be sure to save any changes or commit before performing this step.
After the management server restarts (in a couple of minutes), log into the WebGUI, then sync from the active member.