Warning message: Ignoring session synchronization due to HA2-unavailable
32659
Created On 10/11/19 22:49 PM - Last Modified 09/07/23 02:44 AM
Symptom
Warning: HA Group 1: Ignoring session synchronization due to HA2-unavailable messages are seen in the system log and ha_agent log.
Environment
- All PAN-OS.
- All platforms that support High Availability except HA-lite.
- HA Active-Passive.
- HA Active-Active.
Cause
This message will appear when there is no HA(High Availability) state synchronization between HA peers due to:
- HA2 down due to link failure.
- HA2 port being bad.
- Link flaps of HA2 port.
- HA2 keep-alive failing to be processed by dataplane CPU.
high ha session 0 HA Group 1: Ignoring session synchronization due to HA2-unavailable
high ha ha2-lin 0 HA2 peer link down
HA_agent Log output
Warning: ha_event_log(src/ha_event.c:47): HA Group 1: Ignoring session synchronization due to HA2-unavailable
debug: ha_rts_peer_update(src/ha_rts.c:210): Group 1: peer status Complete, new peer status HA2-unavailable
Warning: ha_event_log(src/ha_event.c:47): HA Group 1: Ignoring session synchronization due to HA2-unavailable
Warning: ha_event_log(src/ha_event.c:47): HA Group 1: Ignoring session synchronization due to HA2-unavailable
Resolution
- Confirm if the dataplane CPU is high, troubleshoot, and resolve High Dataplane CPU and verify the messages have stopped.
- If the messages still continue. the physical layer issue needs to be checked. Troubleshoot by swapping the cable, port, or unit which is faulty. Identify which HA peer is showing port issues using the following command.
> show high-availability interface ha2 Interface ha2: hsci-a -------------------------------------------------------------------------------- Name: hsci-a, ID: 8 Link status: Runtime link speed/duplex/state: unknown/unknown/down Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 58:49:3b:fd:b4:08 Operation mode: ha-itmh Untagged sub-interface support: no -------------------------------------------------------------------------------- Name: hsci-a, ID: 8 Operation mode: ha-itmh Interface IP address: 192.168.2.1/24 Interface management profile: N/A Service configured: Zone: N/A, virtual system: N/A Adjust TCP MSS: no Policing: no -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Physical port counters read from MAC: -------------------------------------------------------------------------------- [7mlines 1-24[27m[K [Krx-broadcast 0 rx-bytes 36358371596986 rx-multicast 0 rx-unicast 0 tx-broadcast 0 tx-bytes 781637522178366 tx-multicast 0 tx-unicast 1809352131337 --------------------------------------------------------------------------------
Note, in the above snippet; duplex, speed and state are all unknown which is an indication of possible layer one issue.