Not able to sync configuration to peer with error message "HA Group XX: Running configuration not synchronized after failure"

Not able to sync configuration to peer with error message "HA Group XX: Running configuration not synchronized after failure"

9077
Created On 01/17/24 02:37 AM - Last Modified 03/01/24 11:06 AM


Symptom


  • Failure to synchronize configuration from Active to Passive devices with error message:
HA Group XX: Running configuration not synchronized after failure.
 
  • The HA-Agent log shows the following error:
> less mp-log ha_agent.log
Error:  ha_peer_hello_callback(src/ha_peer.c:5374): Group XX (HA1-MAIN): Peer namespace on peer device missing too long, trying to restart


Environment


  • Any PAN Firewall or Panorama
  • Any PAN-OS version

Cause


The trigger for this issue is believed to be a connectivity problem between the HA peers at some point in time.

Resolution


Once connectivity between the HA peers has been restored:
  1. On the Passive device, restart the management server with the CLI command: 
    debug software restart management-server
  2. On the Active device, synchronize the configuration to the Passive: 
Dashboard > High Availability Widget > Sync to peer
 
  1. If step 1 & 2 do not resolve the problem, go to the Passive and suspend it: 
Device > High Availability > Operational Commands > Suspend local device
 
  1. Once the Passive is in suspended mode, make it functional again and repeat step 2 to synchronize the configuration from Active to Passive:
Device > High Availability > Operational Commands > Make local device functional

Additional Information


How to Recover HA Pair Member from the Suspended State
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WdyCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail