Some configuration went missing/deleted after upgrading Panorama HA setup

• After upgrading a Panorama HA setup to 10.2.10-h3, some polices / object went messing which caused an outage.
• Restoring an old configuration version resolved the issue, and all the missing configurations were restored.
• The configuration audit logs indeed show that after the upgrade, we lost some object / polices for unknown reason. 
• Preemption was not disabled before the upgrade.
• The secondary device system logs before the upgrade was showing that the device is out-of-sync for a long time and the configuration was not synced to it from the Primary: 

  SYSTEM,ha,0,2024/08/09 20:23:27,,config-not-synch,,0,0,general,high,"Commit on peer device with running configuration not synchronized; synchronize manually"

• Palo Alto Networks Panorama.
• PAN-OS 10.2.10
• High Availability (HA) Active / Passive

Configuration between Active/Passive Panorama was not syncronized.

1. Ensure the configuration between Active/Passive Panorama is in sync.
2. As per best practice for upgrading an HA devices, config should be in sync prior to upgrade and preemption should be disabled.

• The req_stats.log (less mp-log req_stats.log ), can provide the details of cli commands.
• In this log, the HA Sync CLI command was done from secondary to Primary thereby deleting the newer configuration.

<request cmd="op" cookie="XXXXXXXXXXXXXXXXX" refresh="no"><operations xml="yes"><request><high-availability><sync-to-remote><running-config/></sync-to-remote></high-availability></request></operations></request>