High Availability configuration status is "not synchronized" after performing a config push from Panorama

High Availability configuration status is "not synchronized" after performing a config push from Panorama

6094
Created On 11/29/24 07:32 AM - Last Modified 08/28/25 02:54 AM


Symptom


  • Running Config status of High Availability (HA) shows as "not synchronized" after performing a config push from Panorama.
  • The issue happens randomly.
  • The following system log (show log system) can be seen on either one of HA devices.

HA Group XX: Running configuration not synchronized after failure

Environment


  • Panorama managed Firewalls
  • PAN-OS 11.1.X
  • High Availability (HA)

Cause


  • Mismatch in content versions between the Firewalls in the HA configuration.
  • The content update jobs conflict leading to a stack of pending jobs on one of the firewalls.
  • This causes content on one HA firewall not to update resulting in mismatch of content version.

Resolution


Workaround

  1. Manually synchronize the configuration between the HA peers using the "Sync to peer" or the following CLI command:
    > request high-availability sync-to-remote running-config

Preventive measures

  1. Check the installed content version on both HA peer devices. If these are different, align the installed content version between both HA peer devices.
  2. If you have configure update schedule on Panorama, check and adjust the deployment update schedule for the content updates on Panorama and/or the template stack to prevent conflicting update jobs.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PQuSCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language