Firewall shows connected on Primary panorama but disconnected on secondary Panorama

• After adding a firewall to the secondary panorama, the state shows disconnected.
• The session state is set as established.
• Panorama servers have different device registration auth key.

• PAN-OS 10.1. and later
• Firewall
• Panorama in HA 

• Secondary panorama does not have a valid device registration auth key for the device serial number.
• When both Panorama servers have different keys, the process of using the request authkey set <auth_key> command remains the same.
• However, the device registration authentication key must be unique for each Panorama server.
• Example, if you have Panorama-A and Panorama-B, you must generate different keys for each server and use the correct key when adding a device to the respective Panorama server.

If the firewall is connected to one of the panorama servers, you can set the auth key for the other panorama without issuing the request sc3 reset command as this command will force you to set the auth key for both panorama servers again.
Follow the steps below to generate and set the auth key for the panorama that is not connected.

1. New device registration auth keys were created on both Panorama server   (Panorama> Device Registration Auth Key> add)
2. Set new auth key generated on Panorama server (request authkey set <auth_key>)
3. After 1-2 min the Panorama server  shows connected.