HA Sync fails with error message "Out-of-sync Reason: Version mismatch with Peer for DLP"

HA Sync fails with error message "Out-of-sync Reason: Version mismatch with Peer for DLP"

8936
Created On 11/18/21 17:49 PM - Last Modified 06/25/25 21:03 PM


Objective


To resolve HA synchronization by resolving DLP version mismatch

FW(active)> request high-availability sync-to-remote running-config
Executing this command will overwrite the candidate configuration on the peer and trigger a commit on the peer. Do you want to continue? (y or n)
Server error: Failed to synchronize running configuration with HA peer; operation not allowed: Version mismatch with Peer for DLP

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1.x and 10.0.X
  • High Availability(HA) Active/Passive 
  • DLP

Procedure


On both HA devices:

  1. Uninstall the Enterprise DLP plugin by using the CLI command "request plugins uninstall dlp"
  2. Downgrade Pan-OS to 10.0.0.

    On the primary HA device:

    1. Upgrade the Enterprise DLP plugin to the latest version.

    On both HA devices:

    1. Verify that the HA devices are now in sync. 

    Additional Information


    Upgrade/Downgrade Considerations

    Unable Sync Configuration between HA Pair after downgrade from PANOS 10 to 9.1.7
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMmRCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

    Choose Language