The following error message can be printed on standby:
Config Sync Error: Following command could not be executed on standby
<>Context: <>
******REPLICATION OF CONFIGURATION FROM ACTIVE TO STANDBY UNIT IS INCOMPLETE, TO PREVENT THE STANDBY UNIT TAKING OVER AS ACTIVE WITH A PARTIAL CONFIGURATION, THE STANDBY UNIT WILL NOW REBOOT*******
The problem is that for some reason, the failover replication is stopped because one of the commands was not accepted on standby. For that reason and to avoid inconsistence states, it reloads.
In fact, the happens on version 2.3(2). On versions 3.X.X I believe that the problem will not occur. The problem is related to the configuration status on standby. When the maximum acl is achived on the blade (you can check it with thecommand "sh resource acl") the standby unit will also get to this state correctly synced. The problem in this situation was that when the active unit wanted to replicate the configuration in the limit acl config, the standby did not accept some of the rules and rejected at least one of the lines. This caused this situation.
How to fix it:
- Optimize your config and reduce your config size.
- If it does not sync correctly, clear the configuration on standby and sync it again.
1 comment:
Hi everyone, I had the exact same problem.
Can you tell me please why is the reason the failover FWSM unit can't synchonized with the active FWSM unit?
As far I know this is a common problem when you're using multiple context and can be resolved asigning space to the partition where is located the context in mention.
What about if you're not using multiple context?
Post a Comment