Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] NSRP backup configuration is out of sync due to one or more configuration lines being out of order



Article ID: KB9657 KB Last Updated: 18 Dec 2017Version: 6.0
This article describes the issue of the NSRP backup configuration being out of sync. The configuration between the Master and Backup matches; but one or more configuration lines are out of order.
  • The backup in the NSRP cluster reported that configurations were out of sync.

  • After manually issuing the exec nsrp sync global-config save CLI command and rebooting the backup, the device still reports that the configuration is out of sync. 

  • The ordering of certain CLI commands in the configuration file could be one of the several reasons for the configuration out of sync error.

To find out if the configuration ordering is the reason and where the ordering is mismatched, you can use any of the following two methods:

Method 1:

You can compare the two configuration files ny using a text editor, such as CSdiff, Examdiff, Ultraedit, Windiff, and so on. If the configurations on the Master and Backup were compared line by line, occasionally, a line might be out of order.  For example:

78 set interface tunnel.3 protocol bgp
79 set interface tunnel.1 protocol bgp
78 set interface tunnel.1 protocol bgp
79 set interface tunnel.3 protocol bgp


Notice that on the Master, the tunnel.3 (line 78) is before tunnel.1 (line 79), whereas on the backup, the tunnel.1 (line 78) is before the tunnel.3 (line 79).  Although this will not cause any issues in functionality, it can cause the NSRP configuration sync issue.

Method 2:

A command that shows the line numbers and the number of lines in the configuration that are not matching with respect to the peer configuration is available:

nsisg1000(B)-> exec nsrp sync global-config diff
nsisg1000(B)-> rcv_sys_config_diff: get local config sucess
Local have 362 different cmd lines:
2 set chassis temperature-threshold severe Fahrenheit 176
3 unset vrouter trust-vr sharable
4 set vrouter "untrust-vr" default-vrouter
5 set vrouter "untrust-vr"
6 exit
7 set vrouter "trust-vr"
8 set auto-route-export
line sequence out of order too much, display stopped
Peer have 262 different cmd lines:
2 set vrouter trust-vr sharable
3 set vrouter "untrust-vr"
4 exit
5 set vrouter "trust-vr"
line sequence out of order too much, display stopped

If there are too many lines, then it will not display all the lines; but it will display a few of them and provide the total number of lines that are different in the configuration.

One solution is to manually save the configuration from the Backup, either via the WebUI or to a TFTP server and then manually swap the configuration lines; in such a way that it matches the configuration line order of the Master. 

You can then re-upload the configuration to the Backup and reboot (do not save the configuration, if prompted). When the Backup is up, check the config sync by running the exec nsrp sync global-config check command on the Backup.
Modification History:
2017-12-07: Article reviewed for accuracy. No changes made. Article is correct and complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search