Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How do I troubleshoot an Active/Passive NSRP cluster with configurations out of sync?



Article ID: KB9817 KB Last Updated: 19 Dec 2017Version: 9.0
It is possible that the configuration settings can become unsynchronized; this can happen if you make any configuration changes on one device while another in the cluster reboots or if all HA links fail.  This article documents how to get the cluster back in sync.  This article is also referenced from the NSRP Resolution Guide.
How do I troubleshoot an Active/Passive NSRP cluster with configurations out of sync?
Use the steps below to correct configs out of sync.  To view the flowchart for these steps, select:  KB9817 Flowchart

note: In the article, Firewall-A refers to the device that is initially configured as the Primary device. Firewall-B is the device that is initially configured to be the Backup device.

Step1   Did you enter the minimum NSRP configuration options? Refer to: KB6015- What is the basic configuration I need to get an NSRP cluster working.

  • Yes - Continue with Step 2
  • No  - Finish configuring the minimum NSRP parameters.

Step2   Attempt to sync the configurations manually.  

NOTE:  Make sure you perform the command on the correct firewall, and make sure you correctly respond with No to the 'save config' prompt.  

For assistance, consult: KB6351 - How do you sync an Active / Passive NSRP pair.

Continue with Step 3

Step13  Are the configurations now in Sync? For information on how to check, consult: KB6359 - How do I check if the Active/Passive NSRP pair configurations are in sync?

Step4  Are all the Hardware and Software requirements met? For information on the minimum requirements, consult: KB11432 - What are the minimum hardware and software requirements for NSRP.

  • Yes - Continue with Step 5
  • No  - Resolve any deficiencies with the requirements.

Step5  Compare the configuration files between Firewall-A and Firewall-B.  Do they match? For assistance, consult: KB11325 - When comparing the NSRP cluster configuration, what should I check.

Step6  Check list of 'out of sync' possible reasons in KB11326.  

If still out of sync after consulting the list, Continue with Step 7.

Step7  For additional assistance, collect the information listed in KB11175- What information do I need to collect before opening an NSRP case. Once the data has been collected, open a case by either calling in to Juniper Networks Technical Assistance Center at 888-314-JTAC (5822) , 408-745-9500 for domestic or international, OR login to the Case Management tool via the Juniper support site at: Case Management and click on the "Create a Case" link.

Modification History:
2017-12-07: Article reviewed for accuracy. No changes made. Article is correct and complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search