Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1371
Views
5
Helpful
5
Replies

ACE30 not syncing with primary

mol.mini
Level 1
Level 1

‎01-17-2013 07:54 AM

                   We did a faulty ACE30 module swap in a HA pair. Both the ACEs have stopped syncing since then. Below is the error message I see:

FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_CONFIG

                Context Name: Admin     Context Id: 0

                Running Cfg Sync Status:Failed to convert/transform configuration to peer version

Both ACE modules are running 5.2 with the same license.

sh ft peer status from both active and standby show the same results.

Peer Id                      : 1
State                        : FSM_PEER_STATE_COMPATIBLE
Maintenance mode             : MAINT_MODE_OFF
SRG Compatibility            : COMPATIBLE
License Compatibility        : COMPATIBLE
FT Groups                    : 15

Am I missing something here?

Labels:
0 Helpful
5 Replies 5

ajayku2
Cisco Employee
Cisco Employee

‎01-18-2013 06:18 AM

Check if there were certificates on the box. Ideally if SSL certificates are not copied then it is not going to Sync the config. Compare the SSL files on both the box. Copy all the SSL cert to the new box. Then it should sync fine.

0 Helpful

mmol
Level 1
Level 1
In response to ajayku2

‎01-18-2013 07:40 AM

My understanding is that if its a SSL issue, it will go in COLD state and also display the error message that there is a missing crypto file. In this case, I see a different error.

Running Cfg Sync Status:Failed to convert/transform configuration to peer version

0 Helpful

jsirstin
Level 1
Level 1
In response to mmol

‎01-18-2013 07:52 AM

Not all versions of code may display the reason for the config sync failure. I would first verify that all certs and keys are the same on both modules. This is the most common reason for this issue. If they are the same the next step I would take is to compare the two running configs to see if there are any differences. You can use a tool such as winmerge to compare. If you find any differences manually configure them to be the same and try the sync again.

Regards

Jim

0 Helpful

mol.mini
Level 1
Level 1
In response to mmol

‎02-07-2013 08:42 AM

The problem was with the primary ACE module. It was missing startup file that it sends to the peer while sync process. I reloaded it and toggled the sync. Secondary started syncing just fine.

Jorge Bejarano
Level 4
Level 4
In response to mol.mini

‎02-13-2013 03:47 PM

Hey Mini,

It sounds good it works now.

For future reference you may see the #show crypto files to compare the SSL files which you got in the boxes.

Additionally, please be aware that sometimes if there´s any crash in one device and generates a core dump file, they might detect that as a difference.

Then in general you may follow these instructions:

1) Check with #show crypto files

2) Compare both configurations.

3) Check #show version to see if there was a crash which you did not notice.

Hope this helps!

Jorge

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card