Solved: Re: FMC HA Degraded- Synchronization incomplete

Herald Sison · ‎07-17-2022

Hi Gents,

Anyone here tried fixing this error on FMC HA? "Degraded- Synchronization incomplete (This Management Center has fewer devices registered)" and also the registration status to the FTD on the secondary(standby) FMC is still on "Pending Registration"

this is on my FMC - Active

Screenshot 2022-07-18 130200.jpg

this is on my FMC 02 - Standby

Screenshot 2022-07-18 130226.jpg

this is the Health log/notifications

Screenshot 2022-07-18 130723.jpg

ADDITIONAL INFORMATION ON THE FTD SIDE:

show managers on the FTD CLI:

running this command on FTD CLI

cat /etc/sf/sftunnel.conf

Running this command on FTD DB:

 OmniQuery.pl

select * from EM_peers;

Upon checking on the FTD side i can say is everything is working fine but not on the FMC side.

Any thoughts on this one?

Thank you so much

Herald Sison · ‎07-24-2022

Hi Everyone,

The HA pending problem is now solved. I just followed this article https://bluenetsec.com/delete-pending-manager-in-ftd/ and with the help and advise from our internal DBA/developer.

i reached out to TAC about this issue and its already 1 week and still they cant give me a direct solution and they discouraged me from deleting any DB data on the FTD side that makes our troubleshooting process a long time.

View solution in original post

marce1000 · ‎07-17-2022

- Check these threads : https://community.cisco.com/t5/cisco-software-discussions/fmc-ha-synch-failed/td-p/3870765 and https://community.cisco.com/t5/network-security/fmc-ha-synchronisation-issue-please-help/td-p/3992439

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Herald Sison · ‎07-17-2022

Hi Sir,

thanks for the reply, yes i have read and commented on that thread and i even tried the suggestions of doing this command below but still not working for me there is also another comment that says that the given command does not work on his FMC either.

"We had a similar issue, and under guidance from Cisco TAC we were asked to CLI on to the secondary FMC and run 'manage_HADC.pl' and select option 6 (re-establish' mirror. This took about 10 minutes to complete but seemed to do the trick. "

i am also wondering why people are tagging this as a solution when in the first place the commenter did not present any solution or workaround, the commenter just stated the the suggestion did not work for him.

Marvin Rhoads · ‎07-18-2022

@Herald Sison when you say manage_HADC.pl did not work for you do you mean you could not run the command or that the outcome after running it successfully was no improvement to your problem?

Herald Sison · ‎07-18-2022

after i ran the command and select number 6 the error still exist. would deleting it from the DB safe and effective?

Herald Sison · ‎07-19-2022

Hi Sir,

additional information. This is what happened before this error appears.

i have setup HA for the first time and Primary and Secondary FMC's are working and syncing perfectly and smoothly but when the hardware failed on the secondary HA i was forced to break HA on the primary FMC and recreate secondary FMC with the same IP address from a brand new hardware then recreate HA again then this error pops up. i noticed that the UUID of the Secondary FMC from the FTD is different and my assumption is that the UUID registerd in the FTD was the UUID of the previous secondary FMC which i deleted.

later that i know that what i did is the wrong process, i should have backedup the secondary FMC and did not break HA.

Marvin Rhoads · ‎07-19-2022

Given that you "broke" the original HA why not just blow away the HA config altogether on both units and then recreate it from scratch? IT would be a lot easier than to perform a TAC-assisted in-depth process to try to recover the current non-working HA setup.

Herald Sison · ‎07-19-2022

Hi sir, that is what i did but when i recreated ESXi and reinstalled the secondary FMC then setup the HA again that is the time i got into this error/problem.

maybe the UUID of the previous secondary FMC got stuck in to the FTD maybe that is why my new FMC is still on pending registration to my device.

alexander.2.bennett · ‎07-18-2022

Can you ping from the sensor to both FMC's?

Herald Sison · ‎07-18-2022

yes it can ping. the managers are showing fine below

Herald Sison · ‎07-24-2022

Hi Everyone,

The HA pending problem is now solved. I just followed this article https://bluenetsec.com/delete-pending-manager-in-ftd/ and with the help and advise from our internal DBA/developer.

i reached out to TAC about this issue and its already 1 week and still they cant give me a direct solution and they discouraged me from deleting any DB data on the FTD side that makes our troubleshooting process a long time.