Symptom

Standby node fails to join HA with "CD App Sync error is App Config Apply Failed" /ngfw/var/log/action_queue.log on the standby device will have the following: May 5 13:31:58 ftd2 policy_apply.pl[26258]: $VAR1 = bless( { May 5 13:31:58 ftd2 policy_apply.pl[26258]: '-text' => 'Required package is missing or md5sum mismatch: /ngfw/var/cisco/deploy/pkg/var/cisco/packages/modules-2707-x86_64.tgz', May 5 13:31:58 ftd2 policy_apply.pl[26258]: '-line' => 582, May 5 13:31:58 ftd2 policy_apply.pl[26258]: '-stacktrace' => 'Required package is missing or md5sum mismatch: /ngfw/var/cisco/deploy/pkg/var/cisco/packages/modules-2707-x86_64.tgz at /ngfw/usr/local/sf/lib/perl/5.24.4/SF/NGFW/PolicyApply.pm line 582.

Conditions

All of the following conditions have to be met to hit this issue: 1. RA VPN is configured with anyconnect packages and deployed. 2. Break HA 3. Current SRU on FMC is uninstalled and installed again. Deployments done to previous active device after that. 4. Create HA again

Workaround

Workaround 1 =========== Login to the FTD to the root prompt and delete /ngfw/var/cisco/deploy/temp folder. If the above workaround doesn't work after attempting to reform HA, proceed with the below workaround: Workaround 2 =========== Push deployment to FTD(s) affected by this defect and reform HA via 'configure high-availability resume'

Further Problem Description