Symptom

FTD device fails to form High Availability (HA) with its peer.

Conditions

1. The 'show failover history' output prints: "CD App Sync error is Failed to apply SSP config on standby. Check app-sync-history CLI for details" 2. The app-sync-history log shows: App Sync Time: 19:43:44 UTC Oct 26 2023 Role: Standby Unit App Sync Status: FAILURE Failed Phase: StandbyNodeJoinSspApply Failure Reason: Failed on SSP PUT URL: null Error response from platform:Bad request errorcode: 400 Content-type:application/json; charset=utf-8 { "error-code": "ERR-xml-parse-error", "error-description": "XML PARSING ERROR: unknown attribute 'linkTs' in element 'fabricEthLanPc'", "error-nr": "559" } 3. The FXOS version of the faulty unit is wrong, i.e., the FXOS version mapping to FTD 7.2.0 is 2.12(0.31), and the FXOS version mapping to FTD 7.2.5 is 2.12(0.519). If the unit is upgraded from 7.2.0 to 7.2.5, the unit shows the old FXOS version, which in this example is 2.12.0.31 Secondary Output of /usr/local/sf/bin/sfcli.pl show_tech_support asa_lina_cli_util: --------------[ 3120-FTD ]--------------- Model : Cisco Secure Firewall 3120 Threat Defense (80) Version 7.2.5 (Build 208) UUID : b5d2a416-5306-11ee-b560-bd48f87f59f3 LSP version : lsp-rel-20231014-1509 VDB version : 373 ---------------------------------------------------- Cisco Adaptive Security Appliance Software Version 9.18(3)53 SSP Operating System Version 2.12(0.31) <==== Wrong mapped FXOS version.

Workaround

Re-image the faulty unit to the 7.2.5 version and reconfigure High Availability (HA)

Further Problem Description