ASA 5520 %ASA-3-742004: failed to sync master key for password encryption

Answered Question
Jul 12th, 2010

Hi,

We are now using ASA 5520 firewall v8.3 ( migrated from PIX 515E) and everythink seems to work fine regarding the configuration syncho between the active and our standby asa device excepted that I'm always getting the following error when saving the configuration :

%ASA-3-742004: failed to sync master key for password encryption, reason=key length is 0, should be > 8 and less than 128

I have configured a password encryption key using the command "key config-key password-encryption" without success.

Could you please help us to solve this issue ?

Thanks a lot.

Regards.

Frédéric

I have this problem too.
0 votes
Correct Answer by Panos Kampanakis about 6 years 4 months ago

Yup, that is the one!

It is not fixed yet, but it should be cosmetic. Make sure you can login to the standby with the password and you are good to go.

PK

Correct Answer by Panos Kampanakis about 6 years 4 months ago

This could be new defect CSCth37641: "Issue is seen with an ASA pair running software version 8.3 configured for active/standby failover.  With logging enabled, when the active ASA issues the command "write mem", the log message is seen on the standby ASA" that is cosmetic.

Is that what you are seeing?

I hope it helps.

PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Panos Kampanakis Mon, 07/12/2010 - 10:43

This could be new defect CSCth37641: "Issue is seen with an ASA pair running software version 8.3 configured for active/standby failover.  With logging enabled, when the active ASA issues the command "write mem", the log message is seen on the standby ASA" that is cosmetic.

Is that what you are seeing?

I hope it helps.

PK

riziv Tue, 07/13/2010 - 00:02

Hi PK,

yes, that's exactly what we are seeing when doing a wr mem on the ASA.

Thanks a lot for your answer.

Regards.

Correct Answer
Panos Kampanakis Tue, 07/13/2010 - 05:35

Yup, that is the one!

It is not fixed yet, but it should be cosmetic. Make sure you can login to the standby with the password and you are good to go.

PK

Actions

This Discussion