https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528380#M4361 <P>I did both.&nbsp; Added a new user account with API read permissions, as well as removing the special character.&nbsp; Thank you sir!</P> <P>&nbsp;</P> Tue, 24 Jan 2023 17:20:09 GMT M.Anderson 2023-01-24T17:20:09Z https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/522797#M4290 <P>More of an advice posting than a request for assistance.</P> <P>&nbsp;</P> <P>Do not make your PA firewall admin password really crazy long and complex (like I did ~ at 19 characters long).</P> <P>If you do, you might get tripped up by Expedition when you try and add a device and the user API keys.</P> <P>&nbsp;</P> <P>Background:</P> <P>New PA-440 Firewall (FW)</P> <P>Stood up Expedition VM on Monday the 21st.</P> <P>&nbsp;</P> <P>I kept getting "Invalid Credential" in Expedition when trying to add the API key for admin with my crazy long complex pwd.</P> <P>I was able to SSH from the Ubuntu Server to the FW using admin with its 19-character long password so was greatly puzzled why Expedition was bombing out. Even opened a case on PA support. Lots of inconclusive results found.</P> <P>&nbsp;</P> <P>After a zoom session a short time ago with my local PA VAR and a SE with PA, I found a clue to a possible solution in the /home/userSpace/devices/debug.txt file: only part of that long booger of a pwd was being transmitted to the FW so of course(!) authentication is going to fail! As an aside, I find it curious that the pwd used is in clear text in the debug.txt file!</P> <P>&nbsp;</P> <P>After changing my FW admin pwd to something that _just_ meets the security requirements (8 long, one cap, 5 lower and 2 bangs), committing, signing out of everything, signing back into Expedition, adding my device and using the shorter admin pwd, the add succeeded and the 3 keys were populated!</P> Tue, 29 Nov 2022 22:36:34 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/522797#M4290 UNMPDgordon 2022-11-29T22:36:34Z https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528026#M4355 <P>I'm running into the same issue.&nbsp; PWD = 9 characters, upper case, lower case, number, special character #</P> <P>Any recommendations?</P> Fri, 20 Jan 2023 21:44:54 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528026#M4355 M.Anderson 2023-01-20T21:44:54Z https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528032#M4356 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/79377">@M.Anderson</a>&nbsp;Try to remove the special character and try again, if it's still not working, you can try create a new user account on the firewall and assign the API read permission.&nbsp;</P> Fri, 20 Jan 2023 22:32:32 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528032#M4356 lychiang 2023-01-20T22:32:32Z https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528380#M4361 <P>I did both.&nbsp; Added a new user account with API read permissions, as well as removing the special character.&nbsp; Thank you sir!</P> <P>&nbsp;</P> Tue, 24 Jan 2023 17:20:09 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/528380#M4361 M.Anderson 2023-01-24T17:20:09Z https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/573199#M4891 <P>any resolution to this? I've tried username/password, api login, removal of special characters, etc&nbsp;</P> Tue, 16 Jan 2024 15:35:23 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/573199#M4891 AnthonyPacheco 2024-01-16T15:35:23Z https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/573210#M4892 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/302615">@AnthonyPacheco</a>&nbsp;</P> <P>&nbsp;</P> <P>Try to execute the external command and later in Expedition create the device and add directly the created API_KEY</P> <DIV> <DIV class="code-btn-container">&nbsp;</DIV> </DIV> <P><LI-WRAPPER></LI-WRAPPER></P> <PRE class="pre codeblock " data-label="PRE CODEBLOCK">curl -H <SPAN class="hljs-string">"Content-Type: application/x-www-form-urlencoded"</SPAN> -X POST https://firewall/api/?<SPAN class="hljs-built_in">type</SPAN>=keygen <SPAN class="hljs-_">-d</SPAN> <SPAN class="hljs-string">'user=&lt;user&gt;&amp;password=&lt;password&gt;'</SPAN></PRE> <P>Reference article:&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/get-your-api-key" target="_blank">https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/get-your-api-key</A></P> <P>&nbsp;</P> <P>Hope this helps,</P> <P>&nbsp;</P> <P>David</P> <P>&nbsp;</P> Tue, 16 Jan 2024 17:05:33 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/add-device-authentication-failure/m-p/573210#M4892 dpuigdomenec 2024-01-16T17:05:33Z