Check software update failed

Reply
L3 Networker

Check software update failed

Hi all!

 

I have this problem: when i check new software updates, clicking "check now" button, this error appears: "Failed to check upgrade info due to generic communication error. Please check network connectivity and try again."

 

Doing a traceroute we see that after the 17th hops the trace stops, all the ping are unsuccesful

17  * paloaltonetit-5.border3.sje011.pnap.net (66.151.155.74)  163.015 ms *

18  * * *
19  * * *

[...]

30  * * *

 

DNS resolves name correctly (traceroute to updates.paloaltonetworks.com (199.167.52.141)), and as you can see the packet go on Internet.

Can someone please help me? Anyone saw this problem?

 

Regards,

Daniele Cantarelli

L6 Presenter

Re: Check software update failed

Hi,

 

How do you get to the updates.paloaltonetworks.com using mgmt interface or outside (Internet facing interface). 

 

Below KB on how to change service route option fro the device to use a different source ip while "talking" to the external recourses

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-a-Service-Route-for-Services-to-...

 

P.S ping and traceroute are disabled on the server, so don't worry 

L3 Networker

Re: Check software update failed

Hi,

This issue started after the last update of PanOS, it could be possible that the update changed some parameters?

 

Regards,

Daniele Cantarelli

L6 Presenter

Re: Check software update failed

Hi,

 

I don't think so. If it was working fine before please try to use"check now" for few times. l do have these messages from time to time in our lab device.

 

Thx,

Myky

L3 Networker

Re: Check software update failed

Hi Myky,

 

it's several days this error occours, and we continue to click on "check now" but nothing change.

Could it be a bug of PanOS? The version is 7.1.7.

 

Regards,

Daniele Cantarelli

L6 Presenter

Re: Check software update failed

Hi,

 

Do you get dynamic updates downloaded successfully (e.g AV, WildFire or threat prevention)? 

 

Thx,

Myky

Highlighted
kdd
L4 Transporter

Re: Check software update failed

do you see "check now"  at the log with the external interface and did you configure NAT as well?

not the external interface - then change the service route

no NAT and private IP - then used NAT with Public IP

still not working - please show the log entry and rule

L7 Applicator

Re: Check software update failed

Hello,

If your not blocking any of the update traffic, have you cheked to see if the licenses are still valid? Perhaps perform a refresh on them.

 

Device->Licenses-> Retrieve licenses from server

 

Also make sure you are not SSL decrypting that traffic.

 

Happened to me when we renewed support.

 

Regards,

 

L3 Networker

Re: Check software update failed

hi Myky,

 

i have the same problem with dynamic updates.

 

Regards,

Daniele

L6 Presenter

Re: Check software update failed

Hi,

 

Ok as people already mentioned here:

 

1) check the licenses 

2) change the service route to use your external IP to talk to the updates servers

 

service routes.PNG

Thx,

Myky

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!