Panorama commit to PA4060 hangs at "commit" process 99%

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama commit to PA4060 hangs at "commit" process 99%

I support 10+ 4060's (Ver 5.0.15) and for several years had to deal with Panorama commits pushes to boxes increasingly taking longer and longer to complete (like 1-2 hrs). Workaround had been to script a daily login and running of the "debug software restart management-server" command on each FW. This seemed to basically work.
I've noticed though over last 6months-yr this has not been resolving the issues and often have had to perform a "request restart software" to get Panorama pushes to complete relatively quickly. Systems will either take forever for commit proccess to move from 0% to 100%, or often found , via "show jobs all", the process at 99%.  When this is going on often can't SSH to box and can only get access via console connection....& at times that doesn't work and system must be power-cycled.
I haven't gone down the Vendor case path yet..but likely will....But wanted 1st to see if community users have experienced this and had feedback.
Getting new boxes is not an option for quite a while.
Going to 6.X is also not an option on these boxes.
Looking for feedback.
Best way to determine what exactly is cause and what fix may be.
Issue occurring often enough now to impact needed flow of day-to-day operations occurring with these FW.

2 REPLIES 2

L3 Networker

There is no real fix, the problem is these 40xx series have 1GB management plane memory.

It is the same problem the PA500 faced, but for the PA500 is a memory upgrade kit available.

And "new" PA500 come with 2 GB standard.

 

The memory for the PA500 is standard  "pc" memory.

 

As mentioned before for the PA500 is a upgrade kit, for the 40xx series there is not.

but i know some people that upgraded a 4020 lab FW to 2GB with normal "pc" memory.

And it just works fine, but warrenty void en no support.

L7 Applicator

There may not be an easy fix as was just stated, but if you would like to see exactly what is "hanging" then I would suggest the following CLI command while you are performing a commit:

 

> show management-clients

Client PRI State Progress
-------------------------------------------------------------------------
routed 30  P1-ok 99
ha_agent 25 P1-ok 99
device 20  P1-sent 5
ikemgr 10  P1-ok 99
keymgr 10  init 0 (op cmds only)
logrcvr 10 P1-ok 99
dhcpd 10   P1-ok 99
varrcvr 10 P1-ok 99
l3svc 10   P1-ok 99
sslvpn 10  P1-ok 99
rasmgr 10  P1-ok 99
useridd 10 P1-sent 70
satd 10    P1-ok 99
websrvr 10 P1-ok 99
sslmgr 10  P1-ok 99
authd 10   P1-ok 99
pppoed 10  P1-ok 99
dnsproxyd 10 P1-ok 99
cryptod 10 P1-ok 99
dagger 10  init 0 (op cmds only)

 

Overall status: P1-sent. Progress: 0
Warnings:
Errors:

 

Sometimes there is a problem with just 1 service that can be causing the delay, sometimes not.  This also helps you make sure that the wheels are still turning. 

 

Just keep repeating the command via the CLI to check the status.

 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 2836 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!