unable to commit please help in troubleshooting
PA version: 5.0.3
admin@PA# commit force
Management server failed to send phase 1 to client authd
admin@PA# run tail mp-log authd.log
Jul 11 17:33:53 pan_authd_generate_system_log(pan_authd.c:914): CC Enabled=False
Jul 11 17:33:53 pan_get_system_cmd_output(pan_cfg_utils.c:4275): executing: /usr/local/bin/sdb -n -r cfg.operational-mode
Jul 11 17:35:28 cfgagent_flags_callback(pan_cfgagent.c:187): authd: cfg agent received flags from server
Jul 11 17:35:29 cfgagent_flags_callback(pan_cfgagent.c:191): new flags=0x0
Jul 11 17:35:29 cfgagent_config_callback(pan_cfgagent.c:212): authd: cfg agent received configuration from server
Jul 11 17:35:29 authd: cfg agent received configuration from server but previous config still in use
Jul 11 17:40:37 cfgagent_flags_callback(pan_cfgagent.c:187): authd: cfg agent received flags from server
Jul 11 17:40:37 cfgagent_flags_callback(pan_cfgagent.c:191): new flags=0x1000
Jul 11 17:40:37 cfgagent_config_callback(pan_cfgagent.c:212): authd: cfg agent received configuration from server
Jul 11 17:40:37 authd: cfg agent received configuration from server but previous config still in use
admin@PA# run show management-clients
Client PRI State Progress
routed 30 P1-abort 0
ha_agent 25 P1-abort 0
device 20 P1-abort 0
ikemgr 10 P1-abort 0
keymgr 10 init 0 (op cmds only)
logrcvr 10 P1-abort 0
dhcpd 10 P1-abort 0
varrcvr 10 P1-abort 0
l3svc 10 P1-abort 0
sslvpn 10 P1-abort 0
rasmgr 10 P1-abort 0
useridd 10 P1-abort 0
satd 10 P1-abort 0
websrvr 10 P1-abort 0
sslmgr 10 P1-abort 0
authd 10 P1-abort 0 *
pppoed 10 P1-abort 0
dnsproxyd 10 P1-abort 0
cryptod 10 P1-abort 0
dagger 10 init 0 (op cmds only)
Overall status: P1-abort. Progress: 0
authd: Management server failed to send phase 1 to client authd
Solved! Go to Solution.
What were the changes made? can you print the output of the command,
> set cli config-ouput-format set
>show config diff
Also verify if there are any core files for authd
> show system files
Revert the changes back to the running config. Then delete any authentication profile configured on the PANFW, and then commit the changes, add the authentication profile back and then commit the changes. Ensure that you are not locked out, and have a local database account first to log into the box.
If this does not help, we would have to restart the authd from the root.
When the commit is aborted at phase 1 by a process in this case authd it means the authd process does not like the config the management server is trying to push.
Please follow the authd.log during the commit to get more information on the which part of the config the authd process does not like.
Phase 1 is config validation ( ms confirms with other daemons that the config it is trying to push is valid from the peer daemon point of view )
after some time the machine was booted successfuly...
still dont know what was the problem
the only change i made was adding a new administrator
what are the phases a commit have till it finish?
Commit in general has two phases.
Phase 1: validation
Phase 2: pushing the config to each process
The change you made( adding an administrator) had failed since the authd was not validating the config.
To get more info on why the candidate config was not being accepted you can look into the authd logs during the time frame when the commit was pushed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!