management-console not available via https after upgrade from 3.1.7 to 4.0.1

Reply
Highlighted
L1 Bithead

management-console not available via https after upgrade from 3.1.7 to 4.0.1

Hello all,

after upgrading from PanOS 3.1.7 to 4.0.1 I can not access the management-console via https.

ping and ssh are still working.

Even after downgrading back to 3.1.7 and loading the saved configuration, I can not access the management-console via https.

disable-https is set to 'no'.

Can anybody help?

PS:

the webserver-logfiles contain the following lines:

error.log:

   default:1 main  Error: Can't define private key file: /opt/pancfg/etc/appweb/server.key.pem

l3svc-error.log:

   default:1 main  Error: Can't define private key file: /opt/pancfg/etc/appweb/server.key.pem

sslvpn-error.log:

   default:1 main  Error: Can't access DocumentRoot directory
   default:1 main  Error: Ignoring bad directive "DocumentRoot" at line 170 in /etc/appweb/sslvpn.conf

Nachricht geändert durch gratzadmin

Highlighted
L0 Member

Re: management-console not available via https after upgrade from 3.1.7 to 4.0.1

Hi

Had the same problem,

Fromm the command prompt i.e putty

admin@PA-500> configure

Entering configuration mode

[edit]

admin@PA-500# set deviceconfig system service disable-http no

[edit]

admin@PA-500#

this will give you back the http access to the box and then just switch on https:

Andrew

Highlighted
Not applicable

Re: management-console not available via https after upgrade from 3.1.7 to 4.0.1

I had similar issue after we enabled QoS.  Support had me disabled QoS until 4.0.2 becomes available.

L1 Bithead

Re: management-console not available via https after upgrade from 3.1.7 to 4.0.1

we did a factory reset which solved the problem.

Highlighted
L1 Bithead

Re: management-console not available via https after upgrade from 3.1.7 to 4.0.1

We have the same issue here after upgrading.

Could you specify what exaclty did you did to solve the problem.

Did you saved locally the config, did the factory reset and uploaded the config?

If I do these steps will the problem be back or not, after commiting the configuration?

Highlighted
L5 Sessionator

Re: management-console not available via https after upgrade from 3.1.7 to 4.0.1

If you're getting a SSL decrypt error, caused by a bug in 4.0.1,  this article should help:

https://live.paloaltonetworks.com/docs/DOC-1810

You should not experience the problem after this workaround. It occurs on the initial load of 4.0.1 and is fixed in 4.0.3, which is now available.  For other users planning upgrades, there is no need to do a full installation of 4.0.1.  As long as 4.0.1, which is the base image, is downloaded onto the PAN, 4.0.3 can be downloaded and installed, which will avoid the bug altogether.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!