Panorama Commit Fail With Error: Duplicate User Name
29852
Created On 09/25/18 19:45 PM - Last Modified 06/08/23 07:11 AM
Resolution
Issue
A security rule on Panorama contains a list of source users. When a Panorama commit is performed to push a configuration with this rule, the operation fails with "Duplicate user name". The following is an example of the error:
VSYS1
Error: Duplicate user name 'CORPORATE_NT\prasad.bathula'
Error: Failed to parse security policy
(Module: device)
Commit failed
Cause
The managed Palo Alto Networks firewall failed to process the rule, because the list of source users was edited from Panorama.
Resolution
To resolve the issue, remove the security rule pushed by Panorama on the managed firewall, edit the rule in Panorama, and then perform a Panorama commit again to push the updated configuration:
- Disable the security policy on Panorama which, for this example, contains 'CORPORATE_NT\prasad.bathula' in its source user column
- Push the configuration from Panorama onto the managed firewall. The commit on the firewall should succeed.
- On the managed firewall itself, the same security rule should no longer exist.
- Enable the security policy back on Panorama.
- Commit locally on Panorama and then push the configuration onto the managed firewall.
owner: kadak