Issue: Unable to add devices "error generating the api key"

Highlighted
L2 Linker

Issue: Unable to add devices "error generating the api key"

Migration Tool Version: 3.3.15

Panorama version: 8.0.9 (VM)

PAN 850 version: 8.0.9

 

I previously had the Panorama added successfully, but it was unable to "retrieve logs" for app-id via the connector.

 

I can now no longer add the Panorama, or a firewall to the migration tool. When I try to add the device I get the error "error generating the api key".

 

I can generate the key successfully from the web ui (https://panorama/api/?.........) using the same credentials

 

If I look at the authd.log file there is nothing logged when the migration tool supposedly requests to generate the API key.

 

The password is factory default, so no special characters.

 

I have tried restarting the MT.

 

Does anyone have any ideas on what could be causing this?

 

Thanks!

Shannon

L7 Applicator

Re: Issue: Unable to add devices "error generating the api key"

Hi, Are you sure the VM can reach your Panorama? Can you ping it from the cli? Is the IP address allowed to connect via HTTPS to your panorama?

L2 Linker

Re: Issue: Unable to add devices "error generating the api key"

Hey,

 

Thanks but connectivity is not an issue - they are on the same subnet. Also re: I previously had the Panorama added successfully.

 

Cheers,

Shannon

L2 Linker

Re: Issue: Unable to add devices "error generating the api key"

Turns out this is due to the SSL Service Profile assigned to the management interface. Guess it makes sense as the cert used won't be natively trusted by the MT.

 

I wonder how it works with the out-of-the-box PAN self-signed cert.

L7 Applicator

Re: Issue: Unable to add devices "error generating the api key"

It can be the cypher used on the cert its unsupported on MT3.3

L1 Bithead

Re: Issue: Unable to add devices "error generating the api key"

Removing the SSL Service Profile does not fix for me. What is the issue?

L4 Transporter

Re: Issue: Unable to add devices "error generating the api key"

Are you using the Migration Tool 3? Are you sure you have the right credentials to access the Management interface of the device and that the provided IP is correct and reacheable from your Migration Tool?

L1 Bithead

Re: Issue: Unable to add devices "error generating the api key"

I am using the tool 3.3.15. The tool can ping the management interface of the firewall. I have a right credential to access the device.

 

 

L7 Applicator

Re: Issue: Unable to add devices "error generating the api key"

Have you tried Expedition? We stopped support for Migration Tool 3.X year ago....  You can export as XML and use load config partial to be more selective at the time to load parts only of the configuration 

L1 Bithead

Re: Issue: Unable to add devices "error generating the api key"

I have not tried Expedition. But the issue is fixed after changing the tool to be in a different VLAN. The tool was in the management VLAN that firewalls are.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!