04-28-2026 09:42 PM
hello experts,
my bvm has attacked to an old tenant, however, the old one has expired, is it possible to remove this from CLI through ssh to bvm?
Thanks,
Sdg
04-28-2026 10:20 PM
Just try to unregister using the below command and let me know:
#sudo /opt/traps/bin/cytool unregister
04-28-2026 11:56 PM
thanks for your prompt reply,
when running cytool and prompt for admin password,
tried with the brokervm login password but failed.
any ideas what is this password?
04-29-2026 12:17 AM
I bet the admin pwd is not disclosed ?
Also, tried to run cytool from " /home/admin/sbin/cytool", it showed XDR Agent not installed.
04-29-2026 12:58 AM
This error message may be misleading please try below steps:-
1) There should be automatic unregister of BVM to understand the cause please check below
Login to the Broker VM via SSH or the local console and check the synchronization logs to see why the automatic timeout has not occurred. Run the following command:
tail -n 100 /data/logs/cloud_sync.log
Look for entries mentioning "HTTPUnauthorizedError" (401) or other status codes like 503. If you see 503 errors, your network security devices may be blocking the "Unauthorized" response required for the VM to unregister itself.
2) Manual unregistration (v28+ ONLY) :- Please try running the following command:
sudo /opt/panw/zenith/bin/cytool unregister
NOTE: If you are prompted for a sudo password and the admin password does not work, please try the default console password: !nitialPassw0rd
3) Reset Web UI:-
If the Web UI remains unresponsive, you can attempt to reset the administrative password via the CLI:
sudo /home/admin/sbin/setuipassword.sh
Follow the prompts to set a new password, then attempt to access the UI at:
https://[BROKERVMIP]:4443
4) FINAL RESOLUTION: REDEPLOYMENT
If the commands above are unavailable (likely due to an older software version) or fail to clear the registration, the only definitive solution for a Broker VM tied to a decommissioned tenant is a fresh redeployment:
Delete the current Broker VM instance from your hypervisor.
Download a new Broker VM image (OVA/ISO) from your NEW Cortex XDR tenant.
Deploy the new instance and apply a freshly generated registration token.
04-29-2026 02:50 AM
Thanks for your reply.
1. My BVM can connect to internet successfully, so there is no error of 401, 503, My BVM been registered to a tenant just happened to be expired and we did not unregister beforehand.
2. Both not working, nor my password and the default password: !nitialPassw0rd. The only password that I have configured is the password to login to WebUI, I bet it's not the admin of the OS,
3. The web ui is working perfectly fine with my password, however, the sudo /home/admin/sbin/setuipassword.sh mentioned here, required admin password which I do not have.
4. I guess this is the last and only resort, when the tenant is expired, previous registered BVM, no other way to unregister manually.
04-29-2026 07:01 AM
If none of the steps work then only Step-4 is left
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
