Updating Cortex Agent 7.2 fails

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Updating Cortex Agent 7.2 fails

L1 Bithead

Good morning,

 

I'm running into issues trying to update the cortex agent on some of our physical machines running Win 10. 

I'm very new to Cortex so I apologize if there's issues with my explanation of what I'm having issues with.

 

Inside my endpoint administration we have broken our users into groups: VDI, physical and even further with Windows, Mac, and Linux systems.

I wanted to push the 7.2 agent to just the physical Win 10 machines.

My first test was I selected a small group to push the update to, out of the 7 machines 5 failed and 2 finished successfully,

I reran the 5 that failed and they all failed again, I proceeded to select 1 machine at a time and was able to successfully push the update, I'm not sure what was causing the issue. 

I have since tried to push the update to the remaining physical Win 10 machines ranging from all at once the first try (All failed) to individual machines, and none have been able to update. 

The agents version we are currently running are: 7.0.2.42857 & 7.1.2.56067, with a few that are running the newest 7.2.0.63060.

I want to know why these are failing, would the logs be on the physical machine or is there somewhere in the Cortex XDR dashboard I can see logs, I have looked and found nothing. 

I would prefer to just push the update to all the machines at once, since there is quite a few of them. 

Any help would be appreciated or to point me in the right direction.

Thanks.

1 accepted solution

Accepted Solutions

Dfalcon,

 

Thanks for replying.

 

I did create the install package prior, and the machines are showing as connected.

The failure message was being received roughly 5-10 minutes after kicking it off.

 

So after reviewing the logs the client side was resetting the connection which was causing the install to fail, but it happened intermittently. So a machine could fail and I could push it back to the same machine and succeed. I would look at the logs and you could see the machine reset the connection the first time and then would allow it. 

 

I was able to successfully update all of our physical machines (windows and mac) so it's on to our VM machines :).


Again thanks for the reply but this issue has been resolved. 

View solution in original post

2 REPLIES 2

L4 Transporter

Hi @DJohnson84-

 

I'm assuming you created the install package prior to initiating the upgrade request.  Second, I'm assuming the machines show online.  

 

How fast is the failure message returning?  Is it instantaneous or does it take a few minutes?  I'm trying to determine if the issue is originating from client side or server side.


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Dfalcon,

 

Thanks for replying.

 

I did create the install package prior, and the machines are showing as connected.

The failure message was being received roughly 5-10 minutes after kicking it off.

 

So after reviewing the logs the client side was resetting the connection which was causing the install to fail, but it happened intermittently. So a machine could fail and I could push it back to the same machine and succeed. I would look at the logs and you could see the machine reset the connection the first time and then would allow it. 

 

I was able to successfully update all of our physical machines (windows and mac) so it's on to our VM machines :).


Again thanks for the reply but this issue has been resolved. 

  • 1 accepted solution
  • 6568 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!