Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-21-2024 11:51 PM
Hi everyone,
I have a customer who has configured the automatic upgrade of XDR Agent, when the new version is released, only a small number of Agents have completed the upgrade, a large number of Linux hosts have failed to upgrade, and the Last Upgrade Failure Reason shows "The installer has timed out.", I tried to find the reason for this prompt, but I couldn't find it, can someone provide an idea?
10-22-2024 02:50 AM - edited 10-22-2024 02:51 AM
Hi @yuyangab
Thank you for reaching out to the Live community!
There could be several reasons for this issue, and a thorough investigation of the tech support files is necessary to pinpoint the exact cause and solution.
Initial Steps to Consider:
Verify Bandwidth: Please check your bandwidth and upgrade settings as outlined in the Cortex XDR Administrator Guide (Refer to steps 3, 4, and 5).
Helpful Articles: You may find additional insights in this article: Palo Alto Knowledge Base.
Check System Failures: Look for any system failures from systemd. The error seen over trapsd—“Failed to reset failed state of unit xdr_upgrade.service: Connection timed out”—is documented here. A server reboot may resolve this issue.
If these steps do not resolve the problem or If the issue persists, please raise a ticket with TAC for a more thorough investigation, as this will require detailed technical support file analysis for a permanent fix.
If this response was helpful, please click "Accept as Solution" to acknowledge.
Best regards,
10-22-2024 09:14 AM
Thank you all for the suggestions. Just yesterday the TAC team resolved my issue. It took some time and effort, but finally, we resolved it. This is what I was instructed to do (in case someone runs into this issue and thinks this could help):
1. Open command prompt with admin privilege
2. From the command prompt, go to the Traps installation folder i.e. C:\Program Files\Palo Alto Networks\Traps
3. Run command: cytool runtime stop
4. Provide uninstallation password
5. Navigate to C:\ProgramData\Cyvera\
6. Back up and delete all the *.db files within the Persistence folder, but do not delete the Persistence folder itself. This is important. Note: In the end, I was directed to delete all the contents of this folder because they mentioned "files" with .db extensions, but in reality, they were folders, a couple of files with no extensions, and other folders with extensions .db.lru in there (again, just the contents, not the folder itself)
7. Navigate to C:\ProgramData\Cyvera\
8. delete the "wfcache.log" file (in my case this file didn't exist.)
9. Run command: cytool runtime start
10. Run the command: cytool reconnect force
11. Provide the uninstallation password ( if actual password doesn't work please use the default password)
12. Give it a few seconds and verify if it is able to connect and gets enabled
13. Now start the scan again
10-22-2024 09:17 AM
Sorry, for some reason my post went to the wrong place!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
