Add a new Key and assign a Role - Remote Exception Error

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Add a new Key and assign a Role - Remote Exception Error

L2 Linker

Following the instructions from the Expedition AdminGuide below, but I keep receiving a Remote Exception Error when I click the Add button.  Any idea what I am doing wrong?    


e) The Edit Device window now is displayed. From the Configuration Tab let’s add our credentials to connect to the firewall and Expedition will request to the firewall to generate a new API key. notice the generated API Key will be valid as long as the user don’t change the password from the firewall.

• Click on the plus icon to add a new API Keys

• Auth. Type: How we want to authenticate against he firewalls, we can choose to provide username and password and let Expedition request the API key to your firewall or in case you already have the API key choose API KEY and paste your key in the text field

In this example we are going to use Username and Password and provide them

• Role and Apply all Roles: When you add a new API Key this can be attached to a Role inside Expedition, that means when you have a user from Expedition with Role admin inside one Project and that user tries to push changes using API Keys Expedition will use the API Key based on the user’s Role in this example admin. If you didn’t add an API key to the admin role that user will be unable to send any API Call out. For small environments where you will have only one user and it will be admin there is no need to check the Apply all Roles and keep that key only attached to the admin Role.

• Click on the Add blue button to generate the Keys.



L2 Linker

Never mind.  I figured out the issue.  Was behind a firewall and did not realize Expedition was trying to contact the firewalls to create the API key.  Update the firewall rules and it is all fixed now.  

Didn't the remore expection error state the reason for the issue?

I have same issue but no Firewall in middle. Getting error

"Unexpected content in server response. Revise you are connecting to a Palo Alto Networks Device"...have tried to add another admin/SuperUser role but to no avail...?

@fspratford Couple things to check:

1. Make sure you upgraded your expedition to the latest version v1.2.49

2. Verify connectivity between expedition and the palo alto networks panorama or firewall , tcp port 443 needs to be allowed , make sure if you have permitted host configured on the management interface, expedition ip is one of the allowed host.

3. Make sure the account you use has API read permission assigned to the role. 

this is most certainly a bug. I managed to work around it though.

Go to your firewall api page "https://<FW MGMT IP ADDRESS>/restapi-doc/#tag/key-generation/paths/~1api~1?type=keygen/get
Use postman (or any other api tool) to generate the API key for ADMIN user. and copy the API key that's returned.
switch to the expedition and when trying to add "Authentication API Keys" - switch the "Auth. Type:" from "username and password" to "API KEY"
Paste the API key here.

  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!