commit is failing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

commit is failing

L4 Transporter

unable to commit please help in troubleshooting

PA version: 5.0.3

thanks

admin@PA# commit force

..........................

Management server failed to send phase 1 to client authd

Commit failed

[edit]

admin@PA# run tail mp-log authd.log

Jul 11 17:33:53 pan_authd_generate_system_log(pan_authd.c:914): CC Enabled=False

Jul 11 17:33:53 pan_get_system_cmd_output(pan_cfg_utils.c:4275): executing: /usr/local/bin/sdb -n -r cfg.operational-mode

Jul 11 17:35:28 cfgagent_flags_callback(pan_cfgagent.c:187): authd: cfg agent received flags from server

Jul 11 17:35:29 cfgagent_flags_callback(pan_cfgagent.c:191): new flags=0x0

Jul 11 17:35:29 cfgagent_config_callback(pan_cfgagent.c:212): authd: cfg agent received configuration from server

Jul 11 17:35:29 authd: cfg agent received configuration from server but previous config still in use

Jul 11 17:40:37 cfgagent_flags_callback(pan_cfgagent.c:187): authd: cfg agent received flags from server

Jul 11 17:40:37 cfgagent_flags_callback(pan_cfgagent.c:191): new flags=0x1000

Jul 11 17:40:37 cfgagent_config_callback(pan_cfgagent.c:212): authd: cfg agent received configuration from server

Jul 11 17:40:37 authd: cfg agent received configuration from server but previous config still in use

[edit]

admin@PA# run show management-clients

              Client PRI    State Progress

-------------------------------------------------------------------------

              routed  30 P1-abort        0

            ha_agent  25 P1-abort        0

              device  20 P1-abort        0

              ikemgr  10 P1-abort        0

              keymgr  10     init        0    (op cmds only)

             logrcvr  10 P1-abort        0

               dhcpd  10 P1-abort        0

             varrcvr  10 P1-abort        0

               l3svc  10 P1-abort        0

              sslvpn  10 P1-abort        0

              rasmgr  10 P1-abort        0

             useridd  10 P1-abort        0

                satd  10 P1-abort        0

             websrvr  10 P1-abort        0

              sslmgr  10 P1-abort        0

               authd  10 P1-abort        0   *

              pppoed  10 P1-abort        0

           dnsproxyd  10 P1-abort        0

             cryptod  10 P1-abort        0

              dagger  10     init        0    (op cmds only)

Overall status: P1-abort. Progress: 0

Warnings:

Errors:

authd: Management server failed to send phase 1 to client authd

[edit]

admin@PA#

1 accepted solution

Accepted Solutions

L3 Networker

Commit in general has two phases.

Phase 1: validation

Phase 2: pushing the config to each process

The change you made( adding an administrator) had failed since the authd was not validating the config.

To get more info on why the candidate config was not being accepted you can look into the authd logs during the time frame when the commit was pushed.

View solution in original post

5 REPLIES 5

L5 Sessionator

Hi Dorm,

What were the changes made?  can you print the output of the command,

> set cli config-ouput-format set

>show config diff

Also verify if there are any core files for authd

> show system files

Revert the changes back to the running config. Then delete any authentication profile configured on the PANFW, and then commit the changes, add the authentication profile back and then commit the changes. Ensure that you are not locked out, and have a local database account first to log into the box.

If this does not help, we would have to restart the authd from the root.

BR,

Karthik

well i alraedy try to reboot the machine and it doesnt go up

L3 Networker

When the commit is aborted at phase 1 by a process in this case authd it means the authd process does not like the config the management server is trying to push.

Please follow the authd.log during the commit to get more information on the which part of the config the authd process does not like.

Phase 1 is config validation ( ms confirms with other daemons that the config it is trying to push is valid from the peer daemon point of view )

after some time the machine was booted successfuly...

still dont know what was the problem

the only change i made was adding a new administrator

what are the phases a commit have till it finish?

L3 Networker

Commit in general has two phases.

Phase 1: validation

Phase 2: pushing the config to each process

The change you made( adding an administrator) had failed since the authd was not validating the config.

To get more info on why the candidate config was not being accepted you can look into the authd logs during the time frame when the commit was pushed.

  • 1 accepted solution
  • 5213 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!