Failed to check upgrade info due to generic communication error

Reply
Highlighted
L3 Networker

Failed to check upgrade info due to generic communication error

Hi all

 

since last night i get alot of erros from wildfire, antivirus updates, content updates...

All sheduled updates and even manual checks from the gui bring up errors.

No HA config.

Problem is on a 3020 and a old 500.

Ping and trace work to eu.wildfire.paloaltonetworks, wildfire.paloaltonetworks and updates.paloaltonetworks

DNS seems to be ok.

System Log shows 'Connection to Update server: updates.paloaltonetworks.com completed successfully, but searching for updates takes a long time and brings up the error again.

 

Anyone else with these problems?

My mailbox is spammed with warnings from wildfire (sheduled to all 15 min.).

TIA

 

Karsten


Accepted Solutions
Highlighted
Cyber Elite

WildFire is currently experiencing an issue providing updates through the CDN infrastructure and Palo Alto is currently monitoring a fix that was pushed at 0301 UTC that should address the issue. 

I'd recommend that everyone sign up for communications at https://status.paloaltonetworks.com if you haven't already so that you receive outage and maintenance notifications. 

View solution in original post


All Replies
Highlighted
L7 Applicator

Have you checked the URL filtering log? Had a similar issue with a customer that enabled "continue" action on a bunch of categories and was intercepting their own update connections

Tom Piens - PANgurus.com
Find my book at amazon.com/dp/1789956374
Highlighted
L1 Bithead

Hey Karsten,

 

We're experiencing the same issue as well, started happening last night same as you.

 

Checked Wildfire on our 5250 and it's all up to date as of 11 minutes ago (4pm), but it's still continue to spam our email inboxes with the same message "Failed to check upgrade info due to generic communication error". We temporarily turned off URL filtering and it's made no difference whatsoever.

 

If the issue continues to persist tomorrow I'm thinking about raising up a support case with Palo.

 

Thanks,

Scott

My name isn't Loveground though...
Highlighted
L1 Bithead

We have been seeing this intermittently across all our firewalls for the past month or so.  Occasionally, we see a lot more of these errors than normal and this past weekend was particularly bad.  We changed the update URL to one we found in another post and it doesn't seem like it makes a difference so we changed it back. This is affecting our 220, 820 and 3220 models (running 9.0.6)

 

My guess is that whatever update source Palo is using is either busy or having problems. It is definitely a transient issue and other than email/alert nags, we also seem to get an update at the next attempt. But the last few months have certainly been worse!  

Highlighted
L3 Networker

Hi

 

checked URL Filter. Was not enabled on the rule for PA Updates.

Turned it on now with action alert to get some URL logs.

Not better now.

Sometimes it works but still a lot errors.

 

The errors showed up in the last month. But only some.

Now i had them every 5 mins.

Since yesterday it´s a bit better and manual search also worked which did not before when i posted my request.

 

So it seems the problem is not on my or your site but on palo or their download storage (google cloudstorage?)

 Thanks so far for all your replies. Lets see if it gets better soon.

 

 

Highlighted
L1 Bithead

Ours is set to alert.  I can see it in the URL log and all looks good there. 

Highlighted
L3 Networker

@loveground Scott, would be cool if you open a case and let us now if there is something new.

 

TIA

Highlighted
L1 Bithead

Yeah I'm going to open up a case, see what comes through from it. Temporarily disabled the email alerts since it's literally been hammering our inboxes every 5mins.

My name isn't Loveground though...
Highlighted
L1 Bithead

Funnily enough, after raising a case and then re-enabling the email alerts on our firewall to test if the problem still persists, we are not getting spammed anymore.

 

So case has been closed.

My name isn't Loveground though...
Highlighted
L1 Bithead

I left the email notifications on, partly because I wanted to see how big of a problem it was going to be, and also so I had some good data for a support call.  I received one notification at 7:09am (Central) from one firewall and have received none since yesterday at 8:00p.  I am not sure if something changed on Palo's side, but I agree that the alerts have pretty much stopped in the last 12 hours or so. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!