Failed to fetch ingest/query FQDN for customer (curl failed)

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L5 Sessionator

Failed to fetch ingest/query FQDN for customer (curl failed)

Hi Team,

 

I'm trying to onboard one of our firewals to the Cortex Data Lake. It has the logging service license and when I put in the onboarding PSK and click status, I get:

 

Failed to fetch ingest/query FQDN for customer (curl failed)

 

I've tried

 

- Giving the firewall an NTP server

- Removing and re-adding the license

- Manually fetching the certificate (it fails)

 

> request logging-service-forwarding certificate fetch

Successfully scheduled logging service certificate fetch job with a job id of 2132

> show jobs id 2132

Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2019/10/14 10:18:24 10:18:24 2132 LCaaS-certificate-fetch FIN FAIL 100 %
Warnings:
Details:

 

- Manually fetching the customer info (it fails)

 

> request logging-service-forwarding customerinfo fetch

Successfully fetch Logging Service region info

 

> request logging-service-forwarding customerinfo show

Server error : Unable to read the LCaaS customer information. Please re-fetch region info


Accepted Solutions
Highlighted
L4 Transporter

@LukeBullimore: Yes, TAC case already closed. If you are not on 9.0.4 or 8.1.13 (not available yet), you need to contact TAC to set the tenant-id for cortex/logging service.

Problem is fixed in the versions mentioned above - no workarounds available, so TAC creates root access to device and edits local files on each firewall

Best Regards
Chacko

View solution in original post


All Replies
Highlighted
L4 Transporter

Hi - I'm experiencing exactly the same error and opened a TAC case for this.

Do you got any feedback on your situation?

Best Regards
Chacko
Highlighted
L0 Member

Same here.. Guess I'll be opening one as well.

Highlighted
L5 Sessionator

@cdowdy @Chacko42 

 

Did you both get anything useful from your TAC case? This is still a problem for us and its fallen off my radar up until now.

 

Cheers,

Luke.

Highlighted
L4 Transporter

@LukeBullimore: Yes, TAC case already closed. If you are not on 9.0.4 or 8.1.13 (not available yet), you need to contact TAC to set the tenant-id for cortex/logging service.

Problem is fixed in the versions mentioned above - no workarounds available, so TAC creates root access to device and edits local files on each firewall

Best Regards
Chacko

View solution in original post

Highlighted
L0 Member

Yep, did that on Friday. Easy fix for TAC with root.  

 

[root@XXXXXXXXX ~]# sdb -i cfg.saas.custid
cfg.saas.custid: string (10 bytes)
[root@XXXXXXXXX ~]# sdb cfg.saas.custid=None
cfg.saas.custid: None
[root@XXXXXXXXX ~]# sdb cfg.saas.custid=123456789
cfg.saas.custid: 123456789
[root@XXXXXXXXX ~]# sdb -i cfg.saas.custid
cfg.saas.custid: int (len 4)

 

re-license FW's from Panorama

 

Finally, on each fw:

request logging-service-forwarding certificate delete

request logging-service-forwarding certificate fetch

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!