- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Failed to fetch ingest/query FQDN for customer (curl failed)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-14-2019 02:19 AM - edited 10-14-2019 02:21 AM
Hi Team,
I'm trying to onboard one of our firewals to the Cortex Data Lake. It has the logging service license and when I put in the onboarding PSK and click status, I get:
Failed to fetch ingest/query FQDN for customer (curl failed)
I've tried
- Giving the firewall an NTP server
- Removing and re-adding the license
- Manually fetching the certificate (it fails)
> request logging-service-forwarding certificate fetch
Successfully scheduled logging service certificate fetch job with a job id of 2132
> show jobs id 2132
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2019/10/14 10:18:24 10:18:24 2132 LCaaS-certificate-fetch FIN FAIL 100 %
Warnings:
Details:
- Manually fetching the customer info (it fails)
> request logging-service-forwarding customerinfo fetch
Successfully fetch Logging Service region info
> request logging-service-forwarding customerinfo show
Server error : Unable to read the LCaaS customer information. Please re-fetch region info
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-11-2019 06:26 AM
@LukeBullimore: Yes, TAC case already closed. If you are not on 9.0.4 or 8.1.13 (not available yet), you need to contact TAC to set the tenant-id for cortex/logging service.
Problem is fixed in the versions mentioned above - no workarounds available, so TAC creates root access to device and edits local files on each firewall
Chacko
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-01-2019 07:27 AM
Hi - I'm experiencing exactly the same error and opened a TAC case for this.
Do you got any feedback on your situation?
Chacko
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-05-2019 04:41 PM
Same here.. Guess I'll be opening one as well.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-11-2019 06:23 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-11-2019 06:26 AM
@LukeBullimore: Yes, TAC case already closed. If you are not on 9.0.4 or 8.1.13 (not available yet), you need to contact TAC to set the tenant-id for cortex/logging service.
Problem is fixed in the versions mentioned above - no workarounds available, so TAC creates root access to device and edits local files on each firewall
Chacko
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-11-2019 07:04 AM
Yep, did that on Friday. Easy fix for TAC with root.
[root@XXXXXXXXX ~]# sdb -i cfg.saas.custid
cfg.saas.custid: string (10 bytes)
[root@XXXXXXXXX ~]# sdb cfg.saas.custid=None
cfg.saas.custid: None
[root@XXXXXXXXX ~]# sdb cfg.saas.custid=123456789
cfg.saas.custid: 123456789
[root@XXXXXXXXX ~]# sdb -i cfg.saas.custid
cfg.saas.custid: int (len 4)
re-license FW's from Panorama
Finally, on each fw:
request logging-service-forwarding certificate delete
request logging-service-forwarding certificate fetch
- client certificate authentication fails even though machine has certificate. in General Topics
- GP 5.2.5 Error authentication check failed in General Topics
- Export/Import a custom Compliance Standard from one tenant to another in Prisma Cloud Discussions
- panos 10.0.5 can't commit firewall changes in General Topics
- Install Apps,Threat fail in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
