Getting invalid candidate configuration error while changing master key

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Getting invalid candidate configuration error while changing master key

L1 Bithead

Hi,

 

I am in a task to change master key of a active standby pair.

I have followed all the instruction recommended by palo alto but while clicking "ok" after providing new key its getting invalid "candidate configuration.master key change aborted" error message.

If any one has any suggestions on this, please write.

1 accepted solution

Accepted Solutions

L1 Bithead

HI All

We have fixed the problem.

Action taken: All the configurations from template are over ridden after that the given master key has been accepted.

View solution in original post

3 REPLIES 3

L2 Linker

Hi,

 

first of all I wont recommend touching the master key and only if necessary. When prompted to enter the new key,

- how do you handle to the "current key" field?

- what do you enter to the rest of the fields?

 

I guess you can not go without either "reminder" or "auto key renewal". Has the master key changed before or is it default?

 

 

Kind regards,
René
// If you like my answer force commit it.

@nithinbabup,

Modifying the master key is fine, but I would recommend that this should be done with caution. The last thing that you want to do is let a master key expire because you didn't setup reminders or nobody else knows that it's something that's going to need to be looked after.

 

The first thing that I would check is that there isn't any other pending changes, the master key update will fail unless all pending changes have been cleared or committed to the firewall. 

L1 Bithead

HI All

We have fixed the problem.

Action taken: All the configurations from template are over ridden after that the given master key has been accepted.

  • 1 accepted solution
  • 3733 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!