Getting invalid candidate configuration error while changing master key


ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

L0 Member

Getting invalid candidate configuration error while changing master key



I am in a task to change master key of a active standby pair.

I have followed all the instruction recommended by palo alto but while clicking "ok" after providing new key its getting invalid "candidate configuration.master key change aborted" error message.

If any one has any suggestions on this, please write.

L2 Linker



first of all I wont recommend touching the master key and only if necessary. When prompted to enter the new key,

- how do you handle to the "current key" field?

- what do you enter to the rest of the fields?


I guess you can not go without either "reminder" or "auto key renewal". Has the master key changed before or is it default?



Kind regards,
// If you like my answer force commit it.
Cyber Elite


Modifying the master key is fine, but I would recommend that this should be done with caution. The last thing that you want to do is let a master key expire because you didn't setup reminders or nobody else knows that it's something that's going to need to be looked after.


The first thing that I would check is that there isn't any other pending changes, the master key update will fail unless all pending changes have been cleared or committed to the firewall. 

L0 Member

HI All

We have fixed the problem.

Action taken: All the configurations from template are over ridden after that the given master key has been accepted.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!