Here's my situation:
We were planning a new firewall installation, but that got some major delays after the start of the pandemic. Now I've noticed that we no longer have a support contract for our PA-5050 cluster (no doubt not renewed because we expected the new installation to be online by now). I wouldn't be too concerned, since we could probably hold out until the new installation is completed, except we now have an issue making commits, which only appeared in the last few days.
The commit error is "Threat database handler failed". I'm aware of the KB articles relating to this error from a few years ago, but those fixes don't work. (See below.) Now, I'm not sure if this is related, but, a long time ago, there was an evaluation of AV and WF, and afterward the expired eval licenses were not removed. (I believe there was an issue removing them, but it wasn't causing any problems, so...) Since we actually are not using the AV, we shouldn't even need the threat database, correct? So can we disable this feature in some way so that we do not get the related error? (We still have the "Threat Version" status appearing on the dashboard, so I know something regarding this is still active.)
Oddly, a coworker did not have a problem making a commit a week ago, and I'm not sure what may have changed.
This is the error I get when I try to install uploaded definitions (following those KB articles), which I assume is because of the license:
Command /usr/local/bin/masterd_batch -s -p 10 content_install /usr/local/bin/paninstaller.sh -r -tcontent -f/opt/pancfg/mgmt/content-images/panup-all-antivirus-3859-4370 -d/opt/pancfg/mgmt/content-images -o/opt/pancfg/mgmt/updates/curcontent -n/opt/pancfg/mgmt/updates/newcontent return failure
Finally, these are running 7.1.18. I realize that's a bit old... No doubt they would have been updated at some point in the last year if it weren't for the pandemic. Of course now upgrading is not an option.
So your in a bit of a pickle and because you don't have support correcting it is a bit of an issue. The database handler error is thrown due to database corruption, which you can attempt to fix through manually installing a new threat update under normal conditions. Since you don't have an active threat subscription that isn't going to be an option to try as you've already encountered.
The next step would usually be to contact TAC so they can actually login with support credentials and clear the database manually, but that obviously isn't going to work without an active support contract. That kind of leaves two options that aren't ideal. You could issue a SWM revert if that's an option to you, but the past partition would likely be severely out of date if you're still running 7.1.18 so you'd want to backup your current config. If that doesn't work, you're really left with a factory reset.
What I would recommend doing is reaching out to your account manager or SE to see if they couldn't possibly issue you a temporary subscription again so that you can attempt to fix the issue by installing an update. That's going to be your most straightforward solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!