Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

management-console not available via https after upgrade from 3.1.7 to 4.0.1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

management-console not available via https after upgrade from 3.1.7 to 4.0.1

L1 Bithead

Hello all,

after upgrading from PanOS 3.1.7 to 4.0.1 I can not access the management-console via https.

ping and ssh are still working.

Even after downgrading back to 3.1.7 and loading the saved configuration, I can not access the management-console via https.

disable-https is set to 'no'.

Can anybody help?

PS:

the webserver-logfiles contain the following lines:

error.log:

   default:1 main  Error: Can't define private key file: /opt/pancfg/etc/appweb/server.key.pem

l3svc-error.log:

   default:1 main  Error: Can't define private key file: /opt/pancfg/etc/appweb/server.key.pem

sslvpn-error.log:

   default:1 main  Error: Can't access DocumentRoot directory
   default:1 main  Error: Ignoring bad directive "DocumentRoot" at line 170 in /etc/appweb/sslvpn.conf

Nachricht geändert durch gratzadmin

5 REPLIES 5

L0 Member

Hi

Had the same problem,

Fromm the command prompt i.e putty

admin@PA-500> configure

Entering configuration mode

[edit]

admin@PA-500# set deviceconfig system service disable-http no

[edit]

admin@PA-500#

this will give you back the http access to the box and then just switch on https:

Andrew

Not applicable

I had similar issue after we enabled QoS.  Support had me disabled QoS until 4.0.2 becomes available.

L1 Bithead

we did a factory reset which solved the problem.

We have the same issue here after upgrading.

Could you specify what exaclty did you did to solve the problem.

Did you saved locally the config, did the factory reset and uploaded the config?

If I do these steps will the problem be back or not, after commiting the configuration?

If you're getting a SSL decrypt error, caused by a bug in 4.0.1,  this article should help:

https://live.paloaltonetworks.com/docs/DOC-1810

You should not experience the problem after this workaround. It occurs on the initial load of 4.0.1 and is fixed in 4.0.3, which is now available.  For other users planning upgrades, there is no need to do a full installation of 4.0.1.  As long as 4.0.1, which is the base image, is downloaded onto the PAN, 4.0.3 can be downloaded and installed, which will avoid the bug altogether.

  • 3761 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!