(module: device) commit failed

cancel
Showing results for 
Search instead for 
Did you mean: 

(module: device) commit failed

L4 Transporter

We have firewalls in HA which have 2 virtual systems. On commit and push to policy and objects to vsys1 is failing with below error message. I can't figure out what is causing this.

 

image.png

1 ACCEPTED SOLUTION

Accepted Solutions

@raji_toor does commit only to panorama work or does it fail there already? You could also check the config logs for the changes between the last working commit and this failing one - there probably is something which lead to this error. I think once had a problem like this one where a service object was created and in the port field there was a space character. Panorama accepted this object but pushing it to the firewall lead to a commit error.

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

@raji_toor 

 

As per above error seems it is failing due to duplicate certificate.

Please check below logs to known exact reason for commit failure

 

less mp-log ms.log

If above does not show enough info please check below logs

less mp-log devsrv.log

 

Regards

 

MP

@MP18  From both logs I see below and i don't see a clear reason in either.

Also the certificate warnings are not new, and commit issue only happens with device-groups and not template

 

2021-05-28 23:29:00.736 -0700 client device reported error: Warning: vsys1 decryption: forward decrypt untrust cert is not configured, forward decrypt trust cert will be used instead.
(Module: device)
2021-05-28 23:29:00.737 -0700 client device reported Phase 1 FAILED
2021-05-28 23:29:00.737 -0700 Error: pan_mgmt_client_table_do_commit(pan_cfg_commit_jobs.c:3943): phase 1 failed
2021-05-28 23:29:00.738 -0700 client routed reported error: config commit phase 1 aborted(Module: routed)
2021-05-28 23:29:00.738 -0700 Error: _pan_mgmt_client_errors_callback(pan_cfg_commit_jobs.c:827): but there was no outstanding Phase 0/Phase 1/Phase 2. Ignoring - verify: 0
2021-05-28 23:29:00.739 -0700 client ikemgr reported error: panike_daemon phase 1 aborted(Module: ikemgr)
2021-05-28 23:29:00.739 -0700 Error: _pan_mgmt_client_errors_callback(pan_cfg_commit_jobs.c:827): but there was no outstanding Phase 0/Phase 1/Phase 2. Ignoring - verify: 0

2021-05-28 23:29:00.743 -0700 Error: _pan_mgmt_client_errors_callback(pan_cfg_commit_jobs.c:827): but there was no outstanding Phase 0/Phase 1/Phase 2. Ignoring - verify: 0
2021-05-28 23:29:00.744 -0700 Error: pan_cfg_commit_to_local_device(pan_cfg_commit_handler.c:3497): Commit failed


2021-05-28 23:46:17.699 -0700 Config commit for devsrvr only commit
2021-05-28 23:46:17.699 -0700 pan_config_commit is called
2021-05-28 23:46:18.275 -0700 commit config takes 1 sec
2021-05-28 23:46:18.275 -0700 Last committed config saved
2021-05-28 23:46:18.276 -0700 Config commit for devsrvr only commit done
2021-05-28 23:50:15.639 -0700 Config commit phase1 started
2021-05-28 23:50:15.639 -0700 Config commit phase1 try parsing without cfgbuf
2021-05-28 23:50:15.639 -0700 Get tdb_only from last committed config
2021-05-28 23:50:15.639 -0700 Get virus from last committed config
2021-05-28 23:50:15.639 -0700 Get wpc from last committed config
2021-05-28 23:50:15.639 -0700 Get raven from last committed config
2021-05-28 23:50:15.683 -0700 Get custom from last committed config
2021-05-28 23:50:16.921 -0700 Config commit phase1 done
2021-05-28 23:50:16.921 -0700 Config commit for devsrvr only commit
2021-05-28 23:50:16.921 -0700 pan_config_commit is called
2021-05-28 23:50:17.950 -0700 commit config takes 1 sec
2021-05-28 23:50:17.950 -0700 Last committed config saved
2021-05-28 23:50:17.951 -0700 Config commit for devsrvr only commit done
2021-05-28 23:50:22.174 -0700 Config commit phase1 started
2021-05-28 23:50:22.174 -0700 Config commit phase1 try parsing without cfgbuf
2021-05-28 23:50:22.174 -0700 Get tdb_only from last committed config
2021-05-28 23:50:22.174 -0700 Get virus from last committed config
2021-05-28 23:50:22.174 -0700 Get wpc from last committed config
2021-05-28 23:50:22.174 -0700 Get raven from last committed config
2021-05-28 23:50:22.190 -0700 Get wildfire from last committed config
2021-05-28 23:50:22.191 -0700 Get custom from last committed config
2021-05-28 23:50:22.599 -0700 Config commit phase1 done
2021-05-28 23:50:22.599 -0700 Config commit for devsrvr only commit
2021-05-28 23:50:22.599 -0700 pan_config_commit is called
2021-05-28 23:50:23.026 -0700 commit config takes 1 sec
2021-05-28 23:50:23.026 -0700 Last committed config saved
2021-05-28 23:50:23.027 -0700 Config commit for devsrvr only commit done

@raji_toor does commit only to panorama work or does it fail there already? You could also check the config logs for the changes between the last working commit and this failing one - there probably is something which lead to this error. I think once had a problem like this one where a service object was created and in the port field there was a space character. Panorama accepted this object but pushing it to the firewall lead to a commit error.

View solution in original post

@vsys_remo  It seems to be special character, Panorama is accepting but firewall doesnot. But atleast I cannot see in the GUI anything suspicious for what was typed. I disabled the last NAT policy I was working on and it working now. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!