PA-3020 - Error: Threat database handler failed - Commit failed

cancel
Showing results for 
Search instead for 
Did you mean: 

PA-3020 - Error: Threat database handler failed - Commit failed

L0 Member

Hi,

Our Palo Alto has been rock solid for years, but last friday we realized we are unable to commit changes. 

 

We're pretty sure it started happening with the release of content package version 8462-6955. 

 

We hoped this was a one-off and the next upgrade would solve the issue. But all further upgrades have failed & we still can't commit changes. 

 

Has anyone else ran into this problem recently? It's looks like this is similar, but those links only mention it affecting older versions of the firewall software.

 

Thanks

 

dmetcalfe_0-1633077153050.png

 

 

dmetcalfe_2-1633077302969.png

dmetcalfe_3-1633077547586.png

 

 

 

 

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi @dmetcalfe ,

 

Such kind of issues are observed due to corrupt content update or database. Kindly refer below articles to follow steps to resolve such issues.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRSCA0 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTBCA0 

 

Hope it helps!

Sutare.M

@SutareMayur   Howdy.. and Welcome to the CyberElite Group!

 

I too, am CyberElite, and the articles you listed, I have tried, and found they are not success (for my customer).  Everyone's experience may be different.  A support case I had was that Auto Commit was failing, and when we tried to the Commit Force, the Threat Handler error came up.  We downloaded the most current version (because, yesterdays was bad??) and tried the commit force again, and still.

 

We have a TAC escalation case for this. 

 

In addition, I will PANW TAC would update these articles.  My customer has 10.x and the articles are for 6.x and 7.x..

Definitely, some improvement is needed.

Help the community: Like helpful comments and mark solutions

Cyber Elite
Cyber Elite

@dmetcalfe,

The workaround that @SutareMayur mentioned are steps that you should take as they can help clear this issue. If it doesn't work contact TAC and they'll have to use support credentials to actually access the filesystem and clear the cache so that you can actually load an updated release. The KB articles are older, but the steps haven't changed in subsequent releases. 

I would personally recommend that you set a threshold of at least 12 hours on your dynamic update schedule for application and threats. This ensures that you aren't loading new content updates unless they've actually been released for a bit which can help prevent bad content updates if you haven't already.

 

Lastly, update your software! Your PA-3020 is running 7.1.5 which went end of life on June 30th 2020. Unless you're running 8.1 you aren't getting new signatures app-id updates, and your version of 7.1 isn't even the last maintenance release within the 7.1 code branch. That's a severely outdated box.

Cyber Elite
Cyber Elite

Hi @SteveCantwell ,

Thanks for sharing your experience related to this. Yeah the everyone’s experience with this solution may be different. Actually the same solution had worked for me in the past on one of our environment.

And also totally agreed with @BPry  If it doesn’t work, then raise a case with TAC.

Sutare.M
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!