Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PAN-OS 4.0 error message

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN-OS 4.0 error message

L0 Member

Hello

Yesterday I've upgraded a PA-2050 from 3.1.7 to 4.0.0.

Now I can't commit the config.

This error message pops up :

OperationCommit
StatusFailed
Detailsshared -> ssl-decrypt  is a duplicate node

Frankly I'm a noob in panOS administration.

I feel it is a certificate problem and despite I've found ssl-decrypt word in the xml configuration file, I don't know how to look further.

Help, I need help !

😉

Thanks

Regards

Philippe

7 REPLIES 7

L4 Transporter

I actually got the same error in my Panorama server trying to make a change to the authentication profiles.

L4 Transporter

Found the problem.

The self-signed cert I use for Panorama management expired in Dec 2010.

L6 Presenter

After the upgrade the device will reboot and then perform an auto-commit.

Did the auto-commit succeed? You can check this on the comand line by using the following command:

'show jobs all'

Check the status column for the AutoCommit job. It should show "FIN". If it shows "Pending" or "Failed" then please open a case with Tech Support to determine the root cause of the failure.

Thanks,

Benjamin

It's weird but the AutoCommit job showed "FIN".

I opened case with Tech Support...

Thanks

Does Panorama also do an AutoCommit post-upgrade? After our upgrade I do not see it as one of the jobs. We also can't commit the Panorama config due to a similar error: shared -> ssl-decrypt unexpected here

L2 Linker

For me (and the setup I have); the ssl-decrypt error message comes from the fact that the running configuration is still in 3.x format and not converted to 4.0 format while the candidate config is (the certificate is present in the xml file).

I've exported the candidate config, remove the <ssl-decrypt/> in the <shared> section; imported it back, loaded and commited and it works like a charm (you'll have a reload of the web-ui after an ajax error at 99%)

Hope this helps,

Olivier

A revert to running config should also do the trick

regards

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 4557 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!