Panorama upgrade local auth not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama upgrade local auth not working

L4 Transporter

Recently upgrade panorama to 8.0.17 and after it upgraded it got hung, so we had to reboot it to get it back.  Once it was back it is no longer allowing local auth.  Remote auth works via the GUI (thankfully).  Neither local or remote auth works via cli (console doesn't work either).

 

SSH using LDAP I get this message:

 

Received disconnect from 10.12.99.100 port 22:2: Too many authentication failures for<ldap_user>

When using local auth via GUI I see this in the logs:

 

 'failed authentication for user \'admin\'.  Reason: Authentication profile not found for the user

When using local auth via CLI it just keeps asking for the password even though I know its right.  

 

I read 2 articles, 1 about PAN running FSCK after a reboot but it shouldn't take nearly a week to do that (upgraded it last week).  And another article about rebuilding the user database but I can't login via CLI to do that.   Remote console doesn't show anything, like it won't display anything.  

 

Has anyone see this before?  

 

6 REPLIES 6

Cyber Elite
Cyber Elite

@drewdown,

I'd just go straight to support with something like this so they can view the logs and see what the debug info is actually stating. It kind of sounds like the upgrade might have effected a few files in an adverse way however. 

I did that and they weren't able to figure it out.  Asked me to reboot it again to see if it clears whatever the problem is.  Will probably do that sometime today. 

@drewdown How did you resolve this, i am in the same situation

IIRC at first I think they had us downgrade and re-upgrade but in the end we had to RMA the panorama box and that turned into a entire different mess.   I would hope no one has to go through that because it seemed PA had no idea how to do it without causing interruptions.  

For us we had to reboot firewall

L1 Bithead

I'm seeing the same thing on a newly installed m-600.  I can login to the GUI using admin, but I get the "too many failures" thing trying SSH from the same box.  There are no errors in the system or auth logs to document this.  And another user is able to SSH from his machine using the admin account.  The box is on 9.1.10.  Really annoying.

 

  • 5202 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!