problem with management plane

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

problem with management plane

L0 Member

Hi,

I am not able to access the management website. The website does not load. When I try to restart the management plane from ssh with a command "debug software restart management-server" I get this error:

2014-05-08 12:08:11.503 +0200 Error: pan_read_full(comm_utils.c:104): srvr: fatal recv error. sock=3 err=Connection reset by peer (131)

admin@PA-2020>


What's the problem?

Thanks,

Radoslaw Czajkowski

1 accepted solution

Accepted Solutions

L7 Applicator

The firewall's SSH server is controlled by the management server, so when you restart it you are also killing the active SSH connection. That's what the "Connection reset by peer" message is saying.

If you can't get to the management port, and you have a management profile set on one of the non-management interfaces, you may want to see if it's listening for the web connections. You can run the following command to have the firewall output what it is listening on:

> netstat listening yes numeric-ports yes

Check for a TCP entry such as:

tcp        0      0 *:443                       *:*                         LISTEN

You can also tail the ms.log file while attempting to display the web interface on the management port to see if you receive any messages:

> tail follow yes mp-log ms.log

Attempt to display the page, and see if there are any messages.

Finally, what version and hardware are you running?

Hope this helps,

Greg Wesson

View solution in original post

1 REPLY 1

L7 Applicator

The firewall's SSH server is controlled by the management server, so when you restart it you are also killing the active SSH connection. That's what the "Connection reset by peer" message is saying.

If you can't get to the management port, and you have a management profile set on one of the non-management interfaces, you may want to see if it's listening for the web connections. You can run the following command to have the firewall output what it is listening on:

> netstat listening yes numeric-ports yes

Check for a TCP entry such as:

tcp        0      0 *:443                       *:*                         LISTEN

You can also tail the ms.log file while attempting to display the web interface on the management port to see if you receive any messages:

> tail follow yes mp-log ms.log

Attempt to display the page, and see if there are any messages.

Finally, what version and hardware are you running?

Hope this helps,

Greg Wesson

  • 1 accepted solution
  • 4735 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!