This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Server management cannot be restarted

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Server management cannot be restarted

Lutrija_Srbije
L1 Bithead

‎10-13-2017 12:58 AM

I cannot login to the web GUI, I receve error "Timed out while getting config lock. Please try again. ". I saw that it has to do with overloaded server managment plane so i tryed to restart it form CLI, ussing the comnad  "debug software restart process management-server". The problem is that i get the same error in CLI "Server error : Timed out while getting config lock. Please try again.". In jobs list I see that ther is a Wildfire job that is active for 2 days and its on 54 percent whole time so i tryed to clear it, but i get the same error. PAN-OS version is 7.1.5 and model is PA-500.

17 people had this problem.
7 REPLIES 7

reaper
Cyber Elite
Cyber Elite

‎10-13-2017 01:34 AM

hi @Lutrija_Srbije

 

I can suggest you try rebooting the firewall to regain access, but for proper troubleshooting you should reach out to support through your support partner

Tom Piens
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy

segap
L1 Bithead
In response to reaper

‎11-04-2020 12:38 AM

First I have to put this command:

> request config-lock remove

and after that:

> debug software restart process management-server

 

If I just restart management plain it didn't help.

 

I hope it will helps to someone.

0 Likes Likes

AlexandroDelAngel
L2 Linker

‎02-11-2021 06:40 PM

That just happened to me on version 9.0.12 on a PA-5220, got a support case but recommendation was to reboot the device.

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to AlexandroDelAngel

‎02-11-2021 11:51 PM

Hi @AlexandroDelAngel ,

 

At the begining of the month we experiance the same on two of our firewalls running 9.0.11.

Our TAC support says that the problem is caused by EDL refresh job.

 

Issue: You reported issues with WebUI and SSH Access Issue. 

Yes, I have looked at the tech support file and I saw these, "mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.403 +0100 EDLRefresh job started processing. Dequeue time=2021/02/01 10:00:02 2021-02-01 10:00:02.777 +0100 EDL entry(0x7f49aed98000, 0x7f49f1450800, 0x7f49e6efc000 vsys1/Fab, 0, 1 ip) Entry not referenced by a rule
mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.781 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5930): failed to get proxy info
mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.781 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5930): failed to get proxy info
mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.783 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5930): failed to get proxy info."

I saw that it matches a known issue, PAN-151808. EDL refresh job stuck when certificate profile used in the config for EDL server.

Target Fix Version/s: 9.1.8, 10.0.5.

 Note that this answer was provided at the begining of the month, back than bug ID PAN-151808 was not yet published publically. I can see it now in the addressed issues for the new 9.1.8, which was released yesterday.

 

Our support was not aware if this issue will be fixed in 9.0...

His only suggestion for workaround was to not use certificate profile for EDLs.

 

 

I am still not convinced that this is the actuall reason, because our firewalls are running 9.0.11 (upgraded from 9.0.9) since end of December. And we use EDL with cert profile for very long time. I was expecting to see such issue more often as our EDL refresh every hour.

On other hand we have two other firewalls also running 9.0.11, but they haven't experiance this issue and we don't use any EDL there...

Liviu_Bodeanu
L0 Member
In response to aleksandar.astardzhiev

‎03-23-2021 08:49 AM

Same issue is happening in my case, on a PA-3250 10.0.4.
I can see the same ELD errors, but I do not believe that this is related to the issue as I see them occurring in the past day prior to the incident as well.

0 Likes Likes

Logesh
L1 Bithead
In response to aleksandar.astardzhiev

‎07-14-2021 03:23 AM

Hi, 

 

Do you have any Kb article for this issue.

 

0 Likes Likes

johnlinkowsky
L2 Linker

‎08-31-2021 09:51 AM

Same issue on our PA5280 running v9.1.8.  Cannot get "commit lock" - even though there are no other commit locks.  Cannot do either of these commands, as it says "Timed out while getting config lock. Please try again."

 

> request config-lock remove

> debug software restart process management-server

 

There is a WF job hung at 54% for over an hour.

Seems the only way to clear this is to reboot the whole box.

 

Any other thoughts?  Ideas?

Thanks,

John L.

39.9259° N, 75.1196° W
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks