I cannot login to the web GUI, I receve error "Timed out while getting config lock. Please try again. ". I saw that it has to do with overloaded server managment plane so i tryed to restart it form CLI, ussing the comnad "debug software restart process management-server". The problem is that i get the same error in CLI "Server error : Timed out while getting config lock. Please try again.". In jobs list I see that ther is a Wildfire job that is active for 2 days and its on 54 percent whole time so i tryed to clear it, but i get the same error. PAN-OS version is 7.1.5 and model is PA-500.
Hi @AlexandroDelAngel ,
At the begining of the month we experiance the same on two of our firewalls running 9.0.11.
Our TAC support says that the problem is caused by EDL refresh job.
Issue: You reported issues with WebUI and SSH Access Issue. Yes, I have looked at the tech support file and I saw these, "mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.403 +0100 EDLRefresh job started processing. Dequeue time=2021/02/01 10:00:02 2021-02-01 10:00:02.777 +0100 EDL entry(0x7f49aed98000, 0x7f49f1450800, 0x7f49e6efc000 vsys1/Fab, 0, 1 ip) Entry not referenced by a rule mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.781 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5930): failed to get proxy info mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.781 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5930): failed to get proxy info mp ms.log 2021-02-01 10:00:02 2021-02-01 10:00:02.783 +0100 Error: pan_ebl_set_curl_proxy_info(pan_cfg_ebl.c:5930): failed to get proxy info." I saw that it matches a known issue, PAN-151808. EDL refresh job stuck when certificate profile used in the config for EDL server. Target Fix Version/s: 9.1.8, 10.0.5.
Note that this answer was provided at the begining of the month, back than bug ID PAN-151808 was not yet published publically. I can see it now in the addressed issues for the new 9.1.8, which was released yesterday.
Our support was not aware if this issue will be fixed in 9.0...
His only suggestion for workaround was to not use certificate profile for EDLs.
I am still not convinced that this is the actuall reason, because our firewalls are running 9.0.11 (upgraded from 9.0.9) since end of December. And we use EDL with cert profile for very long time. I was expecting to see such issue more often as our EDL refresh every hour.
On other hand we have two other firewalls also running 9.0.11, but they haven't experiance this issue and we don't use any EDL there...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!