Telemetry error - CDL Receiver Key Empty

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Telemetry error - CDL Receiver Key Empty

L4 Transporter

Hi All,

 

We have a client who all of a sudden started to receive the following telemetry error -  'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry data to PA with a certificate. This looks like it may be a an issue on the PA backend.

 

Can anyone clarify? @BPry ?

 

BenPrice_0-1641256179346.png

 

Thanks in advance.

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

@BPry 

Firewall did not receive the signed URL key required back from PAN servers to upload telemetry data (based on the telemetry logs), which looks to have caused the error. Also, the firewall failed to fetch the device certificate correctly upon 3 month renewal. Rebooted firewall and waited 24 hours and the firewall was then able to retrieve the certificate and telemetry data began to flow successfully again.

 
Looked to have been an issue with the Palo Alto back end as no changes were made on the firewall except a reboot, but am not quite sure.

View solution in original post

8 REPLIES 8

Cyber Elite
Cyber Elite

@Ben-Price,

That error has never been incredibly well defined. I've seen it caused by backend licensing issues that needed support to fix the licensing on their end, and I've seen it being caused by blocking licensing traffic from the firewall. I'd start with basic troubleshooting to kick things off (has the device been restarted, verify via logs the traffic is being allowed, etc) and go from there. 

L4 Transporter

@BPry 

Firewall did not receive the signed URL key required back from PAN servers to upload telemetry data (based on the telemetry logs), which looks to have caused the error. Also, the firewall failed to fetch the device certificate correctly upon 3 month renewal. Rebooted firewall and waited 24 hours and the firewall was then able to retrieve the certificate and telemetry data began to flow successfully again.

 
Looked to have been an issue with the Palo Alto back end as no changes were made on the firewall except a reboot, but am not quite sure.

L3 Networker

paragkarki143_0-1644452168893.jpeg

@BPry I conducted the reboot and telemetry started up again however it has since stopped again.

Any help would be much appreciated. Thank you in advance.

 

Cyber Elite
Cyber Elite

@paragkarki143,

You'd probably want to report it to TAC to help investigate why you keep running into issues and bring up that it's failed multiple times requiring a restart. A simple restart will likely fix it again, but there could be a communication issue due to your configuration or it could simply be a bug within PAN-OS 10.1 that you're running into.

If you haven't already, I would install 10.1.4 to ensure you're at least running the latest release. I don't see anything in the release notes to actually address an issue that would point towards your issue. 

L1 Bithead

I had the same issue when I installed 10.2.0.  Reboot didn't fix it, and installing 10.2.0-h1 didn't fix it either.  Just installed 10.2.1 and after a couple hours it finally started working.  Fingers crossed it is now resolved.

L2 Linker

I have this same issue on 10.1.6-H6 and thus far a reboot has not fixed it.  Shows my device cert is good and CDL is showing current logs.  But AIOps stopped getting telemetry data about a week ago.

 

Jason_Lieberman_0-1665974182695.png

 

I also see

 

Jason_Lieberman_1-1665974317382.png

 

PCNSE, PCNSC, CyberForce

I'm experiencing the same issue you are (with the exception that my device cert is valid) with my firewalls that are running 10.1.6-h6 (2x 220s and a VM), but not on those running 10.1.4 (2x 820s). I just enabled aiops today. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!