- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-03-2022 04:30 PM
Hi All,
We have a client who all of a sudden started to receive the following telemetry error - 'CDL Receiver Key Empty' on PA-440. No changes have been made. Currently running PAN OS 10.1.2. They are not using CDL and are just sending Telemetry data to PA with a certificate. This looks like it may be a an issue on the PA backend.
Can anyone clarify? @BPry ?
Thanks in advance.
01-09-2022 04:54 PM
Firewall did not receive the signed URL key required back from PAN servers to upload telemetry data (based on the telemetry logs), which looks to have caused the error. Also, the firewall failed to fetch the device certificate correctly upon 3 month renewal. Rebooted firewall and waited 24 hours and the firewall was then able to retrieve the certificate and telemetry data began to flow successfully again.
01-03-2022 06:05 PM
That error has never been incredibly well defined. I've seen it caused by backend licensing issues that needed support to fix the licensing on their end, and I've seen it being caused by blocking licensing traffic from the firewall. I'd start with basic troubleshooting to kick things off (has the device been restarted, verify via logs the traffic is being allowed, etc) and go from there.
01-09-2022 04:54 PM
Firewall did not receive the signed URL key required back from PAN servers to upload telemetry data (based on the telemetry logs), which looks to have caused the error. Also, the firewall failed to fetch the device certificate correctly upon 3 month renewal. Rebooted firewall and waited 24 hours and the firewall was then able to retrieve the certificate and telemetry data began to flow successfully again.
02-09-2022 04:17 PM
@BPry I conducted the reboot and telemetry started up again however it has since stopped again.
Any help would be much appreciated. Thank you in advance.
02-09-2022 07:05 PM
You'd probably want to report it to TAC to help investigate why you keep running into issues and bring up that it's failed multiple times requiring a restart. A simple restart will likely fix it again, but there could be a communication issue due to your configuration or it could simply be a bug within PAN-OS 10.1 that you're running into.
If you haven't already, I would install 10.1.4 to ensure you're at least running the latest release. I don't see anything in the release notes to actually address an issue that would point towards your issue.
05-11-2022 05:41 PM
I had the same issue when I installed 10.2.0. Reboot didn't fix it, and installing 10.2.0-h1 didn't fix it either. Just installed 10.2.1 and after a couple hours it finally started working. Fingers crossed it is now resolved.
10-16-2022 07:37 PM - edited 10-16-2022 07:38 PM
I have this same issue on 10.1.6-H6 and thus far a reboot has not fixed it. Shows my device cert is good and CDL is showing current logs. But AIOps stopped getting telemetry data about a week ago.
I also see
10-18-2022 11:39 AM
I'm experiencing the same issue you are (with the exception that my device cert is valid) with my firewalls that are running 10.1.6-h6 (2x 220s and a VM), but not on those running 10.1.4 (2x 820s). I just enabled aiops today.
10-18-2022 12:46 PM
Here is what fixed it for me.
01-19-2023 09:10 AM
My PA-3430 devices running 10.2.3-h2 had this issue. Device certificate was a week away from expiring but still causing the CDL error apparently.
request certificate fetch
Fixed the issue.
02-14-2023 12:02 PM
When I try to place a TAC case, it is redirecting me to the live community. How do I submit a ticket?
02-14-2023 12:08 PM
There is a very unfriendly feature of the case opening tool where it does this for certain categories, basically telling you in an insulting and passive aggressive manner that your need is too petty to concern regular support staff. (Isn't it nice how you can spend a ton of time typing up your situation into the case notes and then on submit BAM it redirects you do the forum and throws out all your typing?)
Choosing a "better fitting" category / issue type / whatever may allow you to open the ticket.
06-20-2023 06:51 AM
This is now listed as a known issue in the release notes of 10.2.4.
======================
PAN-208325
06-20-2023 07:35 AM
We were finally able to get telemetry sent to AIOps by permitting google-base as per this article.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!