02-08-2017 02:55 PM - edited 02-09-2017 01:19 AM
Had a case related to this earlier. Some backround,
4000 series - in active / passive
customers apps&threats licence expired while the passive unit was installing the latest apps version. This resulted in the passive unit failing to commit once licence got renewed due to malformed apps version. Error in logs was the 'threat db handler failed'. Active device was fine and passing traffic and could commit.
following on from previous articles on the KB
we upgraded passive to 7.1.2 which according to the release notes resolved auto-commits for this issue. Unfortunately it didn't for this passive 4000 series.
Also tried uploading the apps version through GUI which let us upload the version, but could not commit, as auto-commit was pending.
We restarted the managment server, again auto-commit would not get past 40%.
The resolution was a factory reset on the passive. First we exported the running config of the passive,
factory reset through maint mode
auto-commit proceeded successfully upon reboot
installed 7.1.0 - matching the active unit
installed apps and threats & virus signatures successfully
configured HA settings on the passive
attempted to sync the active running config to the passive
When we issued the command from the active to sync the config to the passive, we observed the passive commiting the config the active sent it successfully. Verified the process through ms logs and tasks window, and using show jobs all.
HA widget on dashboard showed all green status except for config, even after verifying passive and active config were matching.
Reloaded the back up config we took from the passive unit prior to the factory reset as a precaution..
again ha widget on active and passive would not give green status after syncing from the active.
To resolve the issue, after verifying the passive had indeed the correct running config the active did, we synced from the passive to the active.
Once this completed we got a healthy HA status...
Just posting the details in the event any members run into the same original issue, then the secondary issue we ran into today..
bug id 91724 - https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os-release-notes/pan-os-7-1-2-addressed...
devserv.log file had following record in passive ;
8 +0000 Warning: pan_tdb_load_tdb_cache(pan_tdb_handler.c:233): [TDB] Load /opt/pancfg/mgmt/content//cache/70103//tdb.cache.ser-1 error, please try again
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!