Trial VM-Series OVA-deployed VM stuck at PA-HDF login prompt for over 24 hours; multiple hosts and multiple attempts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Trial VM-Series OVA-deployed VM stuck at PA-HDF login prompt for over 24 hours; multiple hosts and multiple attempts

L1 Bithead

Hello!

 

I reached out to receive a trial for the VM-Series NGFW so I could practice/lab out some configs during my certification path. I have followed all of the instructions provided, confirmed ESXi version was fine, increased vCPU and RAM allocated following the sizing guide, and tried being patient, but multiple attempts at getting the VM-series firewall to boot have been unsuccessful. I have tried on multiple hosts as well (a Dell R720 running ESXi 8 as well as a spare computer running ESXi 8).

 

I am aware there are 3 prompts for login during the initialization phase and the VM seems to keep getting stuck at the second one (PA-HDF). I know the initialization can take a while, but we are officially at 24 hours on my 4th attempt on the second host, so I feel like either I am missing something or something else is wrong. Any ideas are appreciated!

 

Another note is that I can ping and start an SSH session with the DHCP received address on one of the 3 interfaces, but logging in there also does not work.

 

Current VM Info:

OVA: PA-VM-ESX-10.2.5.vm_eval.ova

vCPU: 8 (also tried vm-100 and vm-300 series specs)

RAM: 16 GB

Storage: 60 GB

2 accepted solutions

Accepted Solutions

L1 Bithead

@BPry,

 

A user on Reddit lead me to this PA LIVE post which solved the issue! In short, just needed to reinstall the OS through the maintenance login.

 

LIVEcommunity - Unable to start trial VM on ESXi - LIVEcommunity - 543039 (paloaltonetworks.com)

View solution in original post

Hello,

I was facing same issue with PA-VM-ESX-10.2.5.vm_eval follow below steps to work it.

1. import PA-VM-ESX-10.2.5.vm_eval.ova file to vmware workstation

2. Let it boot normally then it will stuck on PA-HDF login screen (Not a single credential working there)
3. Reboot machine & go to maintanace mode ( Type maint while rebooting, need to type it very quickly))

4. Go to disk image & reinstall it.

5. Post reinstallation again reboot the machine press F2 to go BIOS -->> In BIOS update date before 2024 like 14 Feb 2023 -->> Save changes & shutdown machine.

6. Now follow below article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLfDCAW

 

add mention values below the line ' firmware = "bios" '

eg,  

firmware = "bios"
time.synchronize.continue = "0"
time.synchronize.restore = "0"
time.synchronize.resume.disk = "0"
time.synchronize.shrink = "0"
time.synchronize.tools.startup = "0"
time.synchronize.tools.enable = "0"
time.synchronize.resume.host = "0" 

 

Save it.

7.  Edit Settings →  VM Options →  VMware Tools → Time, and deselect the checkbox Synchronize guest time with host

8. ( Also For the first boot I haven't allowed internet to Paloalto for that I have provided custom host only adapter )

View solution in original post

8 REPLIES 8

Cyber Elite
Cyber Elite

@JakeHopkins,

Have you tried just hitting enter a few times to see if the console is maybe just not updating to drop into the PA-VM: prompt? I've seen that just get stuck and not update automatically before, and you should have definitely fully booted by now. 

Do you see any errors displayed on the console during the startup process? If you're getting stuck and the VM isn't fully booting it's usually because something wasn't setup properly. Generally the console errors will point you in the right direction in what you may have missed. 

@BPry,

 

Thanks for the reply! Yes I have tried hitting enter on the prompts throughout the deployment, still showing PA-HDF even after extended periods. I now have 3 new VMs across two hosts with varying configs just to try and rule out some possible issues. I did have a response on reddit suggesting I change the system date to 01-01-2020 as it was a known bug in the past, but no change unfortunately. 

 

The boot process runs through the terminal quite fast so I am not able to read it. I did boot into maintenance mode and reviewed the available logs but did not find anything concerning.

 

I am deploying the VM using the provided OVA template so I don't imagine I would be missing too much haha. I will take a look through the logs again when I have time after work.

L1 Bithead

@BPry,

 

A user on Reddit lead me to this PA LIVE post which solved the issue! In short, just needed to reinstall the OS through the maintenance login.

 

LIVEcommunity - Unable to start trial VM on ESXi - LIVEcommunity - 543039 (paloaltonetworks.com)

Greetings,

 

When I try to reinstall from maint, I get prompted for an advanced settings password which does not seem to just be admin. Was wondering if anyone on this thread has seen this before?

Thank you JakeHopkins. This solution worked well for me, as well as being a beneficial experience to learn about the maintenance mode

Hello,

I was facing same issue with PA-VM-ESX-10.2.5.vm_eval follow below steps to work it.

1. import PA-VM-ESX-10.2.5.vm_eval.ova file to vmware workstation

2. Let it boot normally then it will stuck on PA-HDF login screen (Not a single credential working there)
3. Reboot machine & go to maintanace mode ( Type maint while rebooting, need to type it very quickly))

4. Go to disk image & reinstall it.

5. Post reinstallation again reboot the machine press F2 to go BIOS -->> In BIOS update date before 2024 like 14 Feb 2023 -->> Save changes & shutdown machine.

6. Now follow below article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLfDCAW

 

add mention values below the line ' firmware = "bios" '

eg,  

firmware = "bios"
time.synchronize.continue = "0"
time.synchronize.restore = "0"
time.synchronize.resume.disk = "0"
time.synchronize.shrink = "0"
time.synchronize.tools.startup = "0"
time.synchronize.tools.enable = "0"
time.synchronize.resume.host = "0" 

 

Save it.

7.  Edit Settings →  VM Options →  VMware Tools → Time, and deselect the checkbox Synchronize guest time with host

8. ( Also For the first boot I haven't allowed internet to Paloalto for that I have provided custom host only adapter )

L1 Bithead

For posterity if anyone else runs into same issue: I was using Brave browser to access ESX admin page, same symptoms where existing and new VMs would hang on login console page; no response. Switched to Chrome and all good

L1 Bithead

Hi All , Specially Aniket

I did my best.but still VM is shutting down.

I did the following:

1. Re-imaged the vm in order to fix the HDF login issue. - It got fixed.

2. Currently Im facing VM shut downs after 3-5 mins

- So I did the following as you suggested,

a. Ran the vmware- went to firmware- Clock Changed to 2021

b. uncheked the "Sync Guest time with Host" from Option settings. (VM work station)

c. updated .vmx file with the lines you provided.

 

Everytime i reboot/starts my VM, the time agian sync with host and the VM Shuts down before even i can login !!

ANy solution for this ??

 

Regards

ARIQ

  • 2 accepted solutions
  • 9067 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!