02-15-2017 06:15 AM
I have a PA-200, managed by Panorama and running 7.1.7. All of the sudden I can no longer commit to the firewall, and I get the error:
Details:
. Internal error during commit processing
. Commit/Validate failed. Invalid configuration.
Logs on the firewall have these errors:
2017-02-13 09:06:11.914 -0600 Error: pan_cfg_mgr_get_sp_disabled(pan_cfg_mgr.c:4132): failed to fetch: NO_MATCHES
/opt/pancfg/mgmt/factory/commit-transform.xsl:1: parser error : Start tag expected, '<' not found
<9D>=<F9>m\<A0>4ers<C9>/o=vq<86> "7^^^]H^TX4l:bX}b<E5>smWwT1ve<F6>saen=
^
error
xsltParseStylesheetFile : cannot parse /opt/pancfg/mgmt/factory/commit-transform.xsl
2017-02-13 09:06:20.365 -0600 Error: pan_xml_transform_doc_by_ssfile_nocopy(pan_cfg_utils.c:8938): Unable to parse xslt stylesheet /opt/pancfg/mgmt/factory/commit-transform.xsl
2017-02-13 09:06:20.365 -0600 Error: pan_cfg_save_candidate_config(pan_cfg_users.c:2623): error generating the commit transform
2017-02-13 09:06:20.788 -0600 Error: pan_cfg_save_commit_candidate(pan_cfg_users.c:2902): error saving candidate config
2017-02-13 09:06:21.370 -0600 Error: pan_cfg_generate_commit_candidate(pan_cfg_users.c:3422): Unable to save commit candidate for device localhost.localdomain
2017-02-13 09:06:21.371 -0600 Error: pan_cfg_generate_commit_candidates(pan_cfg_users.c:3500): Unable to save commit candidate
It looks like I have a corrupt commit-transform.xsl, but I can't figure out how to fix it. I've had a case open for a couple of days but I am getting nowhere. Has anyone run in to this before and figured out how to correct it?
02-15-2017 07:00 AM
have you tried reverting to running config and then performing a commit force ?
02-15-2017 07:22 AM
Like @reaper mentioned, that would be the first place I would start and see if that works for you. If it doesn't then you can try a restart, and last resort I would backup your config and try and do a fresh install. Do you have a HA unit at all that you could fallback to?
02-15-2017 08:15 AM
Thanks for the advice. I tried it, but it still won't commit. This error showed up again:
Unable to parse xslt stylesheet /opt/pancfg/mgmt/factory/commit-transform.xsl
It almost looks like a corrupt system file that is used to build commands from the XML.
02-15-2017 08:16 AM
I may have to rebuild it, but it is a single firewall, remote, with no console access.
02-15-2017 12:03 PM
Can your Panorama commit to other devices? or is this the only Firewall under Panorama?
02-16-2017 06:57 AM
Worse comes to worse, you can factory reset the box into a saved configuration that is located locally. You will want to have console access though.
- Peter
02-16-2017 07:42 AM
Yes, it can commit to the other 11 firewalls that share a template with this one.
02-20-2017 08:16 AM
I just wanted to update.... I did a "debug software restart process management-server" and then I was able to commit from Panorama again. I was so afraid that there were corrupted files, but it wasn't the case.
03-08-2017 09:04 AM
Thanks for the update, as it appears that restarting the management server was able to resolve the issue.
Question is, was this performed on the Firewall with the issue or on Panorama?
03-09-2017 05:42 AM
It was done on the affected firewall.
03-09-2017 08:15 AM
Thanks for the update, Very good to know.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
