Unable to commit

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Unable to commit

L3 Networker

I have a PA-200, managed by Panorama and running 7.1.7. All of the sudden I can no longer commit to the firewall, and I get the error:

 

Details:

. Internal error during commit processing
. Commit/Validate failed. Invalid configuration.

 

Logs on the firewall have these errors:

2017-02-13 09:06:11.914 -0600 Error:  pan_cfg_mgr_get_sp_disabled(pan_cfg_mgr.c:4132): failed to fetch: NO_MATCHES
/opt/pancfg/mgmt/factory/commit-transform.xsl:1: parser error : Start tag expected, '<' not found
<9D>=<F9>m\<A0>4ers<C9>/o=vq<86> "7^^^]H^TX4l:bX}b<E5>smWwT1ve<F6>saen=
^
error
xsltParseStylesheetFile : cannot parse /opt/pancfg/mgmt/factory/commit-transform.xsl

2017-02-13 09:06:20.365 -0600 Error:  pan_xml_transform_doc_by_ssfile_nocopy(pan_cfg_utils.c:8938): Unable to parse xslt stylesheet /opt/pancfg/mgmt/factory/commit-transform.xsl
2017-02-13 09:06:20.365 -0600 Error:  pan_cfg_save_candidate_config(pan_cfg_users.c:2623): error generating the commit transform
2017-02-13 09:06:20.788 -0600 Error:  pan_cfg_save_commit_candidate(pan_cfg_users.c:2902): error saving candidate config
2017-02-13 09:06:21.370 -0600 Error:  pan_cfg_generate_commit_candidate(pan_cfg_users.c:3422): Unable to save commit candidate for device localhost.localdomain
2017-02-13 09:06:21.371 -0600 Error:  pan_cfg_generate_commit_candidates(pan_cfg_users.c:3500): Unable to save commit candidate

 

It looks like I have a corrupt commit-transform.xsl, but I can't figure out how to fix it. I've had a case open for a couple of days but I am getting nowhere. Has anyone run in to this before and figured out how to correct it?

11 REPLIES 11

Cyber Elite
Cyber Elite

have you tried reverting to running config and then performing a commit force ?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Like @reaper mentioned, that would be the first place I would start and see if that works for you. If it doesn't then you can try a restart, and last resort I would backup your config and try and do a fresh install. Do you have a HA unit at all that you could fallback to? 

Thanks for the advice. I tried it, but it still won't commit. This error showed up again:

 

 Unable to parse xslt stylesheet /opt/pancfg/mgmt/factory/commit-transform.xsl

 

It almost looks like a corrupt system file that is used to build commands from the XML.

I may have to rebuild it, but it is a single firewall, remote, with no console access.

L7 Applicator

Can your Panorama commit to other devices? or is this the only Firewall under Panorama?

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L2 Linker

Worse comes to worse, you can factory reset the box into a saved configuration that is located locally. You will want to have console access though.

 

 

- Peter

Yes, it can commit to the other 11 firewalls that share a template with this one. 

L3 Networker

I just wanted to update.... I did a "debug software restart process management-server" and then I was able to commit from Panorama again. I was so afraid that there were corrupted files, but it wasn't the case.

Thanks for the update, as it appears that restarting the management server was able to resolve the issue. 

Question is, was this performed on the Firewall with the issue or on Panorama?

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

It was done on the affected firewall.

Thanks for the update, Very good to know.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 9203 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!