What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to send phase 1 client ssl VPN" ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to send phase 1 client ssl VPN" ?

L4 Transporter

Hi All,.

PAN OS 4.1.11 and we are using user id feature,.. is this is due to bug in this release for "high management CPU utilization" ?

What is error "management server failed to send phase 1 abort to client logrcvr" and "management server failed to send phase 1 client ssl VPN" ?

due to this i am unable to do any changes in my firewall,...kindly help me to understand this,..

Regards,

Gururaj

8 REPLIES 8

L4 Transporter

I guess the commits are failing. Right ?

I would say those processes ( logrcvr and ssl VPN) are failing.

What PAN OS version is it ?

Can you paste the output of -

>show management-clients

L4 Transporter

We also see this problem on a system with a lot of vsys'es on 4k series. The problem is the lack of resources on the mgmt plane. The main cause of the issue is the fact that the device needs to log /a lot/ of traffic, which takes up all the resources.

In our case, the best solution would be to buy new hardware. What platform and version do you have? Is the box doing user-ID of needs to log a lot of traffic?

L4 Transporter

I would say it is due to bug in 4.1.11. If the commits are failing then restarting the management server will fix it.

If you check the system resources, the management server will be running high.

To check system resources -

>show system resources follow.

To restart the management server

> debug software restart management-server.

However restarting the management-server might reboot the device. It is a very very rare situation. Just a heads up.

[24;1H [K [?1l >Ravi@INBASEZFR01(active)> show management-clients

[?1h = [24;1H [K

              Client PRI    State Progress

-------------------------------------------------------------------------

              routed  30    P2-ok      100              

            ha_agent  25    P2-ok      100              

              device  20    P2-ok      100              

              ikemgr  10    P2-ok      100              

              keymgr  10     init        0    (op cmds only)

             logrcvr  10    P2-ok      100              

               dhcpd  10    P2-ok      100              

             varrcvr  10    P2-ok      100              

               l3svc  10    P2-ok      100              

              sslvpn  10    P2-ok      100              

              rasmgr  10    P2-ok      100              

             useridd  10    P2-ok      100              

             websrvr  10    P2-ok      100              

              sslmgr  10    P2-ok      100              

               authd  10    P2-ok      100              

              pppoed  10    P2-ok      100              

           dnsproxyd  10    P2-ok      100              

             cryptod  10    P2-ok      100              

              dagger  10     init        0    (op cmds only)

[24;1H [K [7mlines 1-23  [27m [24;1H [24;1H [KOverall status: P2-ok. Progress: 0

Warnings:

Errors:

device: VSYS1

device:     vsys1: Rule 'Social_media_access' application dependency warning:

device:         Application 'facebook-chat' requires 'jabber' be allowed, but 'j

abber' is denied in Rule 'Chat Blocking'

device:     vsys1: Rule 'Facebook_access' application dependency warning:

device:         Application 'facebook-chat' requires 'jabber' be allowed, but 'j

abber' is denied in Rule 'Chat Blocking'

device:     vsys1: Rule 'Gtalk_Access' application dependency warning:

device:         Application 'google-talk-base' requires 'jabber' be allowed, but

'jabber' is denied in Rule 'Chat Blocking'

device:     vsys1: Rule 'HR_Facebook_allow' application dependency warning:

device:         Application 'facebook-chat' requires 'jabber' be allowed, but 'j

abber' is denied in Rule 'Chat Blocking'

device:     Security Policy:

device:     - Rule 'DMZ_Trust' shadows rule 'DMZ to Trust for Internal ADFS'

device:     - Rule 'Social_media_access' shadows rule 'Microsoft_app_sprinklr_ac

cess'

device: (Module: device)

L4 Transporter

Was the above output taken when the commit failed ?

When you look at the output of 'show management-clients', it will indicate the process that failed phase 1 with an * next to it. You can then look at that process to see why its failing.

Hi Harsha,.

While doing the commit i was unable login to CLI using SSH,..may be because of high management CPU utilization. This output taken after commit is failed with error mentioned in this discussion.

Regards,

Gururaj

Hello Gururaj

> show system resources follow

Then hit Shift + m ( can you paste this output).

L0 Member

"debug software restart core yes process log-receiver"

  • 11808 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!