Antivirus Download and Install Hanging

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Antivirus Download and Install Hanging

L2 Linker

Pa11.0.1 onPa820 in High Avaliability mode.

 

The antivirus download and install update job has been at the "download in progress" status for several hours.

 

The last antivirus valid is:4406 -4923 of 31/03/2023.

 

The following resolution answer does not work

Resolution [Not work]

  • Run the following commands to clear the stuck download job:
    > debug software restart device-server          [This command does not work]
    > debug software restart management-server [This command does not work]

 

 
11 REPLIES 11

Cyber Elite
Cyber Elite

Hello @cverniani

 

could you try these commands instead?

 

debug software restart process management-server
debug software restart process device-server

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L2 Linker

 

Using the commands you wrote the system accepts:

debug software restart process management-server
debug software restart process device-server


and the system accept ok. [The syntax now is ok]

But the both systems does not complete the new antivirus installing commands.

Both the systems remain at the 59% of the progress.

 

cverniani_0-1681455232000.png

cverniani_1-1681455689580.png

 

In the last few days I have updated the system by manually restarting the appliances but new antivirus updates appear every day and it is important that PA can install the updates automatically.

 

 

The problem appeared only after updating the PA 820 to version 11.0.1.

 

 

L1 Bithead

Any other solutions?  I am having the same problem with a PA-820 HA pair on 11.0.1-h2.  The passive is updating, but the active sticks at 59% for last few days.

I have opened a case on PA support and they wrote:

 

>>PANOS 11 may be prefered for newer firewalls, but with the 820 staying with the prefered 10 version may be better for you until >>Palo recommend to upgrade to 11 for the 820.

[cut] 

>>If this does not work, would you consider downgrading the firmware to 10.2.4-h2? This may be the better choice for your 820.

 

I have downgrade the firmware to 10.2.4-h2. 

I solved in this way.

 

 

That is just a workaround, and fortunately, it seems you did not have strong business requirement to run on PAN-OS 11.0.

Would you mind sharing the case number?

Thank you.

Olivier

PCSNE - CISSP

Best Effort contributor

Check out our PANCast Channel

Disclaimer : All messages are my personal ones and do not represent my company's view in any way.

In my case I bought a new pair of PA-1410 firewalls.  I upgraded PA-820 to v11 to prepare for config migration from 820 to 1410.  I suspended the problematic 820 firewall (failover to passive) and restarted it last night.  AV updated.

If you have Panorama, you simply move devices in template stack / device group.

(but that is out of scope of this topic)

PCSNE - CISSP

Best Effort contributor

Check out our PANCast Channel

Disclaimer : All messages are my personal ones and do not represent my company's view in any way.

Hello,

I have two PA-220, already 10.2.4-h2 and I have exactly the same issue.

I don't know how to resolve it...

We are currently working around this issue (until fixed in later version of 11) by disabling telemetry.

L1 Bithead

I have PA-220's running 10.2.5 which fail to install the Antiviris Update.

 

I have found that Mlane's response above about disabling Telemetry resolves the issue for me (although it still takes time to install).

L0 Member

Hello:

We are facing similar issue, our use case matches with:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NOKCA2&lang=en_US%E2%80%A...


I hope this helps.

Regards.

 

  • 2540 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!