This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Panorama Commit issue 10.1.4-H4 after upgrade from 10.1.3

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Panorama Commit issue 10.1.4-H4 after upgrade from 10.1.3

Go to solution
Pras
L4 Transporter

‎04-25-2022 07:05 PM - edited ‎04-26-2022 04:28 PM

Hi guys,

I have a Panorama- 10.1.4-H4 (upgraded from 10.1.3) on AWS and two other firewalls both at 10.0.9 on AWS.

After upgrading, Panorama, I cannot just commit. Throws an error saying  plugins unexpected here (for schema verification failed-reverted the config and when trying to commit after that gives the plugin error)

paragkarki143_0-1650938630275.png

 

I see below difference in the candidate and running configs when validating (after reverting the config):

paragkarki143_1-1650938630280.png

 

paragkarki143_2-1650938630293.png

 

paragkarki143_3-1650938630268.png

 

paragkarki143_4-1650938630278.png

 

I do not see any bugs or any one else facing similar issue.

It looks like a corrupt candidate configuration. But I am afraid if I force commit/force commit it will affect the prod environment specially as it says in the validation process the plugins will be deleted.

Plugin for Panorama: 3.0.2

Plugin for Firewalls: 2.14

@

@ 

@reaper 

Many Thanks,

PrasKtmBoy
0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Pras
L4 Transporter

‎04-28-2022 10:52 PM

Loading running-config and Force Committing just resolved the issue

PrasKtmBoy

View solution in original post

1 person found this solution to be helpful.
0 Likes Likes
11 REPLIES 11

Go to solution
Pras
L4 Transporter

‎04-26-2022 06:15 PM

Hi Guys, 
Any chances you might be knowing the ans?
@BPry 
@SCantwell_IM 

PrasKtmBoy
0 Likes Likes

Go to solution
SCantwell_IM
Cyber Elite
Cyber Elite

‎04-27-2022 07:16 AM

Howdy

I would think that if your company is not using plugins (please confirm) that you could delete the plugin(s) that are causing your issue.

 

Help the community: Like helpful comments and mark solutions
0 Likes Likes

Go to solution
Pras
L4 Transporter
In response to SCantwell_IM

‎04-27-2022 06:56 PM

Hey @SCantwell_IM,

Thanks for the reply. Unfortunately, the deployment is in AWS and the plugins are required. What may be the effect if I force commit (As I really think it's a case of a corrupt xml conf file  )? 

PrasKtmBoy
0 Likes Likes

Go to solution
SCantwell_IM
Cyber Elite
Cyber Elite

‎04-28-2022 07:49 AM

If you try a commit force and the running config is corrupted, you will still probably get an error and the commit will not be successful.

If you want, export your configuration off, and password protect it.  Attach to this thread and then PM directly with the password, then I will download it and try on my Panorama and see if I can figure it out. 😛  Always glad to assist the Community.

Help the community: Like helpful comments and mark solutions
0 Likes Likes

Go to solution
Pras
L4 Transporter

‎04-28-2022 10:52 PM

Loading running-config and Force Committing just resolved the issue

PrasKtmBoy
1 person found this solution to be helpful.
0 Likes Likes

Go to solution
mauri_fortu
L0 Member

‎07-26-2022 05:44 AM

Hi guys, happens the same to me on azure.

I tried to revert configuration but not work, could you help me?

0 Likes Likes

Go to solution
mauri_fortu
L0 Member
In response to mauri_fortu

‎07-26-2022 07:43 AM

Hi guys,

I just solved by myself the problem.
I mistake to not upgrading the vm_series plugin from 2.0.x to 2.1.x before upgrading the PAN-OS.

So I roolback the panorama to 10.0.11, upgraded the plugin, made a commit, and push the configuration

If the commit doesn't appear, change something, like a description somewhere, and after proceed to commit and push the configuration on the  the vm (my case azure one).

 

For index research my error where

devices -> localhost.localdomain -> template -> azr-ext -> config -> devices -> localhost.localdomain -> deviceconfig -> plugins unexpected here
devices -> localhost.localdomain -> template -> azr-ext -> config -> devices -> localhost.localdomain -> deviceconfig is invalid
devices -> localhost.localdomain -> template-stack -> azr_stack -> config -> devices -> localhost.localdomain -> deviceconfig -> plugins unexpected here
devices -> localhost.localdomain -> template-stack -> azr_stack -> config -> devices -> localhost.localdomain -> deviceconfig is invalid

 

For both versione xml use the same schema, so I don't know why it says it's unexpected, btw I solved updating before the plugin.

mauri_fortu_0-1658846387231.png

 

 

Go to solution
renzanjo11
L2 Linker
In response to Pras

‎08-11-2023 02:26 AM

Hi @Pras ,

 

Good day! I am very sorry for this question as I am a newbie on Panorama.

I was just curious on what do you mean to load the running config and force committing. Is it on CLI or GUI? May I ask how? 

 

Regards,

Renz

 

0 Likes Likes

Go to solution
Pras
L4 Transporter

‎08-15-2023 04:26 PM

Hey @renzanjo11 ,

I meat loading the saved configuration (GUI) and using the command " Commit Force " from the CLI

Pras_0-1692141886549.png

p.s: works for Panorama and the FW both.

PrasKtmBoy
0 Likes Likes

Go to solution
buzor.okoye
L1 Bithead

‎11-14-2023 07:11 AM

This is likely caused by an incompatible vm_series plugins version on Panorama.

I had to upgrade my plugins version to  from 2.0.x to 2.1.13 to resolve this.

See vm series plugins compatibility matrix for references https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/vm-series-plugin-compatib...

 

0 Likes Likes

Go to solution
Pras
L4 Transporter

‎11-27-2023 02:14 PM

@buzor.okoye That's exactly that had happened. After the plugin update the issue got resolved. Thanks a lot for your feedback.

PS sorry for the delayed response as I was away for a while.

PrasKtmBoy
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2023 - Palo Alto Networks