Panorama fails to upgrade itself with error: Label sysroot1 does not indicate a valid image

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama fails to upgrade itself with error: Label sysroot1 does not indicate a valid image

L1 Bithead

Hi all,

      last time I tryed to upgrade my Panorama, I had this error: "Label sysroot1 does not indicate a valid image".

The panorama is working, also I'm able to upload images and content to managed firewall, only I cant upgrade itself.

Is not related with upgrade image because is unable to reinstall also the currently installed image.

I already checked images in mantainance mode.

 

Any suggestion? 

staltari_0-1665476121620.png

 

16 REPLIES 16

L1 Bithead

No way to fix that VM, trown away.

I had to create a new VM and copied the configuration on.

No problem to move license, you just set the same serial number and activate.

All PanOS 10.1 managed NGFWs were reconected automatically, PanOS 10.2 managed firewalls not. I had to push a new Auth-key to reconnect PanOS 10.2 firewalls.

L1 Bithead

Hi .

Anyone resolved this issue?

Hi,

I had this problem today. I tried to upgrade virtual panorama with PanOS 11.0.3 -> 11.0.3-h5. 
I think error have connection with try of uploading wrong image type in the past. I found such info in logs. However now, I have only proper images. I couldn’t reinstall 11.0 or any of it’s patches from Web as well as from CLI.

So … 🙂

I requested device to boot maintenance mode, chosen imges, had no image to revert, chosen advanced (MA1NT password). Then chosen other partition than were listed in error and bootstraped it with 11.0.0. After that reboot device useing newly installed PanOS. 
That solved problem. I patched system with use of Web interface.

 

I hope it will help you.

PCNSE, PCCSE, CCNP Security, AWS SAA

L2 Linker

Hi,

I had this problem today when I tried to upgrade virtual Panorama with PAN-OS 11.0.3 to 11.0.3-h5. I tried to reinstall 11.0.3, downgrade to 11.0.0 from Web and CLI, but nothing helped.

I think problem have connection with try of uploading wrong PAN-OS image in the past. I found such info in logs.

so I decided to:

1. reboot device to (my favorite 😉 ) maintenance mode;

2. choose images;

3. try revert to 11.0.0 

but I had "no image to revert"

so:

1. I opened "advanced" in "image" (password MA1NT)

2. checked other partition than was listed in my error,

3. checked image 11.0.0 and bootstrapped this partition

4. rebooted device to newly installed 11.0.0

5. installed patch 11.0.3-h5 from web.  

 

That solved the case 🙂 I hope it will help you too.

 

 

PCNSE, PCCSE, CCNP Security, AWS SAA

Hi,

 

Thank you for your reply. My case is Panorama appliance M Series. Do you think all above steps can work in physical appliance also?  Anyway let me see and try.

 

Appreciate for your answer.

I think in such situation shouldn't be differences between form factors (physical - virtual), so you should try do this. Remember to do configuration backup before operation and be sure you uploaded proper and clean base image. 

PCNSE, PCCSE, CCNP Security, AWS SAA

Hi I have the same issue, but in this case, for "Label sysroot0". Panorama doesn't detect the version of the firmware in Label syroot0 and Label sysroot1, so in maintenance mode, we cannot upload any version. As I can see, the issue it's for uploading a PAN-220 image. 

I test to install a 11.0.0 version and a 10.0.0 without sucess. Actually, we have a 10.2.6 version of Panorama.

 

What could we do?

If I understand it correctly, you can't bootstrap any of partition with clear, base image ? What is the resulat of such try ?

PCNSE, PCCSE, CCNP Security, AWS SAA

The one I attached in the screenshot. In maintenance mode we do not even have the option to select any type of version even though it is loaded.

To complement the information a little more, I attach some screenshots in maintenance mode. I was thinking that, in the first screenshots that I have attached, it looks like when installing an image from a different platform, I think it generates it in a path. Is there an option to enter Linux mode and delete that temporary file, or directly delete all the temporary files that the system can create?

I don't think so that anyone will allow you to reach unix layer of OS. In my opinion deleting all uploaded software will not resolve the issue as well. I will ask you once again, did you try to:

"

1. I opened "advanced" in "image" (password MA1NT)

2. checked other partition than was listed in my error,

3. checked image 11.0.0 and bootstrapped this partition

4. rebooted device to newly installed 11.0.0

"
????

PCNSE, PCCSE, CCNP Security, AWS SAA

Hello, good afternoon, I appreciate the help you are offering me. Yes, we have tried loading it from another partition without success. In both the sysroot0, sysroot1 and maint partitions, none of them load any type of version. They all tell us that there is no version. If I bootstrap, all it does is take me out of the SSH session opened by CLI and I have to log in again without any changes.

Unfortunatelly, once I've seen such hard case as well. I think that you should not wait any longer and open a case in TAC. Because it's hardware be prepared for RMA procedure. Good luck ! 

PCNSE, PCCSE, CCNP Security, AWS SAA

L1 Bithead

The only resolution is just do factory reset to firewall. You should have config backup files. Then take maintenance window (downtime) and do the factory reset. Previously my colleague opened the case to TAC and factory reset is the solution to resolve this issue. Hope everyone ok.

  • 6523 Views
  • 16 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!