Scheduled backup export

cancel
Showing results for 
Search instead for 
Did you mean: 

Scheduled backup export

L2 Linker

Hi there,

 

I have a scheduled backup job running every night, which exports my Panorama config to a backup server, it is running for over a year now without any problem.

 

Yesterday I went over the config, changed the time and permitted the config.

This morning I saw that the backup failed due to missing ECDSA SSH key.

 

Failed exporting config bundle via ssh to 1x.xx.xx.xx. No ECDSA host key is known for 1x.xx.xx.xx ...Host key verification failed...lost connection

 

The test connection button on the backup schedule page asks if I want to add the key, system says it added the key but it seems to do nothing. Same message when I press the button again, same error message when the backup job runs again.

 

Im on Panorama version 10.2.2

 

Has anyone a hint how to fix or work around that issue?

17 REPLIES 17

L2 Linker

I do have a low priority ticket open with support.  They got back to me wanting a detailed discussion, but haven't scheduled that yet

Same here, we checked the issue yesterday with our PA support partner and opened a case at PA. Hopefully it doesn't take that long to fix as the ACC IP issue...

 

In the meantime I'm using anonymous ftp together with a copy script which moves the backup file away, shi**y solution I know but better than nothing.

 

Keep you up2date

L0 Member

@Netzer Is there any way for you to DM me the PAN-TAC case# ? I'm having the same issue and would like to reference it when I open a ticket with them

I have a TAC remote session today in the afternoon, I will let you know the result here. At the moment I have only the case number from my palo alto support partner but this is not the real PA case number. If they have no short workaround today and we have to way for a fix then I'll ask my partner to send me the PA case number and then I can give it to you.

L2 Linker

I had a discussion with support last week which didn't accomplish anything (just made me run a few commands that I already messaged them about).  They have the tech support bundle from my Panorama instance so we will see if they can find anything.

We could fix the problem temporarily yesterday during our support session. The TAC guy logged in via root to Panorama. Then a simple ssh [user]@[backup-server-ip] was all whats needed. SSH key got saved and the web gui scheduled export function was working again.

 

They gonna check the issue and hopefully it will be fixed soon.

Just got the info from my support partner, that the issue has been analyzed by PA and will be fixed in Version 10.2.3, release date is planed for next month.

L2 Linker

@PaulMarroquin my system is not in FIPS mode.  I did get "confirmation" from the Palo Alto tech as well that it is a glitch and it will be fixed in the next version (whether it was actually confirmation or just took this thread at it's word I'm not sure)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!