This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Service Connection Error on Primary Panorama Configuration not in Sync

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Service Connection Error on Primary Panorama Configuration not in Sync

chrissmithgt
L1 Bithead

‎08-21-2019 06:54 AM - edited ‎08-21-2019 07:16 AM

I am getting this error on the service connection and do not see away to sync the configuration. I have tried to commit also commit and push there is nothing to commit. How do you sync the configuration with the cloud service? I have failed over to the HA and nothing changes. Suggestions.

 

Chris SmithScreen Shot 2019-08-21 at 10.14.56 AM.png

1 person had this problem.
0 Likes Likes
14 REPLIES 14

Sai_Tumuluri
L4 Transporter

‎08-21-2019 09:52 AM - edited ‎08-21-2019 09:53 AM

@chrissmithgt 

 

You can check commit error reason using the following document and let me the error reason

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/Verify-Commit-Failure-Reason-on-Prisma-A...

 

more references

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/Prisma-Access-Useful-Resources/ta-p/2824...


~ Sai Srivastava Tumuluri ~
0 Likes Likes

chrissmithgt
L1 Bithead
In response to Sai_Tumuluri

‎08-21-2019 10:01 AM

Looks like we might be hitting a bug. These are my primary and secondary panoramas and I am not seeing the prisma information any more. I have run the panorama debug url and cleared preferences and nothing is changing.

 

 

 

Screen Shot 2019-08-21 at 12.58.09 PM.pngScreen Shot 2019-08-21 at 12.58.01 PM.png

0 Likes Likes

Sai_Tumuluri
L4 Transporter
In response to chrissmithgt

‎08-21-2019 10:03 AM

@chrissmithgt  Try logging out and logging in

if it does not fix it, try the steps in the following link to reauthenticate Panorama to Prisma Access

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/Panorama-Connectivity-Issues-to-Prisma-O...


~ Sai Srivastava Tumuluri ~
0 Likes Likes

chrissmithgt
L1 Bithead
In response to Sai_Tumuluri

‎08-21-2019 12:02 PM

Still showing out of sync. 

 

Screen Shot 2019-08-21 at 2.59.11 PM.png

 

Shows vaildation error but no information to check 

 

Screen Shot 2019-08-21 at 3.00.48 PM.png

0 Likes Likes

Sai_Tumuluri
L4 Transporter
In response to chrissmithgt

‎08-21-2019 12:44 PM

Click on "Validation errors" to see commit error

 

You can check commit error reason using the following document and let me the error reason

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/Verify-Commit-Failure-Reason-on-Prisma-A...

 

more references

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/Prisma-Access-Useful-Resources/ta-p/2824...


~ Sai Srivastava Tumuluri ~
0 Likes Likes

Sai_Tumuluri
L4 Transporter
In response to Sai_Tumuluri

‎08-22-2019 06:52 AM

is the issue solved?


~ Sai Srivastava Tumuluri ~
0 Likes Likes

chrissmithgt
L1 Bithead
In response to Sai_Tumuluri

‎08-22-2019 07:16 AM

This issue has not been resolved. It still indicates out of sync with no evident way to sync the connection. Shows a vaildation error but no hyper link to give an explination.

 

Screen Shot 2019-08-22 at 10.04.23 AM.pngScreen Shot 2019-08-22 at 10.05.43 AM.png

0 Likes Likes

Sai_Tumuluri
L4 Transporter
In response to chrissmithgt

‎08-22-2019 08:00 AM - edited ‎08-22-2019 08:23 AM

@chrissmithgt 

 

In general clicking, the "Validation error" should show the error. One of the common reason is ike gateway config. If the following link does not help, I would recommend a TAC Case

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/IKE-Gateway-Commit-Failure-Peer-Gateway-...

 


~ Sai Srivastava Tumuluri ~

chrissmithgt
L1 Bithead
In response to Sai_Tumuluri

‎08-22-2019 08:11 AM

I have a TAC case open. 

0 Likes Likes

Sai_Tumuluri
L4 Transporter
In response to chrissmithgt

‎08-26-2019 09:22 AM

@chrissmithgt  did we get the root cause from tac case?


~ Sai Srivastava Tumuluri ~
0 Likes Likes

Sai_Tumuluri
L4 Transporter
In response to chrissmithgt

‎08-26-2019 10:06 AM

was rca identified ?


~ Sai Srivastava Tumuluri ~
0 Likes Likes

chrissmithgt
L1 Bithead
In response to Sai_Tumuluri

‎08-26-2019 11:32 AM

No TAC is still looking into the situation. It is still out of sync with no way to sync. There is no hyper link to click on to indicate what is not working. Hopefully, TAC can sync back up with me to finish troubleshooting this issue. The engineer had to jump off my call on Friday. He had a hard stop at 3pm. So I am waitining on him or someone else to contact me to try somemore troubleshootng efforts.

0 Likes Likes

UmarKhan
L2 Linker

‎08-15-2022 07:26 PM

Was this resolved? IF SO WHAT WAS THE FIX?

0 Likes Likes

OscarAlvarez
L0 Member

‎10-12-2022 11:51 AM - edited ‎10-12-2022 11:57 AM

Hi There,

 

For future references, here is the information for the issue in question.

 

Symptom
Panorama > Cloud services > Status shows the service connection config status as  error and in red color.
The message on the error is displayed as "Configuration is not in sync" and a Job ID.
There is no impact observed on the service connection functionality.
 
 
Cause
This error message indicates that the configuration in the service connection template or shared configuration has been changed.
A panorama local commit has been done afterwards. 
A push was done to other components like Mobile users or remote networks but not to the service connection.
This does not necessarily indicate a problem but the denotes that some part of configuration was changed and a push has not been done to the service connection, hence config mismatch. 
The existing configuration sent to the service connection infrastructure continues to work as it is.
This can further be validated by hovering the mouse over the Config status for other services like Mobile users.
The Job ID will be different for the ones showing OK compared to the service connection status which will show older Job ID.

 

Resolution.
  1. Perform a minor or dummy change in the shared configuration like an object change.
  2. Perform a local panorama commit & Push to the Prisma Access and select service setup as well in the Prisma Access tab.
  3. This selection is to be under Push window > Edit selection > Push Scope selection > Prisms Access.
  4. Once a commit is sent to the Prisma Access (including service setup), the status will first change to "Commit in Progress" and then "OK" if the commit is successful.

     

    Additional Information
    This is expected behaviour and not an error or problem. 
    Even if the change is in Shared config which does not apply to the service connection, Commit & Push should be done to all the nodes to avoid this status change.
    Alternatively, ignore the config status error since this would be expected when changes are made in shared config and push is not done to the service connection.

     

    Regards,

     

    Oscar Alvarez | Palo Alto Networks Technical Support

0 Likes Likes
  • 19385 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks