10-19-2018 07:57 AM
I've got a couple of support tickets open on my issues just seeing if anyone has any suggestions/ideas as Support I wait for support to help me out.
Configuration: 2x PA-5220's in HA (Active-Passive)
Code: 8.0.11-h1 (Moving to 8.0.12 per PA recommendation)
Initial Issue: Started having Commit failures on our Primary PAN.
After some troubleshooting with TAC they suggested we fail over to the Passive PAN and try commits and then do a firmware upgrade. This morning we were able to fail over, and tested commits on the Passive (now active) firewall. The commits worked fine. Great news.
Time to do a firmware updates... Started with the Primary firewall. Suspended it before doing the install. Everything looks great, downloaded new firmware and go through the install process. After doing a reboot I log back in and notice that the firewall seems to be in a little bit of a funky state. For example, my AD credentials are not working. Log in with local admin credentials and take a look at the jobs. Per the Upgrade KB, the "Auto Commit" job should complete but this job is failing.
Because its in a funky state I dont feel comfortable doing the upgrade on the Secondary firewall (now active). HA is down and everyone is now a little concerned because we're also only running on one PAN. What's interesting is before our HA broke, we could make a change on the Passive, run a commit and it would synchnonize.
Anyone run into similar issues? Ideas? Fixes?
On a side note, less than happy with Support. I opened a second Critical ticket because of the upgrade failure as we are now in a worse state than before (no HA) because of their recommendation to do the firmware upgrade. We told them our reservations of doing a firmware upgrade because during troubleshooting there seemed to be database errors related to commits. And despite being critical (to us) they want to wait to "confer" with the original engineer. Only thing is he doesnt start work for another ~4 hours. smh
