having the same issues here. we have 22 pa-220's sending to cortex data late and iot security(zingbox) using 9.1.6 and this has been an abysmal experience to say the least. had a tac case open. after fighting with it for almost a month, they finally went into root and reset the custid from there, then relicense the firewall, then delete/re-add the certificate. seems that doing the last two steps without tac resetting the custid doesn't always help as the cert won't pull in. I just brought up another box and it's having the same issue as a lot of the other ones I had. Beware, this is not a seemless setup, very cumbersome and quite frankly makes me hate palo a little bit for their poor implementation of this. I'm opening up yet another case to get this one fixed.
... View more