: Triage Commit Issues on Panorama
Focus
Focus

Triage Commit Issues on Panorama

Table of Contents
End-of-Life (EoL)

Triage Commit Issues on Panorama

Triage commit issues on the Panorama™ management server to identify the reason your commit failed.
Where Can I Use This?What Do I Need?
  • Panorama
  • Device Management license
  • Support license
Triage commit issues on the Panorama management server to identify the reason why your commit failed.
  1. Review the PAN-OS Release Notes to identify any limitations, changes to default behavior, or known issues that may cause your commits to fail.
  2. Review the Panorama Task Manager.
    1. Select Tasks.
    2. Locate the commit operation and make note of the Job ID, and Start Time.
      In the Type column, click Commit to view the job details.
    3. Review the Validation Errors to understand what is causing the commit to fail. This will help you understand if the commit is failing on Panorama or on the firewall.
  3. Review the PAN-OS processes and process logs.
    1. Enable debug logs on Panorama for more verbose log output
      admin> debug management-server
    2. Review the management processes to see if any are in a degraded State.
      This tells you which management process logs are impacting the commit failure. This is denoted in the Progress column by an asterisk (*). The Client column displays the various management process related to a configuration commit.
      If this is showing no issues, then the commit failure is likely happening on the firewall. If that is the case, you will need to enter this command on the firewall CLI.
      admin> show management-clients
    3. Review the Panorama log file to check for failures.
      In the below command, enter the Client experiencing issues.
      admin> less mp-log <client>.log
      Use the Start Time to locate the error causing the commit to fail. the reason the commit failed is indicated by Commit Failed.
    4. Log in to the firewall CLI and review the device server processes.
      admin> less mp-log devsrvr.log
      This command also provides additional information about where the failure in the configuration commit process on the firewall. This will also show if External Dynamic Lists (EDL) are consuming too much device memory.