Dynamic Update Fails with Image File Authentication Error Message

Dynamic Update Fails with Image File Authentication Error Message

86192
Created On 09/25/18 19:38 PM - Last Modified 03/15/19 14:38 PM


Symptom

Issue

Dynamic Updates fail with the following error message: "content update failed with the following messages: Image File Authentication Error Failed to extract rpm file /opt/pancfg/mgmt/content-images/tmp/panupv2-all-contents-313-1422.tgz".

 

Manually installing the update package will also result in the same error.



Resolution

 

 

Resolution

There are 3 different ways to resolve this issue. 

 

Solution 1 - Change update server

If you are using staticupdates.paloaltonetworks.com and running on PAN-OS 7.1.7, you need to change your update server

Inside of the WebGUI, Device > Setup > Services, change the update server from staticupdates.paloaltonetworks.com to updates.paloaltonetworks.com as a workaround.


Note:  Please be sure to ensure that you are not limiting the device via a security rule to access just the IP address of staticupdates.paloaltonetworks.com - 199.167.52.15 (to be used for connectivity troubleshooting only), If so, you will have to adjust to the new IP/URL:

updates.paloaltonetworks.com - 199.167.52.141 , commit and test.

2017-02-06_Update server.pngDevice > Setup > Services window showing the update server details.

 

Solution 2 - Remove updates and redownload them

Removing all the content updates and re-downloading them can also solve this issue.

You can perform this step via the WebGUI inside Device > Dynamic Updates 

Delete the updates through the GUI and see if you can run a "check now" and that it downloads the new update.  Then perform the commit and see if it completes without errors.

2017-02-06_delete update.pngDevice > Dynamic Update screen showing how to delete an update.

Via the CLI, please try deleting the content package with the below command and re-download and commit:

 

admin@myNGFW> delete content update 
  <value>  Filename

 

Solution 3 - Reinstall OS

As a last step, if the 2 other solutions do not help, then you can reinstall PAN-OS on the device.

To reinstall PAN-OS, follow the steps below:

  1. Backup the current configuration.
    Refer to Step 1 in the following document: How to Save an Entire Configuration for Import into Another Palo Alto Networks Device
  2. Reinstall the software, go to Device > Software and choose the desired PAN-OS version, and click Reinstall under Action:
    reinstall software.png
  3. Reboot the device.
  4. Check and Install latest Dynamic Update.

 

owner: rkalugdan 

 

P.S. Thanks for the contribution to this article. it helps us all.

- Live Community Team

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbBCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language