Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
A/P High Availability not syncing - ssl vpn cert file - process... - Knowledge Base - Palo Alto Networks

A/P High Availability not syncing - ssl vpn cert file - processing failed

29401
Created On 09/25/18 19:52 PM - Last Modified 06/06/23 02:36 AM


Resolution


Symptom

HA-Sync job on HA peer fails, details on the job id reveal an error similar to the one below:

 

Inside of the CLI:

admin@firewall(passive)> show jobs id <job id>

 

Enqueued ID Type Status Result Completed

--------------------------------------------------------------------------

2015/06/06 19:09:47 9 HA-Sync FIN FAIL 19:09:52

 

Warnings:

Details:ssl vpn cert file (GlobalProtect) processing failed

(Module: rasmgr)

global-protect-gateway tunnel interface (tunnel.1) in vsys (vsys1) parsing failed

(Module: rasmgr)

Commit failed

 

Cause

In this example, the GlobalProtect certificate is selected to also be the WebGUI certificate.

 

To verify this, go inside of the WebGUI, Device > Certificate Management > Certificates and click on the certificate name (GlobalProtect in this example), and you will see that "Certificate for Secure Web GUI" is selected.

Screen Shot 2015-01-28 at 11.30.02 AM.png

 

Solution

To resolve this error, remove the check for "Certificate for Secure Web GUI" from the GlobalProtect Certificate, then Commit the changes.

The HA will now Sync properly.

 

Screen Shot 2015-01-28 at 11.30.12 AM.png

 

If you need to use a SSL certificate for the WebGUI(Secure Web GUI), you will need to create and use a separate certificate for the WebGUI.

 

owner: mivaldi

 
Other users also viewed:
Updating results
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgSCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language