Traps Agent Shows As Unauthorized in TMS
12079
Created On 10/14/19 16:26 PM - Last Modified 06/17/23 00:25 AM
Objective
After Traps agent is installed the agent fails to connect to assigned Traps Management Service and appears as Unauthorized
The following errors can be found in Traps agent logs:
<TimeStamp>
xxxxxxxxx [5036:3440 ] {trapsd:Infrastructure :https://ch-xxxxxxxx.traps.paloaltonetworks.com/operations/provision/register:} <Info> HTTP status: 401, reason: Unauthorized<TimeStamp>
xxxxxxxxx [5036:3440 ] {trapsd:Infrastructure :https://ch-xxxxxxxx-.traps.paloaltonetworks.com/operations/provision/register:} <Info> HTTP response body:{ "error" : "failed to authenticate"}<TimeStamp>
xxxxxxxxx [5036:3440 ] {trapsd:Communication } <Notice> Request was unauthorized.<TimeStamp>
xxxxxxxxx [5036:3440 ] {trapsd:Communication } <Info> Disconnecting from TMS until the distribution id is changedEnvironment
6.0.1 and above
Windows OS
Procedure
- On the affected machine: Open CMD as Admin
- Navigate to C:\Program Files\Palo Alto Networks\Traps
- run the command: 'cytool reconnect force <DISTRIBUTION_ID_HERE>' with a valid Distribution ID.
- followed by the command: 'cytool reconnect' again to clear the DisconnectForGood flag.
To obtain a valid Distribution ID:
- Locate a node with same agent version installed that is successfully communicating with your TMS
- Open CMD as Admin
- Navigate to C:\Program Files\Palo Alto Networks\Traps
- run the command: cytool persist print cloud_frontend.db
- Enter your Traps Uninstall Password
- You should see the following output:
persistence::DB: C:\ProgramData\Cyvera\LocalSystem\Persistence\\cloud_frontend.db: Open
persistence::DB: C:\ProgramData\Cyvera\LocalSystem\Persistence\\cloud_frontend.db: Open: IO error: C:\ProgramData\Cyvera\LocalSystem\Persistence\\cloud_frontend.db\LOCK: Could not lock file.
settings,
Communication settings:
Forced disconnection: false
Distribution ID: <ID String>
- Copy the <ID String> and paste it to the cytool reconnect force command above