Firewall is unable to connect to Panorama with "Error: cs_load

Firewall is unable to connect to Panorama with "Error: cs_load_certs" in ms.log

15173

Created On 02/18/20 07:34 AM - Last Modified 05/28/20 17:16 PM

M-100 Appliance

M-200 Appliance

M-500 Appliance

M-600 Appliance

Device Management

8.1

7.1

PAN-OS

Panorama

Symptom

Firewall is unable to connect to panorama with "Error: cs_load_certs" messages in ms.log

> less mp-log ms.log
.......
....Error: cs_load_certs(cs_common.c:179): CMS agent: Can not read key file: /opt/pancfg/mgmt/cms/ssl/client2.pem
......

Environment

The issue was confirmed in the environment below:

Firewall with PAN-OS 7.1.22
Panorama with PAN-OS 8.1.11

Cause

The certificate used on the problematic Firewall for connection to Panorama is not readable.

Resolution

Please open a support case with Palo Alto Networks when the symptoms match.
The Support engineer will arrange a live debug session and apply a workaround to the environment.

Firewall is unable to connect to Panorama with "Error: cs_load_certs" in ms.log

Symptom

Environment

Cause

Resolution

Other users also viewed: