PA-VM Failed to fetch Licenses

PA-VM Failed to fetch Licenses

Created On 03/12/20 14:54 PM - Last Modified 04/04/20 00:16 AM

  • VM-Auth Code is registered on Palo Alto Networks Support Portal but firewall is unable to fetch licenses. While attempting to license the firewall under Device > Licenses and selecting option “Retrieve Licenses from Server” or “Activate Feature During Auth-Code” it prompts either “Generic Communication Error” or “Failed to Fetch License”
System Logs:
general 0  Connection to Update server closed:, source:
  • Review System Logs to identify any failure events. System Logs:
  • Access firewall CLI via ssh and try to ping update server from management interface
> ping host
PING ( 56(84) bytes of data.
64 bytes from : icmp_seq=1 ttl=57 time=1.07 ms
64 bytes from : icmp_seq=2 ttl=57 time=1.13 ms
64 bytes from : icmp_seq=3 ttl=57 time=1.11 ms
  • If the IP address is not resolved. Review DNS settings under WebUI > Device > Setup > Services. DNS can be configured with one of the following options:
1. Servers - Configure the Primary DNS Server address and Secondary DNS Server address.
2. DNS Proxy Object - From the drop-down, select the DNS Proxy that you want to use to configure global DNS services, or click DNS Proxy to configure a new DNS proxy object.
  • If IP resolves but ping is unsuccessful, perform network troubleshooting to test the connectivity from management interface to Internet

  • Platform: PA-VM
  • PAN-OS / Plugin Version: Any
  • Deployment: New

  • Missing DNS configuration on PA-VM
  • Private IP configured on management interface is not associated with a Public IP on the underlying Public Cloud Platform

  • Add DNS configuration under WebUI > Device > Setup > Services
  • Ensure management interface has reachability to the internet.
  • Alternatively, Service Routes can be configured to use one of the dataplane interfaces for DNS

  • Print
  • Copy Link