GCP VM serial number issue after upgrading from 8.1 to 9.0.x

GCP VM serial number issue after upgrading from 8.1 to 9.0.x

4474
Created On 03/18/20 18:42 PM - Last Modified 04/03/20 23:54 PM


Symptom


  • GCP VM serial number issue after upgrading from 8.1 to 9.0.x with vm-serise plugin 1.0.4
  • Review MS Logs 
less mp-log ms.log | grep license
2019-08-02 22:34:16.609 -0700 sysd license file changed
2019-08-02 22:34:16.645 -0700 pan_cfg_mgr_set_gp_license_conditions is called
2019-08-02 22:34:22.850 -0700 logfwd status: failed to execute cmd /usr/bin/python2.7 /usr/local/bin/lcaas_license_info.py.
2019-08-03 04:02:44.825 -0700 Error:  pan_cfg_mgr_do_license_check(pan_cfg_license.c:1208): Failed to delete temporary wget rc file /tmp/pan/.wgetrc
2019-08-05 22:23:37.390 -0700 Error:  pan_lcaas_status_handler(pan_ops_common_log_forwarding.c:547): lcaas status: fetch sdb object cfg.lcaas-license failed.

Environment


  • Platform: PAN-OS
  • Deployment: VM-Series

Cause


  • op command solution does not work because our plugin API currently does not support unset/reset sdb node operation. 

Resolution


  • Work around to this issue is as below:
    • Manually upgrade to plugin 1.0.8 and reboot
or
    • This work around requires TAC engineer getting root access to firewall and setting an sdb variable and rebooting the VM to regain Serial number.
      • a. TAC root access to the system
      • b. run "sdb cfg.platform.serial=None" in the root
      • c. Reboot the box
  • Another alternative would be deploying new PA-VM's using the GCE public image for PAN-OS 9.0.1
GCPshell> gcloud compute images list --project paloaltonetworksgcp-public --no-standard-images
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP9VCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail