错误消息“无法获取设备证书”

错误消息“无法获取设备证书”

85635
Created On 03/24/22 19:37 PM - Last Modified 03/02/23 05:54 AM


Symptom


  • 当尝试按照以下步骤操作时安装设备证书证书获取失败。
  • 系统日志显示错误消息“无法获取设备证书”
 critical general general 0 Failed to fetch device certificate.
  • CLI命令显示设备证书状态显示类似的错误
Device Certificate information:
Last fetched timestamp: xx/xx/xx xx:xx:xx
Last fetched status: failure
Last fetched info: Failed to fetch device certificate.
Failed to send request to CSP server.
Error: Operation timed out after 60000 milliseconds with 0 bytes received
  • 通过生成重试OTP再次,但问题仍然存在。
笔记: 安全规则允许申请” paloalto 共享服务”。

Environment


  • PA-3250
  • PAN-OS 10.0.7
  • 配置的默认服务路由
  • MTU 设置为默认值 1500

Cause


管理界面MTU大小正在影响与CSP服务器。

Resolution


  1. 降低管理界面MTU大小低于配置的默认值(例如设置MTU到 1374)。 参考MTU在管理界面
  2. 证书应该由Firewall在这个变化之后。
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NlxCAE&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language