configd crash on Panorama

• Panorama is responding slow and Configd crash during commit operation.
• Configd process utilizing high memory (show system resources | match config)

• Panorama with Managed Firewalls
• PAN-OS 9.1 and above

• Incorrect configuration, Firewalls are configured to connect to Panorama while Panorama side is not configured to acknowledge and connect.
• This can be observed in the configd logs (less mp-log configd.log)  of Panorama which report the following errors.

Error: pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:4858): This device or log collector or wf appliance (devid <serial number>) is not managed 
Error: pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:4858): This device or log collector or wf appliance (devid ..) is not managed 
Error: pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:4858): This device or log collector or wf appliance (devid unknown) is not managed 
Error: pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:4858): This device or log collector or wf appliance (devid <serial no>) is not managed

• The messages display devices constantly trying to connect with Panorama .
• The constant attempts, can lead to increase in memory utilization of configd over time followed by crash.

1. The firewalls sending the registrations can be identified in the configd logs. From the  Error: pan_cfg_handle_mgt_reg (…), note down the serial numbers
2. Fix the incorrect configurations by either adding these firewalls to Panorama or Remove the Panorama IP on Firewalls.
3. This will fix the constant reconnect issue and helps in reducing the memory utilization of configd process.