Device telemetry error "Failed to send: file" caused by "Client Certificate issue"

• Device telemetry is enabled on Firewall.

  critical device- send-fa 0 Failed to send: file 'PA_00xxxxxx9_dt_10.1.10_20230926_0030_1-hr-interval_HOUR.tgz

• device_telemetry_send.log (less mp-log device_telemetry_send.log) display sending failure as shown below:

  2023-11-19 15:20:04,003 dt_send INFO TX FILE: send_file_cmd: /usr/local/bin/dt_curl -i br-prd1.us.cdl.paloaltonetworks.com -f /opt/panlogs/tmp/device_telemetry/hour/PA_021201060250_dt_10.1.9_20231119_0930_1-hr-interval_HOUR.tgz
  2023-11-19 15:20:05,226 dt_send INFO TX FILE: curl cmd status: 27, 27; err msg: 'Client Certificate issue'
  2023-11-19 15:20:05,230 dt_send INFO update send failed count: resend_count: 40, update_count = 41
  2023-11-19 15:20:05,234 dt_send INFO update_tx_failed_count: failed send: new tx intvl: reset intvl resend-failed-count to 1

• Alternatively, you can run command "grep mp-log device_telemetry_send.log pattern Certificate" to view the certificate error:

  admin@palo-alto-firewall(active)> grep mp-log device_telemetry_send.log pattern Certificate 
  2023-11-19 15:20:05,226 dt_send INFO TX FILE: curl cmd status: 27, 27; err msg: 'Client Certificate issue'

• Device telemetry setting shows device certificate is valid:

  > show device-telemetry settings
  Device Telemetry Settings:
      device-health-performance: yes
      product-usage: yes
      threat-prevention: yes
      region: Americas
      status: Device Certificate is valid 

• However device telemetry stats shows the is a Client Certificate Issue:

  > show device-telemetry stats all
  Device Telemetry Statistics:
      device-health-performance: 
          last-attempt: Mon Nov 20 07:30:05 UTC 2023
          last-success: Sun Nov 19 04:30:13 UTC 2023
          num-of-failed-attempts: 106
          reason: Client Certificate issue
          status: failed
      product-usage: 
          last-attempt: Mon Nov 20 07:30:05 UTC 2023
          last-success: Sun Nov 19 04:30:13 UTC 2023
          num-of-failed-attempts: 106
          reason: Client Certificate issue
          status: failed
      threat-prevention: 
          last-attempt: Mon Nov 20 07:30:05 UTC 2023
          last-success: Sun Nov 19 04:30:13 UTC 2023
          num-of-failed-attempts: 106
          reason: Client Certificate issue
          status: failed

  
   

• Palo Alto Firewall
• PAN-OS 10.1 or above
• Device Telemetry

1. Fetch the client certificate

 > request certificate fetch

2. Once the device certificate was fetched, please run the same CLI command to show the telemetry statistics once again.

> show device-telemetry stats all

Device Telemetry failed to send file with error: Failed to send: file 'PA_XXXXXXXX-hr-interval_HOUR.tgz seen on system logs

Device Telemetry fails with the error - "Failed to send: file" seen in the System Logs