Commit Fail with Error: 'Number of vsys-custom-url-category exceeds max ID limit (14000)'

Details:
ID population failed
Error: Error populating vsys-custom-url-category id for '[vsys-name]'
Error: Number of vsys-custom-url-category exceeds max ID limit (14000)

• Palo Alto 5200 Series Firewall.
• PAN-OS 10.1.5
• Custom URL Category.

1. When pushing from the Panorama, try to create the custom URL categories under specific device groups for the intended Vsys.
2. If created under the shared location, a duplicate of the custom URL category is then created on all the Vsys on the firewall, when pushed from the Panorama, consuming platform limit.
3. Verify the amount of created custom URL categories on the firewall is not reaching the maximum platform capacity
4. To do this, navigate to Objects -> Custom Object -> URL Category and sum the amount across all of the virtual systems (vsys)
5. When cleaning up the configuration on the firewall, some entries can get stuck in the id-manager and occupy the platform capacity unnecessarily
6. From CLI, you can verify those offending entries running the command below

   >debug device-server dump idmgr type vsys-custom-url-category all 

7. If any entries observed in the id-manager have already been removed, proceed to restart it:
   

   >debug device-server reset id-manager type vsys-custom-url-category 

8. Id-manager will free up the stale entries and the next configuration commit should succeed

Note: Maximum Custom URL Categories is set to 2,849 per Firewall.

• IDs for custom URL categories are generated from the value 11151 up to 14000
• Hence the error: Number of vsys-custom-url-category exceeds max ID limit (14000)
• The actual capacity of custom URL categories is 14000-11151= 2849 (per firewall)