Commit failure with error "panorama-server unexpected here"
5490
Created On 07/16/22 04:19 AM - Last Modified 10/04/23 03:02 AM
Symptom
- Commit fails on Panorama or Firewall with error:
deviceconfig -> system -> panorama-server unexpected here
deviceconfig -> system is invalid
Environment
- Palo Alto Firewalls or Panorama
- PAN-OS 9.1 or above
- Commit failure
Cause
Syntax error in the XML configuration file.
Resolution
Solution1:
- If the Firewall is in High Availabilty Active/Passive configuration, and the peer configuration is correct, then use the procedure documented in this KB article
- Check for the unexpected syntax in the XML configuration file using FW's CLI.
FW > set cli config-output format set
FW > configure
FW # show deviceconfig system
Once the output is displayed, check on the panorama-server configuration. In this example there is unexpected CLI syntax, which can be deleted
set deviceconfig system panorama local-panorama panorama-server 10.10.10.1
set deviceconfig system panorama local-panorama panorama-server-2 10.10.10.2
set deviceconfig system panorama-server 10.10.10.1 >>> unexpected syntax.
set deviceconfig system panorama-server-2 10.10.10.2 >>> unexpected syntax.
- Copy the output of the "show deviceconfig system" to notepad, and remove the unexpected syntax in notepad.
- Delete the "deviceconfig system" configuration by typing "delete deviceconfig system"
Note: Do not "commit" the changes yet!
- Re-configure all the deviceconfig system settings back (using the information in the notepad, copy and paste it).
- Double check using "show deviceconfig system" to ensure we have reconfigured all the deviceconfig system settings back.
- Commit the changes in the Firewall.