Panorama only shows "fed" in region when configuring CIE settings even though tenant does not belong to FEDRAMP.

Panorama only shows "fed" in region when configuring CIE settings even though tenant does not belong to FEDRAMP.

1397
Created On 08/16/24 07:24 AM - Last Modified 11/17/25 20:55 PM


Symptom


  • "dscd.log" shows that Panorama referred to an incorrect DSS URL "app-registry-service.fed.apps.paloaltonetworks.us".
{"level":"info","time":"2024-08-07T11:51:07.395399736+09:00","message":"[CFG-DATA] DSS URL app-registry-service.fed.apps.paloaltonetworks.us--https://app-registry-service.fed.apps.paloaltonetworks.us/apps/directory_sync?fields=regions"}
  • "app-registry-service.fed.apps.paloaltonetworks.us" is configured as cfg.dscd.url.
> show system state filter cfg.dscd.url

cfg.dscd.url: app-registry-service.fed.apps.paloaltonetworks.us

Environment


  • Panorama Managed Prisma Access
  • Cloud Identify Engine
  • Panorama

Cause


Panorama referred to an incorrect DSS URL "app-registry-service.fed.apps.paloaltonetworks.us".

Resolution


  • Update sdb cfg.dscd.url from "app-registry-service.fed.apps.paloaltonetworks.us" to "app-registry.appsvc.paloaltonetworks.com".
    • In order to update sdb variables, we need root access, which can be performed by TAC only.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Tp6BCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language