Error message "All of Disks Unlock failure! Please select action" is seen after system drive is replaced on PA-5400 fixed series Firewall.
1189
Created On 03/10/25 06:29 AM - Last Modified 04/16/25 07:11 AM
Symptom
- System drive on PA-5400 fixed series firewall is replaced using "PAN-PA-5400-SSD-FIX-480G-PAIR".
- After this, the firewall fails to boot.
- Error message "All of Disks Unlock failure! Please select action" is seen on the console.
- This symptom is observed even when the steps mentioned in Replace a System Drive in a PA-5400 Series Firewall is correctly followed.
Environment
- PA-5410 / PA-5420 / PA-5430 / PA-5440
- PAN-PA-5400-SSD-FIX-480G-PAIR
- PAN-OS : 10.2 / 11.0 / 11.1 / 11.2
- System Drive
Cause
- The issue is due to TPM Lockout.
- This can be observed on the console output after rebooting using "Reset the system" on "All of Disks Unlock failure! Please select action" screen.
- This message indicates same status as described in Firewall failing to boot due to TPM Lockout - too many consecutive ungraceful shutdowns
| Otherwise, stop booting... [WARNING] The TPM Lockout counter reached to full!!! Stop booting for waiting TPM LOCKOUT reduce counter, it would take two hours... .............................................................................. |
Resolution
- The resolution is same as Firewall failing to boot due to TPM Lockout - too many consecutive ungraceful shutdowns.
- An RMA is not required.
- To recover the device from this TPM Lockout state, leave the device powered on, up and running uninterrupted for at least 2 hours, regardless of the status on the serial/console CLI.
- Note: For every 2 hours that elapses, the TPM_PT_LOCKOUT_COUNTER will decrease by 1.
- It is recommended to leave the device powered up over 4 hours.
- Wait as many hours as is needed to let this counter reduce to 31 or lower (do not attempt to interact with, unplug, reboot, or hard shutdown the device during this waiting time).
- Once enough hours have passed for the counter to reach 31 or lower, boot the device by selecting "Reset the system" on "All of Disks Unlock failure! Please select action" screen.
Additional Information
- If the device is automatically restarted on "All of Disks Unlock failure! Please select action" screen, please select "Enter to Front Page" and leave the device powered up over 2 hours.
- Then, select "Continue" to boot the device.
Note:
When the PAN-PA-5400-SSD-FIX-480G-PAIR has the software version that is affected to PAN-238592 and "All of Disks Unlock failure! Please select action” screen is observed after the system drive is replaced to the PAN-PA-5400-SSD-FIX-480G-PAIR, there is no workaround or resolution as TPM Lockout counter doesn’t decrease due to PAN-238592. Hence, the PAN-PA-5400-SSD-FIX-480G-PAIR should be RMA.