Managed log collector unable to connect to Panorama

• Panorama 
• Managed log collector 
• PANOS 10.1 and above

• This issue is because the Auth key is not set on the log collector.
• When auth key is not set, SSL negotiation (secure communication between Panorama and Log Collector) will fail as shown below (logs of log collector)

admin@LC> tail follow yes mp-log ms.log 

-0400 Error:  cs_load_certs_ex(cs_common.c:544): keyfile not exists
-0400 Error:  pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:1347): cms agent: cs_load_certs_ex failed
-0400 Warning:  pan_cmsa_tcp_channel_setup(src_panos/cms_agent.c:1484): client will not use SNI

1. Create auth key for log collector on Panorama under Panorama > Device Registration Auth Key > Add 

2. When you click "OK" authkey is displayed, Copy the auth key and paste it in following command on Log Collector  

>request authkey set < auth key from Panorama>

3. Issue following commands on LC to commit the changes 

 >configure
 #commit force

4. The log collector logs (less mp-log ms.log) now display the connection got established. 

-0400 SC3A: **SC3 validity checked
-0400 panorama agent: ssl channel established. sock=18 ssl=0x564a8c2e2000
-0400 Device info set to panorama
-0400 connmgr: inter-logger conn: Setting connections (017507004655), # of lc's = 1 
and ip address , connection status etc should show as connected. 

5.  Add the logs disk to log collector under  Panorama > Manager Collectors > and click OK
6.  Add the log collector serial number to Collector Groups under Panorama > Collector Groups > and click OK.
7. commit and push the changes to collector groups.
8. The log collector status is now seen "In sync" and "connected".

If the issue persists, then one may need to reset the sc3 on LC and re-add the auth key. Refer to How to Reset Communication between Firewall and Panorama