Commit fails with Error: application 'ntp-base' not found

Commit fails with Error: application 'ntp-base' not found

55469
Created On 10/30/22 01:44 AM - Last Modified 01/20/23 20:55 PM


Symptom


When trying to commit the configuration, it fails with Error: application 'ntp-base' not found

Screenshot_7.png

Environment


  • Palo Alto Firewalls or Panorama
  • Supported PAN-OS.
  • Content updates.

Cause


The latest content versions are downloaded but not installed. After that, content-preview with a dependence reference to ntp-base are added to the candidate configuration automatically by design as part of the content control feature. However, ntp-base is unknow to the current old content version installed. 


 

Resolution


  1. Resolution 1: This issue is caused by the candidate configuration change added automatically after downloading latest content update. This can be simply resolved by reverting the configuration change. From GUI, select Device > Setup > Operations > Revert to running configuration.
  2. Resolution 2:  Download and install the latest Application and Threats content version
  • From CLI:
 > request content upgrade download latest
 > request content upgrade install force yes version latest
 > configure
 # commit force
  • From GUI:

Device > Dynamic Updates > (click on check now) > click Download, then (once download finishes) click Install  

  1. Resolution 3:  If it's unable to install the latest content versions (Auto commit fails)
  • Remove the NTP application from the security policies and perform commit force from CLI.
-or-
  • Check if the NTP application was used in any of the security rules ().
  • Create a custom application "NTP-base" and add in the security policies along with NTP, perform commit/commit force.

Note : For new device, make sure the device has correct time zone setting, and NTP server is set up there.

Additional Information


If Application and Threats Update Schedule (Device > Dynamic Updates > Schedule: beside Application and Threats row) is enabled with action "download-only", it may cause this issue and similar issues in future. Because the installed content version will be very old without installing the latest content versions regularly. If the latest content update has a reference of an application which is not included within the old installed content version, the scheduled download-only update will cause the similar issue again. Here are the suggested practice options:-
  • Select "download-and-install" action whenever it's applicable.
  • Select "None" action to disable Application and Threats Update Schedule, and install latest content update manually and regularly.
  • If "download-only" action is selected, install the downloaded content update manually after each scheduled  download.
Refer the following documents for Dynamic Updates Schedule:-

Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEt8CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language