"Warning: No Valid DNS Security License" Repeated Message During Commit

"Warning: No Valid DNS Security License" Repeated Message During Commit

27180
Created On 07/31/21 00:55 AM - Last Modified 04/23/24 03:24 AM


Symptom


There are duplicate warning msg complaining "No Valid DNS Security License" when doing commit.
 
Screenshot of Web Gui showing multiple duplicate warning errors

When checking ms.log the following will be shown (sample log errors) 
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 20:57:12 Warning: No Valid DNS Security License
ms.log 2021-06-21 21:01:56 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 21:01:56 Warning: No Valid DNS Security License
mp ms.log 2021-06-21 21:01:56 (Module: device)
mp ms.log 2021-06-21 21:01:56 2021-06-21 21:01:56.833 -0400 client device reported Phase 1 was SUCCESSFUL
mp ms.log 2021-06-21 21:01:58 2021-06-21 21:01:58.973 -0400 Error: pan_commit_app_warn_load_file_to_db(pan_cfg_commit_warn.c:2280): failed to update appwarn db: no such table: warncount
mp ms.log 2021-06-21 21:01:58 2021-06-21 21:01:58.974 -0400 Error: pan_mgmt_client_table_do_commit(pan_cfg_commit_jobs.c:4150): Could not load the app warning files to sqlite db
mp ms.log 2021-06-21 21:02:01 2021-06-21 21:02:01.019 -0400 Error: pan_commit_shadow_warn_load_file_to_db(pan_cfg_commit_warn.c:2387): failed to update appwarn db: no such table: warncount
mp ms.log 2021-06-21 21:02:01 2021-06-21 21:02:01.019 -0400 Error: pan_mgmt_client_table_do_commit(pan_cfg_commit_jobs.c:4154): Could not load the shadow warning files to sqlite db
mp ms.log 2021-06-21 21:02:01 /bin/cat: "/opt/pancfg/certificates/ocsp-verify-ca-4//": No such file or directory
mp ms.log 2021-06-21 21:02:01 2021-06-21 21:02:01.389 -0400 client routed reported Phase 2 was SUCCESSFU


 

Environment


  • Palo Alto Firewall
  • PANOS 10.0.x, and 10.1.x
  • DNS Security 

Cause


When DNS security is enabled with no license, the error message should be displayed once, but the message is displaying once per profile.

Resolution


  1. Verify if the commit is successful along with the warnings
  2. Verify the ms.log has similar error messages as displayed above using the command less mp-log ms.log
  3. Fix to be released in PANOS 9.1.11 and 10.0.8
Note: Threat/DNS security License is required for the warning not to be seen.

Additional Information


The commit will be successful along with the warning messages for the DNS Security License.

More Information on DNS Security: Enable DNS Security
Palo Alto Networks DNS Security Service: Lightboard Series
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMNvCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language