When Device Telemetry is disabled on Panorama, Commit fails with error message: "region is invalid"

When Device Telemetry is disabled on Panorama, Commit fails with error message: "region is invalid"

19604
Created On 08/05/21 00:50 AM - Last Modified 02/01/23 09:08 AM


Symptom


  • The commit failed the validation error "region is invalid".
  • It happens when an administrator disabled device telemetry.
  • Here are the example of the error on Panorama managed PrismaAccess.
Validation Error: 
devices -> localhost.localdomain -> template-stack -> Service_Conn_Template_Stack -> config -> devices -> localhost.localdomain -> deviceconfig -> system -> device-telemetry -> region is invalid
devices -> localhost.localdomain -> template-stack -> Explicit_Proxy_Template_Stack -> config -> devices -> localhost.localdomain -> deviceconfig -> system -> device-telemetry -> region is invalid
devices -> localhost.localdomain -> template-stack -> Mobile_User_Template_Stack -> config -> devices -> localhost.localdomain -> deviceconfig -> system -> device-telemetry -> region is invalid
devices -> localhost.localdomain -> template-stack -> Remote_Network_Template_Stack -> config -> devices -> localhost.localdomain -> deviceconfig -> system -> device-telemetry -> region is invalid

 

Environment


  • Any Panorama
  • PAN-OS 10.0
  • Device Telemetry

Cause


  • The error caused if the firewall has invalid schema in the configuration. 
  • Such error can be seen in configd.log (less mp-log configd.log).
configd.log:
2021-07-30 15:43:20.284 +0900 Error:  _pan_schema_verify_node(pan_schema_obj.c:7195): is invalid , node: region near line 7452
2021-07-30 15:43:20.291 +0900 Error:  _pan_schema_verify_node(pan_schema_obj.c:7195): is invalid , node: region near line 7427
2021-07-30 15:43:20.296 +0900 Error:  _pan_schema_verify_node(pan_schema_obj.c:7195): is invalid , node: region near line 7402
2021-07-30 15:43:20.347 +0900 Error:  pan_cfg_verify_ex(pan_cfg_commit_handler.c:2723): invalid configuration. Schema verification failed.


Resolution


  1. Select the region by the following command, and commit it once. The schema will be corrected by this operation. 
    > configure
# set template-stack <Template Stack name> config devices localhost.localdomain deviceconfig system device-telemetry region <region name>
# commit
  2. After that, you can select "none" as the region for the device telemetry. On the CLI, you can delete the region by this command. 
    # delete template-stack <Template Stack name> config devices localhost.localdomain deviceconfig system device-telemetry region <region name> 
# commit
# exit
  3. In some cases, we can try following commands as well. 
    # set deviceconfig system device-telemetry region <region name> product-usage yes device-health-performance yes threat-prevention yes 
# commit




 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMOoCAM&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language