Firewall can not connect to the Panorama after upgrade

• Panorama  and Managed Firewalls upgraded to 10.1.2
• Firewalls show disconnected from Panorama
• Configd.log on Panorama (show mp-log configd.log) displays "failed to register device" message

Warning:  isSC3conn(sc3_register.c:47): SC3: Given SNI does not match for peer (/78d92c71-79d0-4381-9370-2f0d35338d3e)
Warning:  sc3_register(sc3_register.c:211): SC3: connstat for '012001xxxxxx': 1
Error:  sc3_register(sc3_register.c:220): SC3: Re-register of '012001xxxxxx' is not allowed.
reg: device '012001062884' using  :: 84e7f61d-191b-4e3e-a4c6-9e5649367d84
Warning:  _register_ext_validation(pan_cfg_mgt_handler.c:4439): reg: device '012001xxxxxx' not registered before but using a signed cert ( :: 84e7f61d-191b-4e3e-a4c6-9e5649367d84)
Error:  pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:4754): SC3: Failed to register device: '012001xxxxxx'

• Panorama Manage Palo Alto Firewalls
• Upgrade to Panorama/Firewalls to PAN-OS 10.1.2

• In PAN 10.1 and above, the FW during initial TLS will supply the authentication key to the register along with the Device Cert CSR , which is generated upon 10.1 install
• This authentication key is generated by Panorama and needs to be entered on the Firewall at the Panorama configuration
• Once the authentication key is validated by Panorama it will sign the device CSR using the Root CA cert and pushes the Device Certificate and the Root CA cert to the FW using the first TLS connection.
• From there the new Registers from the FW will start using the Device Cert being pushed to achieve the TLS authentication

>request sc3 reset                       >>> Refer to the important note below
>debug software restart process management-server
>request authkey set <>                  >>> auth key from Panorama
>configure
#commit force
#exit