Commit failing with error "Failed to refresh EDL config"
25162
Created On 12/15/21 14:15 PM - Last Modified 01/23/24 12:19 PM
Symptom
- Commits are failing with the job details showing the error below:
admin@PA-VM-700> show jobs id 12365 => Job id differs for each. Enqueued Dequeued ID Type Status Result Completed ------------------------------------------------------------------------------------------------------------------------------ 2021/12/03 09:26:06 09:30:39 12365 CommitAll FIN FAIL 09:30:54 Warnings: Details:Failed to refresh EDL config Commit failed
- Looking at the ms.log, using the command "less mp-log ms.log" we would see an error as:
Error: ebl_cfg_parse_node_entry(pan_cfg_ebl.c:5642): EDL entry(0x556ec2ea3800, 0x556edbcd6800,
(nil) vsys1/<EDL-Name>, 0, 1 url) CP node cannot be found in the config
Environment
- Palo Alto VM-Flex instance.
- PAN-OS 8.1 and above.
- Panorama managed.
- External Dynamic Lists (EDLs) configured with Certificate Profile Validation.
Cause
On the Panorama, under "Device Group > Objects > External Dynamic Lists", the name of the Certificate Profile for an EDL does not match with the Certificate Profile name under "Template > Device > Certificate Profile".
Resolution
- On the Panorama, navigate to "Device Group > Objects > External Dynamic Lists", and take note of the Certificate Profiles configured.
- On the Panorama, navigate to "Template > Device > Certificate Profile", and make sure the names of the Certificate Profiles match with the ones noted. Correct if required.
- Once the changes are done "Commit" on the Panorama and "Push" the committed config to managed devices.