AutoCommit failed after upgrade to 8.1 or 9.0
11204
Created On 01/18/22 06:49 AM - Last Modified 01/05/23 04:56 AM
Symptom
- Local User configured with lowercase and uppercase (similar to "paloalto" and "PaloAlto")
- After upgrade PAN-OS o 8.1 or 9.0, Auto Commit failure is observed.
Environment
- Palo Alto Firewall.
- Local user configured.
- Upgrade from 8.1 to 9.0.
Cause
- Local user name has been changed NOT to be case-sensitive in PAN-OS 8.1.12 and 9.0.6. This is a part of fix of PAN-119047. Refer Addressed-Issues in PANOS 9-0-6 and Addressed-Issues in PAN-OS 8-1-12.
- This causes the issue described below.
A commit will succeed with warning in PAN-OS 8.1.0 even if the following 2 local users are configured.
- paloalto
- PaloAlto
> show jobs id 7
Enqueued Dequeued ID Type Status Result Completed
-----------------------------------------------------------------------------------------
22:27:46 22:27:46 7 Commit FIN OK 22:28:11
Warnings:vsys1
Warning: Duplicate local user 'PaloAlto' in local-user-database
Details:Configuration committed successfully
From PAN-OS 8.1.12 / 9.0.6 or later, commit fails with the same configuration.
> show jobs id 14
Enqueued Dequeued ID Type Status Result Completed
--------------------------------------------------------------------------------------
22:34:19 22:34:19 14 Commit FIN FAIL 22:34:31
Warnings:
Details:vsys1
Error: Duplicate user 'paloalto' in Local User Database
Commit failed
Resolution
Remove one of duplicate local user, and commit.