Content database installation failure with system log "Failed to extract file".

Content database installation failure with system log "Failed to extract file".

1512
Created On 08/22/22 07:36 AM - Last Modified 08/13/25 21:47 PM


Symptom


  • Content database installation fails with error message  "Failed to extract file". in system log (show log system).
  • Any content is affected ( App and Threat signature database, Anti-Virus signature database or WildFire signature database)

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • High Availability (HA) configured

Cause


  • This issue can be due to an overlapping content database update schedule.
  • This is a timing issue, triggered due to the following sequence of events.
    • Content image is downloaded from the update server. 
    • The downloaded Content image is scheduled for installation. 
    • At the same time, the HA-peer which is also going through these steps (because of an overlapping content database update schedule) syncs the same image. 
    • This overwrites the image that was downloaded in the 1st step and causes the 2nd step to fail, in case the synced file is not fully written before install begins.
    • In the following example, the issue was reported for failure to install Antivirus Signature database:
 07:05:21 high     general        general 0  Failed to extract file panup-all-antivirus-4162-4675.tgz with sha256: 771dff8d78395450bee459f41c7ff55d98f79621ced5477ca76e8a5492f8169f
 07:05:20 info     general        general 0  Content image transferred from peer  >>>>>> image transferred from HA peer.
 07:05:19 info     general        general 0  Antivirus job started processing. Dequeue time=2022/08/01 07:05:20. Job Id=1728.   
 07:05:19 info     general        general 0  Antivirus job enqueued. Enqueue time=2022/08/01 07:05:20. JobId=1728.  . Type: Full
 07:05:19 info     general        general 0  Antivirus version 4162-4675 downloaded by Auto update agent >>>>>> Image downloaded form content update server.


 

Resolution


Use one of the following solutions to fix this issue.

  1. If both the devices in HA pair have connectivity to Palo Alto Networks content update server, consider disabling  "Sync To Peer" option under respective content update schedule.
  2. Change content update schedule on one of the HA peers at least 30 Minutes apart from the peer device to avoid this issue.

Additional Information


  • Path to Content Download schedule is under GUI :Device > Dynamic Updates.
  • Sample Screenshot collected from Antivirus database update schedule:

SS1_new.PNG
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYowCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail