gRPC connection to *.gpcloudservice.com is broken
2150
Created On 10/20/22 17:41 PM - Last Modified 03/17/25 23:28 PM
Symptom
- gRPC connection is broken:
> show log system subtype equal iot direction equal backward 17:14:55 high iot grpc-co 0 gRPC connection to a4d417b6-5900-43ac-bd2e-d42e20dcbe58.fei-lc-prod-eu.gpcloudservice.com:443 is broken, error: Device certificate not present time: xxxx-02-01 17:14:55 17:14:42 high iot grpc-co 0 gRPC connection to a4d417b6-5900-43ac-bd2e-d42e20dcbe58.fei-lc-prod-eu.gpcloudservice.com:443 is broken, error: fail to parseTlsCert, err fail to load client cert[/opt/pancfg/mgmt/lcaas/ssl/lcaas.pem],
err open /opt/pancfg/mgmt/lcaas/ssl/lcaas.pem: no such file or directory time: xxxx-02-01 17:14:39 @dataplane - Logging service forwarding enabled:
> request logging-service-forwarding status Logging Service Licensed: No Logging Service forwarding enabled: Yes Duplicate logging enabled: No Enhanced application logging enabled: Yes Logging Service License Status: Status: Status: Failure Expiration date: September 06, 2020 Msg: Logging Service license is expired Last Fetched: xxxx/02/01 17:05:42 - Logging service license expired:
> request license info ... License entry: Feature: Logging Service Description: Device Logging Service Serial: 000000000000 Authcode: Issued: August 10, 2020 Expires: September 06, 202x Expired?: yes Log Storage TB: 2
Environment
- Palo Alto Networks firewalls.
- All PAN-OS versions.
Cause
Expired logging service license.
Resolution
- Renew logging service license, OR
- Disable logging service forwarding from the firewall’s CLI.
- Commands to disable are given below.
- > configure
- # set deviceconfig setting logging enhanced-application-logging enable no
- # set deviceconfig setting logging logging-service-forwarding enable no
- # commit