Triage Commit Issues on Panorama

1. Review the PAN-OS Release Notes to identify any limitations, changes to default behavior, or known issues that may cause your commits to fail.
2. Log in to the Panorama Web Interface.
3. Review the Panorama Task Manager.

   1. Select Tasks.
   2. Locate the commit operation and make note of the Job ID, and Start Time.

      In the Type column, click Commit to view the job details.

   3. Review the Validation Errors to understand what is causing the commit to fail. This will help you understand if the commit is failing on Panorama or on the firewall.

4. Review the PAN-OS processes and process logs.

   1. Log in to the Panorama CLI.
   2. Enable debug logs on Panorama for more verbose log output

      admin> debug management-server

   3. Review the management processes to see if any are in a degraded State.

      This tells you which management process logs are impacting the commit failure. This is denoted in the Progress column by an asterisk (*). The Client column displays the various management process related to a configuration commit.

      If this is showing no issues, then the commit failure is likely happening on the firewall. If that is the case, you will need to enter this command on the firewall CLI.

      admin> show management-clients

   4. Review the Panorama log file to check for failures.

      In the below command, enter the Client experiencing issues.

      admin> less mp-log <client>.log

      Use the Start Time to locate the error causing the commit to fail. the reason the commit failed is indicated by Commit Failed.
   5. Log in to the firewall CLI and review the device server processes.

      admin> less mp-log devsrvr.log

      This command also provides additional information about where the failure in the configuration commit process on the firewall. This will also show if External Dynamic Lists (EDL) are consuming too much device memory.