Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] 'Error: Check-out failed for IDP policy daemon (/usr/sbin/idpd) without details' occurs during commit operation



Article ID: KB33469 KB Last Updated: 11 Dec 2018Version: 1.0

This article discusses the likely cause of this error condition. When a configuration change is made, whether IDP is configured and used or not, the commit fails with the following message:

error: Check-out failed for IDP policy daemon (/usr/sbin/idpd) without details


The configuration change will not commit and fails with, 'error: Check-out failed for IDP policy daemon (/usr/sbin/idpd) without details.'  Subsequent commit attempts should go through as the problem is intermittent depending on details listed below.


This is seen happening via the interactive-commands log:

root@SRX550> show log interactive-commands | match extensive

Nov 27 12:15:04  SRX550 mgd[51464]: UI_NETCONF_CMD: User 'root' used NETCONF client to run command 'get-interface-information level=extensive'

A possible solution if IDP is not being used is to down the IDP process. Here, we can see the idpd process is alive:
root@SRX550> show system processes extensive | match idpd
 1396 root        1  76    0 45576K 13700K select 0   0:57  0.00% idpd

To down the idpd process, enter into configure mode and enter:
root@SRX550# set system processes idp-policy disable

Now, you can see the idp process is down:
root@SRX550> show system processes extensive | match idpd
At this point the idpd process will not try to check in it's changes since it is not alive. The error condition should not happen.

Note: There is a fix for this issue targeting JUNOS:15.1X49-D160 junos:17.4R3 junos:18.1R4 junos:18.3R2 junos:18.4R1
Refer to PR1380439 - Some error messages could be seen when running 'show interface extensive' command from CLI or Junos Space
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search