Knowledge Search


×
 

[CSO] SDWAN policy update failure for newly provisioned site

  [KB35086] Show Article Properties


Summary:

This article explains the issue of SDWAN policy failure due to signature database not installed on newly provisioned devices.

The content in this article specifically applies to CSO 5.0.1

Symptoms:

Snippet of job failure:

Task: Deployment Task/SDWAN policy deployment on device <device name>

Sep 17, 2019, 9:51:40 AMTask started
Sep 17, 2019, 9:51:41 AMTask for SDWAN policy configuration deployment on device <device name> with device id cd535ea6-4e1f-448f-813f-0e9fe4e2f4de submitted
Sep 17, 2019, 9:52:43 AMTask for SDWAN policy configuration deployment on device <device name>‚Äč with device id cd535ea6-4e1f-448f-813f-0e9fe4e2f4de failed.Exception occurred while executing workflow to configure SD-WAN policy on the device. Solution recovered and restored after SD-WAN policy deployment failures.Please check link config and retry. Check logs for pslam core for more details.
Sep 17, 2019, 9:52:43 AM Task complete

Cause:

This issue is due to signature database not installed in devices as indicated in Job logs.

Click on Monitor > Jobs. Then select the job > View Detailed logs. Then select the logging level as Error to see the error log

Config deploy failed: {u'status': u'FAILURE', u'hapi_remote_host': u'csp.csp-dms-cms-inv-central-core-d67597c77-glxvt', u'description': u'\n{"error_data": {"status_code": "500", "error_tag": "Command Execution Error", "error_message": "requestid: api_server_db_b0e5024b-6c43-4ee8-aab6-3af21e19a63c,api_server_db_b0e5024b-6c43-4ee8-aab6-3af21e19a63c,vRl0,O9zB,Rvzs,EZ9P.71a71466-d96b-11e9-b512-0eba6f716553 deviceid: cd535ea6-4e1f-448f-813f-0e9fe4e2f4de \\n\\nprotocol\\noperation-failed\\nerror\\n\\nnone\\n\\n\\n[edit services]\\n\\n\\napplication-identification\\n\\n\\nvalidation failed: application junos:MS-TEAMS is not found in CSO-Collaboration-AV\\n\\n\\n\\nprotocol\\noperation-failed\\nerror\\n\\nconfiguration check-out failed\\n\\n\\n\\n]]>]]>\\n \\n\\nprotocol\\noperation-failed\\nerror\\n\\nnone\\n\\n\\n[edit services]\\n\\n\\napplication-identification\\n\\n\\nvalidation failed: application junos:MS-TEAMS is not found in CSO-Collaboration-AV\\n\\n\\n\\nprotocol\\noperation-failed\\nerror\\n\\nconfiguration check-out failed\\n\\n\\n\\n]]>]]>\\n", "error_diag": "This error is propagated from DCS. It occurs during device command execution. "}}', u'hapi_request_id': u'api_server_db_b0e5024b-6c43-4ee8-aab6-3af21e19a63c,api_server_db_b0e5024b-6c43-4ee8-aab6-3af21e19a63c,vRl0,O9zB,Rvzs', u'requestid': u'5928888f-2bfe-4f43-a284-111e2a22c573', u'hapi_job_id': u'08759fe7-a35a-4d27-8eb6-a3463504b1b8', u'details': {u'22f31fb0-4524-4bbd-b3b0-349860dd5984': {u'status': u'FAILURE', u'abstract_config_uuid': u'22f31fb0-4524-4bbd-b3b0-349860dd5984', u'description': u'{"error_data": {"status_code": "500", "error_tag": "Command Execution Error", "error_message": "requestid: api_server_db_b0e5024b-6c43-4ee8-aab6-3af21e19a63c,api_server_db_b0e5024b-6c43-4ee8-aab6-3af21e19a63c,vRl0,O9zB,Rvzs,EZ9P.71a71466-d96b-11e9-b512-0eba6f716553 deviceid: cd535ea6-4e1f-448f-813f-0e9fe4e2f4de \\n\\nprotocol\\noperation-failed\\nerror\\n\\nnone\\n\\n\\n[edit services]\\n\\n\\napplication-identification\\n\\n\\nvalidation failed: application junos:MS-TEAMS is not found in CSO-Collaboration-AV\\n\\n\\n\\nprotocol\\noperation-failed\\nerror\\n\\nconfiguration check-out failed\\n\\n\\n\\n]]>]]>\\n \\n\\nprotocol\\noperation-failed\\nerror\\n\\nnone\\n\\n\\n[edit services]\\n\\n\\napplication-identification\\n\\n\\nvalidation failed: application junos:MS-TEAMS is not found in CSO-Collaboration-AV\\n\\n\\n\\nprotocol\\noperation-failed\\nerror\\n\\nconfiguration check-out failed\\n\\n\\n\\n]]>]]>\\n", "error_diag": "This error is propagated from DCS. It occurs during device command execution. "}}',
Solution:

To resolve this issue, ensure the latest attack database is installed on newly provisioned devices.

Note: This step has to be repeated for every newly provisioned device.

The steps below can be used for verification:
  1. Click on Administration tab > Signature Database > Install on device

  2. Signature version should reflect the correct version and Signature install status should be success.

    In case Signature database is not installed in device, select the device and install signature database.

Related Links: