Description
This article describes how to troubleshoot when performing an install if there is an error related to templates. Since there are multiple templates in the Provisioning Template, where each of them probably will show an error on its own, and here are a few examples and how to resolve the issue.
Example error: related to System Templates.
Copy device global objects
Post vdom failed:
error system snmp community events- 1 cpu-high:-999 - - (from Template Group t2) (in Template System Settings) invalid value - prop[events]: multi-option(confsync_failure) not exist
Copy objects for vdom root
"firewall ssl-ssh-profile", "certificate-inspection", id=4924, SKIP - (null)
Example error: related to BGP Template.
Copy device global objects
Post vdom failed:
error network - 5 :-999 - invalid ip - (from Template Group t2) (in Template BGP_Template) invalid ip
Copy objects for vdom root
"firewall ssl-ssh-profile", "certificate-inspection", id=4924, SKIP - (null)
Scope
FortiManager.
Solution
Perform a debug command to understand better the error:
diag debug application securityconsole 255
diag debug enable
Example debug output:
Related to System Template error:
SECURITY_CONSOLE: Installing authentication setting
SECURITY_CONSOLE: Installing authentication setting completed - 1 entries installed, 0 errors
Syntax error(invalid value - prop[events]: multi-option(confsync_failure) not exist).
obj system snmp community events
events:cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented temperature-high voltage-alert ha-member-up ha-member-down av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update power-supply-failure faz-disconnect fan-failure bgp-established bgp-backward-transition wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down ips-fail-open device-new enter-intf-bypass exit-intf-bypass per-cpu-high confsync_failure
id:1
mib-view:
name:SnTxqP9t
query-v1-port:161
query-v1-status:enable
query-v2c-port:161
query-v2c-status:enable
status:enable
trap-v1-lport:162
trap-v1-rport:162
trap-v1-status:enable
trap-v2c-lport:162
trap-v2c-rport:162
trap-v2c-status:enable
vdoms:
tools.c:__modify_ipmask:989: Automatically convert address from 1.1.1.1/255.255.255.0 to 1.1.1.0/255.255.255.0.
SECURITY_CONSOLE: copy_shared_obj_2_dev_vdom: 0 hours 0 minutes 0.174305 seconds.
SECURITY_CONSOLE: Installing dynamic interface
SECURITY_CONSOLE: Installing dynamic interface completed - 27 entries installed, 0 errors
SECURITY_CONSOLE: Installing firewall policy
SECURITY_CONSOLE: Installing firewall policy completed - 25 entries installed, 0 errors
SECURITY_CONSOLE: copy all policies: 0 hours 0 minutes 0.391054 seconds.
add 0 fail references back to pending list
SECURITY_CONSOLE: (1) [FW01-LAB[copy] root] post commit check fail: system snmp community events- 1 cpu-high - - (from Template Group t2) (in Template System Settings) invalid value - prop[events]: multi-option(confsync_failure) not exist (reason:none)
SECURITY_CONSOLE: (1) [FW01-LAB[copy] root] post_vdom copy error:system snmp community events- 1 cpu-high:(errcode)-999 - - (from Template Group t2) (in Template System Settings) invalid value - prop[events]: multi-option(confsync_failure) not exist (reason:none)
SECURITY_CONSOLE: (1) [FW01-LAB[copy] root] Copy rollbacked, due to error (reason:none)
From the debug and the error, understand that it is related to System Template -> SNMP Event-> Configuration sync failure and is not supported. Proceed to disable the event in System Settings -> SNMP -> Select SNMP Community -> SNMP Event.
Related to BGP Template error.
SECURITY_CONSOLE: Installing authentication setting completed - 1 entries installed, 0 errors
TCL error(invalid ip).
obj network
backdoor:disable
id:5
network-import-check:global
prefix:0.0.0.0 0.0.0.0
route-map:
SECURITY_CONSOLE: copy_shared_obj_2_dev_vdom: 0 hours 0 minutes 0.518127 seconds.
SECURITY_CONSOLE: Installing dynamic interface
SECURITY_CONSOLE: Installing dynamic interface completed - 27 entries installed, 0 errors
SECURITY_CONSOLE: Installing firewall policy
SECURITY_CONSOLE: Installing firewall policy completed - 25 entries installed, 0 errors
SECURITY_CONSOLE: copy all policies: 0 hours 0 minutes 0.395503 seconds.
add 0 fail references back to pending list
SECURITY_CONSOLE: (1) [FW01-LAB[copy] root] post commit check fail: network - 5 - invalid ip - (from Template Group t2) (in Template BNL Stores BGP) invalid ip (reason:none)
SECURITY_CONSOLE: (1) [FW01-LAB[copy] root] post_vdom copy error:network - 5 :(errcode)-999 - invalid ip - (from Template Group t2) (in Template BNL Stores BGP) invalid ip (reason:none)
SECURITY_CONSOLE: (1) [FW01-LAB[copy] root] Copy rollbacked, due to error (reason:none)
From the debug it shows an error related to an invalid IP in id=5, check in the BGP Template if using any metadata variable and confirm if the values are present on the device.
These are the few errors related to the Provisioning Template when performing an install to rectify it, and in case the method still does not resolve issues, proceed to contact TAC support.
Related article:
