The error message "Failed to fetch device certificate. TPM public key match failed"
If "TPM public key match failed" remains after trying the above, it usually requires Palo Alto TAC intervention. Support must often initiate a to gain root access to the device shell. This allows them to manually purge the invalid hardware-bound certificate files from the /opt/pancfg/mgmt/ssl/private/ directory, which is not accessible to standard admin users. The error message "Failed to fetch device certificate
Check:
The error "" typically occurs on Palo Alto Networks firewalls with a Trusted Platform Module (TPM) , like the PA-400 series. This indicates a mismatch between the hardware's TPM key and the certificate records on the Palo Alto Customer Support Portal (CSP) . Troubleshooting Steps This allows them to manually purge the invalid
Perform a to ensure all configuration elements are re-synchronized. 4. Contacting Support for Root Access Troubleshooting Steps Perform a to ensure all configuration
Lower the management interface MTU to avoid packet fragmentation issues.
The device certificate might not be correctly installed or there could be a mismatch with the expected TPM public key.