| Bug ID | PAN-OS Versions with Fix | | :--- | :--- | | | Fixed in PAN-OS 10.1.x later releases | | PAN-238792 | Fixed in PAN-OS 10.2.x (10.2.1-h1, 10.2.2-h4, etc.), 11.0.x, and 11.1.x series | | PAN-313623 | Fixed in PAN-OS 11.1.x (11.1.6-h29, 11.1.10-h21, etc.) and 11.2.x (11.2.7-h12, 11.2.10-h5, etc.). For PAN-OS 12.1.x, check the latest release notes |
on the firewall, as this has occasionally refreshed the internal state enough to resolve the match failure. CLI Manual Fetch : Try triggering the fetch and telemetry manually via the command-line interface (CLI) request certificate fetch request device-telemetry collect-now Contact Support (TAC) : If the TPM mismatch persists, you may need a Palo Alto Support | Bug ID | PAN-OS Versions with Fix
+------------------------+ +------------------------------------+ | Palo Alto Hardware FW | | Palo Alto Customer Support Portal | | | | (CSP) | | [TPM Cryptography] | --(Request Cert)-----> | | | Local Public Key | | Verified Factory Records | | Signature | <--(Mismatch Error)-- | Expecting: Hash A, Received: Hash B| +------------------------+ +------------------------------------+ | [TPM public key match failed] Primary Root Causes etc.) and 11.2.x (11.2.7-h12
If the steps above do not resolve the error, the issue likely stems from a physical fault in the TPM chip or an unresolvable backend cloud mismatch. etc.). For PAN-OS 12.1.x