Palo Alto Networks SD-WAN & CloudGenix

The zone set cannot be activated and zoning cannot be configured in enhanced zoning mode.

The error message “Zoning database update in progress, command rejected” might be received.

Possible Cause

Another user on the same switch or on a different switch is holding the enhanced zoning configuration lock.

Solution

Release the zoning lock with the following:

Step 1 Determine which switch (domain/ip address) has the lock.

Step 2 Determine which user has the lock on that switch.

Step 3 Clear the lock for that user on that switch.

On the same switch, enter the show zone status vsan command to determine which user holds the lock.

Example:

switch1# show zone status vsan 200

VSAN: 200 default-zone: deny distribute: active only Interop: default

mode: enhanced merge-control: allow

session: remote [dom: 121][ip: 171.165.98.20] <<== In this example the remote switch with the IP address of 171.165.98.20 has the lock. Connect to the remote switch and enter the show zone status vsan command. Example: switch2# show zone status vsan 200 VSAN: 200 default-zone: deny distribute: active only Interop: default mode: enhanced merge-control: allow session: cli [remi] <<== In the example, user Remi is holding the enhanced zoning lock. On the remote switch (N5K2 in the example), release the lock with the no zone commit vsan command.

To confirm that the lock had been cleared, enter the show zone status vsan command.

At this point, the session parameter should appear as none.

If the lock still persists, remove the lock from the switch that holds the lock with the clear zone lock command.

If the lock continues to persist, use the following commands to collect information to aid further analysis: