I just wrapped up an R80.10 upgrade of a 15400 Cluster that was previously running R77.30. The Upgrade method was doing an in-place CPUSE upgrade to R80.10. Then, we jumped to the latest HFA (Take 121) and the SegmentSmack / FragmentSmack hot fixes. 

Since the upgrade, I've been noticing a lot of these errors in /var/log/messages:

kernel: [fw4_1];[ERROR]: ida_cmi_hold_conn: idapi_fetch_identity_async failed, missing vtable information

kernel: [fw4_1];[ERROR]: ida_cmi_handle_late_contexts: error while fetching identity, notified empty CLOB
kernel: [fw4_1];[ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 19 failed on context 360, executing context 366 and adding the app to apps in exception

kernel: [fw4_7];[ERROR]: ida_cmi_async_fetch_headers_done_cb: fetched src IP 10.12.0.194 from conn

kernel: [fw4_7];[ERROR]: ida_cmi_async_fetch_headers_done_cb: failed to fetch identity roles from handle

I couldn't find any relevant SK articles, or other Check Mates posts, that reference these errors. Before opening a case with TAC; Has anyone seen these before? Based on the first block of errors, I'm guessing that could have something to do with App Control or URL Filtering? I'm guessing the second one is probably related to Identity Awareness? No one has voiced any complaints or issues with things not working. I just don't like seeing logs piling up with unexplained errors!

This Gateway is running App Control / URLF, IPS, AB/AV, TE (Cloud Emulated), and Identity Awareness blades. The Identity Awareness blade is configured for Identity Sharing and collects Identity data from a separate, dedicated, PDP Gateway elsewhere on the network. 

I'm fine with opening a TAC case, but I'd rather save the time if someone here has seen these types of errors before. 

Thanks!

-Dan