DNAC - Upgrade stack IOS

pjdouglas42 · ‎10-11-2022

Hi,

We have a recent new build if DNAC 2.2.3.5 and I am currently looking at IOS upgrades on cisco 2960XR switches.

I have built a stack of 4 2960XR 24_PS to upgrade the IOS and test how well DNAC performs.

Unfortunately, DNAC fails reporting the following error:

NCSW10249: Distribution failed using protocol: HTTPS.Distribution of image: c2960x-universalk9-tar.152-4.E3.tar on device. with protocol: HTTPS . Loading Image File to Device failed!. Device response error: [ Could not buffer tarfile...using multiple downloads examining image... %Error opening https://x.x.x.x/api/v1/file/temporary/268699f2-a5b9-4582-9fab-e022e2cf6ffb (I/O error) %Error opening flash:update/info (No such file or directory) ERROR: Image is not a valid IOS image archive.

Upgrades on single switches have successful.

Can anyone advise on where to start troubleshooting this ?

Thanks

balaji.bandi · ‎10-11-2022

DNAC uses https to push images i guess that where it failing.

check this bug :

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvy28364

May be our environment all have cat 9300, never tested on Cat 2900 - may be time to raise a TAC CAse :

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/dnac-swim-deployment-guide.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Javier Palomo · ‎03-06-2023

Hi,

We have DNAC 2.2.3.6 version and we can upgrade with success 2960X stacks using SCP protocol. We don´t use https because we disable the protocol in our switches.

Regards

Leo Laohoo · ‎03-13-2023

@pjdouglas42 wrote:
Image is not a valid IOS image archive.

The switch is saying that DNAC was trying to shove an IOS not compatible to the switch mode.

Marc.williams.msu · ‎04-11-2023

I'm able to upgrade any of the single switches using SCP, but when I'm trying to upgrade a stack i get this error:

NCSW32001 Image with extension .bin not recommended for Stack Device Upgrade. Please use image with .tar extension for Stackable Device

Any advise would be helpful.

Leo Laohoo · ‎06-17-2023

@Marc.williams.msu wrote:
NCSW32001 Image with extension .bin not recommended for Stack Device Upgrade. Please use image with .tar extension for Stackable Device

This error message means someone tried to add, into the Image Repository, a filename with an extension of BIN. The error message would also include the recommendation to use the supported file extension of TAR.

adams pro · ‎11-06-2023

i had this same error today. The workaround for me was to delete imported .bin file and import the .tar file and mark it as golden image (can't import both for same device model). I could launch the distribution without error but it took so much time that I had multiple distribution timeouts (after almost 2h of distributing the image via SCP). SO I think there is an issue with dna center pushing .tar 2960x stack images.

It takes a lot of time and causes CPU to rise up to 99% because of the "archive" command initiated by DNAC.

I put my error messages in description if someone can help.

Leo Laohoo · ‎11-06-2023

"no-set-boot" + "leave-old-sw" is a recipe for a disaster.

What are the chance that the new IOS will be "above" the old IOS? With "no-set-boot", that gives each individual switch to boot the first IOS it can find from the flash, from top to bottom. If the old IOS is "above" the new IOS, the switch will boot the old IOS (because of "no-set-boot").

adams pro · ‎11-06-2023

I understand but the command was automatically issued by DNAC during the upgrade process, I discovered it at the same time I red the error message.
I will be glad if you know if it’s possible to customize this part.
In my understanding, you can just choose the golden image, customize checks, and DNAC handles the rest.

Leo Laohoo · ‎11-06-2023

@adams pro wrote:
I will be glad if you know if it’s possible to customize this part.

I do not because I (would) never use DNAC to update the firmware of my routers, switches and WLC. We do not want to take chances of our appliances booting into ROMMON because DNAC made a mistake. We've made that mistake twice before and the price to pay was eye-watering.

DNAC is not geared for upgrading classic IOS.

rjahnke1 · ‎11-07-2023

I had this exact thing happen to me last night, including that CPU spike to 99% (never got the chance to check that archive command and if it was issued though). It was painfully slow using distributing via SCP. Mine thankfully didn't time out like yours and was able to successfully push via SCP. In the upgrade readiness report, it was displaying HTTPs transfer wasn't going to work due to the certificate/not being able to reach DNA via HTTPs (see image)

I tried everything on this link, but am still getting errors even after reinstalling the certificate... even the copy of the .png they reference is still not working, and I am getting the IO error. Very strange...

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/220990-troubleshoot-https-error-in-dna-center-f.html#toc-hId-2753662

Please let me know if you have any updates or if you get things successfully working and I'll do the same! Good luck!

Javier Palomo · ‎11-07-2023

Hi.

We have recently upgraded more than 2500 switches, standalone 2960X switches with *.bin versions, stacks of 2960X with *.tar versions, 2960CX, 9200 and 9300 switches and we haven´t too much issues. I attach the upgrade statistics.

About to mantain the old IOS sw, it is possible if we don´t mark "Flash Cleanup".

Regards.