Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
69103
Views
16
Helpful
15
Replies

Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Go to solution
medina91
Level 1
Level 1

‎04-15-2019 04:26 AM

Hello 

I am not able to upgrade the Cisco DNA center from version 1.2.6 to 1.2.10 (the System version is 1.1.0.659.1). While upgrading the progress is not loading more than 0%

How can I check the upgrade log? I didn´t get any messages explaining why it fail

 

I verified that the firewall is not cutting the connection:

(maglev-master-1) ~$ maglev catalog settings validate
Validating catalog server settings...
Parent catalog settings are valid

 

And I am getting this certificate error, not sure if this could be the reason: ??

(maglev-master-1) ~$ magctl appstack status
Unable to connect to the server: x509: certificate has expired or is not yet valid

 

Thank you 

 

 

 

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
medina91
Level 1
Level 1
In response to medina91

‎04-29-2019 12:04 AM

I did a fresh install of the version 1.2.10, but after do it some packages upgrade failed to download.

I checked that the Firewall was not cutting the connection, but we had a SSL decryption Server that was causing the issue, it was disrupting the connection to the Cisco repositories to download the packages necessary for the upgrade

Thank you all for the help, all good now

View solution in original post

15 Replies 15

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-15-2019 06:52 AM

So I have also faced issues during most of my DNAC upgrades I have gone through. You may want to check with your Cisco rep on whether or not you can move from 1.2.6 to 1.2.10. Pretty sure there is a 1.2.6 patch that needs to be applied (1.1.0.659.1), then move to 1.2.8 prior to 1.2.10. Here are some very helpful troubleshooting tips you can use:

$ sudo maglev system_updater update_info --Shows status of upgrade via CLI
$magctl service logs -rf system-updater --Tail logs during upgrade to monitor status
$magctl service logs -r system-updater > system_updater.log --Identify which host in your cluster failed installing host components
$sudo journalctl -u maglev-node-updater -f --Tail updater log in real-time
$maglev system_updater update_system 1.1.0.659.1 -f --Force an upgrade via CLI

Remember to download and install the application packages once a good upgrade has occurred prior to performing another upgrade. Good Luck & HTH!

Go to solution
anantsiv
Cisco Employee
Cisco Employee
In response to Mike.Cifelli

‎04-15-2019 08:54 PM

Hi Kindly find the solution  below

Basically ,you must apply upgrade to 1.2.8 from 1.2.6 via patch update. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10

0 Helpful

Go to solution
medina91
Level 1
Level 1
In response to anantsiv

‎04-16-2019 03:09 AM

Hello Anantsiv

 

The system update version is 1.1.0.659.1 is available in the production catalog, but is failing when I am try to apply it 

 

Thank you for the help

Regards

 

 

0 Helpful

Go to solution
medina91
Level 1
Level 1
In response to Mike.Cifelli

‎04-16-2019 03:06 AM

Hello Mike, thank you for the reply

 

I tried to upgrade it via CLI but it fail also, it is not passing through the initial Prevalidations:

 

 $ sudo maglev system_updater update_info
 System update status:
 Version successfully installed: 1.1.0.659
 Updater State:
 Currently processed version: 1.1.0.659.1
 State: FAILED
 Sub-State: DOWNLOAD_INITIATED

 Details: Prevalidations could not be completed
 Progress: 0%


I couldn´t see much in the log with the other commands

 

 $ sudo journalctl -u maglev-node-updater -f
 [sudo] password for maglev:
 -- Logs begin at Sun 2019-04-07 06:51:26 UTC. --
 ^C

 

$ magctl service logs -r system-updater > system_updater.log
Unable to connect to the server: x509: certificate has expired or is not yet valid
Traceback (most recent call last):

 

But I am still getting this certificate error. I am thinking that could be an issue with that.

I couldn't find information about which validations is doing the DNA before to download the new version

 

Regards

 

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to medina91

‎04-16-2019 05:30 AM

You need to ensure that your DNAC host can reach out to the appropriate Cisco Clouds:
For System and package downloads:
Recommended: *.ciscoconnectdna.com:4431

Or, for customers who prefer not to use a wildcard:
https://www.ciscoconnectdna.com
https://cdn.ciscoconnectdna.com
https://registry.ciscoconnectdna.com
https://registry-cdn.ciscoconnectdna.com

See here: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-1/rn_release_1_1_7/b_dnac_release_notes_1_1_7.html#reference_gdr_sk3_2db

It sounds like you may have a connectivity issue.
0 Helpful

Go to solution
medina91
Level 1
Level 1
In response to Mike.Cifelli

‎04-16-2019 08:53 AM

Hello 

Seems that everything is allow. Anyway I will speak with the person responsible for the FW to check while I am upgrading

Thank you

 

maglev-master-1)$ telnet www.ciscoconnectdna.com 443
Trying 52.27.19.5...
Connected to www.tesseractcloud.com.
Escape character is '^]'.

maglev-master-1)$ telnet cdn.ciscoconnectdna.com 443
Trying 52.222.162.15...
Connected to d3rz7j7nghfq4y.cloudfront.net.
Escape character is '^]'.

maglev-master-1)$ telnet registry.ciscoconnectdna.com 443
Trying 54.244.19.145...
Connected to registry.tesseractcloud.com.
Escape character is '^]'.

maglev-master-1)$ telnet registry-cdn.ciscoconnectdna.com 443
Trying 52.222.162.101...
Connected to d2z0zwk0stt084.cloudfront.net.
Escape character is '^]'.

maglev-master-1))$ telnet cisco.com 443
Trying 72.163.4.185...
Connected to cisco.com.
Escape character is '^]'.

maglev-master-1)$ telnet dnacenter.uservoice.com 443
Trying 104.17.27.92...
Connected to dnacenter.uservoice.com.
Escape character is '^]'.

maglev-master-1)$ telnet tiles.mapbox.com 443
Trying 151.101.112.143...
Connected to mapbox.b.ssl.fastly.net.
Escape character is '^]'.
^CConnection closed by foreign host.

 

0 Helpful

Go to solution
medina91
Level 1
Level 1
In response to medina91

‎04-29-2019 12:04 AM

I did a fresh install of the version 1.2.10, but after do it some packages upgrade failed to download.

I checked that the Firewall was not cutting the connection, but we had a SSL decryption Server that was causing the issue, it was disrupting the connection to the Cisco repositories to download the packages necessary for the upgrade

Thank you all for the help, all good now

Go to solution
gnc40
Level 1
Level 1
In response to medina91

‎04-29-2019 07:14 AM - edited ‎04-29-2019 12:38 PM

is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10  https://xender.pro/ https://discord.software/ https://omegle.onl/

0 Helpful

Go to solution
tpoulose
Cisco Employee
Cisco Employee
In response to medina91

‎08-16-2019 01:39 PM

This is a known issue. Currently the only workaround is to disable SSL intercept.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi73428/?reffering_site=dumpcr

0 Helpful

Go to solution
Farhan Mohamed
Cisco Employee
Cisco Employee

‎05-15-2019 02:51 AM

First of all, there is a process which needs to be followed for seamless upgrade to happen and newest version to work, See below:-

  • Existing customer deployments on 1.2.6: You must apply upgrade to 1.2.8 via patch update. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10.

 

Lastly check if the Firewall was not cutting the connection. Allow few URLs through firewall that would lead to updates within DNAC.

0 Helpful

Go to solution
wwachiramanowong
Level 1
Level 1

‎08-13-2019 07:38 PM

Is this possible to upgrade offline ? 

0 Helpful

Go to solution
tpoulose
Cisco Employee
Cisco Employee
In response to wwachiramanowong

‎08-16-2019 01:37 PM

There is no offline upgrade process currently available.

0 Helpful

Go to solution
tpoulose
Cisco Employee
Cisco Employee

‎08-16-2019 06:28 PM

The original issue was most likely due to the below defect.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn64303

 

In addition to this please refer to the upgrade guide when upgrading. 1.2.6 -> 1.2.10 direct is not supported. The system and applications must be upgraded to 1.2.8 before upgrading to 1.2.10

 

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/upgrade/b_cisco_dna_center_upgrade_guide.html#id_109272

0 Helpful

Go to solution
ValentinPuiu91087
Level 1
Level 1
In response to tpoulose

‎01-14-2021 08:51 AM

What's also strange is the version the DNA center asked me to upgrade to.

According to the Cisco documentation, I should go through several intermediate versions until 1.3.0, but the system is asking me upgrade directly.

dna_center_steps.jpg

 

And I have tried to delete the current downloaded packages using "for pkg in $(maglev package status -o json | jq -r '.[] | select(.available!="-") | [ .name,.available | tostring ] | join (":")'); do maglev catalog package delete $pkg 2>/dev/null; done"

But with any luck. It still tells me to go to1.3.0. 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card