cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
60140
Views
15
Helpful
14
Replies
medina91
Beginner

Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Hello 

I am not able to upgrade the Cisco DNA center from version 1.2.6 to 1.2.10 (the System version is 1.1.0.659.1). While upgrading the progress is not loading more than 0%

How can I check the upgrade log? I didn´t get any messages explaining why it fail

 

I verified that the firewall is not cutting the connection:

(maglev-master-1) ~$ maglev catalog settings validate
Validating catalog server settings...
Parent catalog settings are valid

 

And I am getting this certificate error, not sure if this could be the reason: ??

(maglev-master-1) ~$ magctl appstack status
Unable to connect to the server: x509: certificate has expired or is not yet valid

 

Thank you 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

I did a fresh install of the version 1.2.10, but after do it some packages upgrade failed to download.

I checked that the Firewall was not cutting the connection, but we had a SSL decryption Server that was causing the issue, it was disrupting the connection to the Cisco repositories to download the packages necessary for the upgrade

Thank you all for the help, all good now

View solution in original post

14 REPLIES 14
Mike.Cifelli
VIP Advocate

So I have also faced issues during most of my DNAC upgrades I have gone through. You may want to check with your Cisco rep on whether or not you can move from 1.2.6 to 1.2.10. Pretty sure there is a 1.2.6 patch that needs to be applied (1.1.0.659.1), then move to 1.2.8 prior to 1.2.10. Here are some very helpful troubleshooting tips you can use:

$ sudo maglev system_updater update_info --Shows status of upgrade via CLI
$magctl service logs -rf system-updater --Tail logs during upgrade to monitor status
$magctl service logs -r system-updater > system_updater.log --Identify which host in your cluster failed installing host components
$sudo journalctl -u maglev-node-updater -f --Tail updater log in real-time
$maglev system_updater update_system 1.1.0.659.1 -f --Force an upgrade via CLI

Remember to download and install the application packages once a good upgrade has occurred prior to performing another upgrade. Good Luck & HTH!

Hi Kindly find the solution  below

Basically ,you must apply upgrade to 1.2.8 from 1.2.6 via patch update. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10

Hello Anantsiv

 

The system update version is 1.1.0.659.1 is available in the production catalog, but is failing when I am try to apply it 

 

Thank you for the help

Regards

 

 

Hello Mike, thank you for the reply

 

I tried to upgrade it via CLI but it fail also, it is not passing through the initial Prevalidations:

 

 $ sudo maglev system_updater update_info
 System update status:
 Version successfully installed: 1.1.0.659
 Updater State:
 Currently processed version: 1.1.0.659.1
 State: FAILED
 Sub-State: DOWNLOAD_INITIATED

 Details: Prevalidations could not be completed
 Progress: 0%


I couldn´t see much in the log with the other commands

 

 $ sudo journalctl -u maglev-node-updater -f
 [sudo] password for maglev:
 -- Logs begin at Sun 2019-04-07 06:51:26 UTC. --
 ^C

 

$ magctl service logs -r system-updater > system_updater.log
Unable to connect to the server: x509: certificate has expired or is not yet valid
Traceback (most recent call last):

 

But I am still getting this certificate error. I am thinking that could be an issue with that.

I couldn't find information about which validations is doing the DNA before to download the new version

 

Regards

 

You need to ensure that your DNAC host can reach out to the appropriate Cisco Clouds:
For System and package downloads:
Recommended: *.ciscoconnectdna.com:4431

Or, for customers who prefer not to use a wildcard:
https://www.ciscoconnectdna.com
https://cdn.ciscoconnectdna.com
https://registry.ciscoconnectdna.com
https://registry-cdn.ciscoconnectdna.com

See here: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-1/rn_release_1_1_7/b_dnac_release_notes_1_1_7.html#reference_gdr_sk3_2db

It sounds like you may have a connectivity issue.

Hello 

Seems that everything is allow. Anyway I will speak with the person responsible for the FW to check while I am upgrading

Thank you

 

maglev-master-1)$ telnet www.ciscoconnectdna.com 443
Trying 52.27.19.5...
Connected to www.tesseractcloud.com.
Escape character is '^]'.

maglev-master-1)$ telnet cdn.ciscoconnectdna.com 443
Trying 52.222.162.15...
Connected to d3rz7j7nghfq4y.cloudfront.net.
Escape character is '^]'.

maglev-master-1)$ telnet registry.ciscoconnectdna.com 443
Trying 54.244.19.145...
Connected to registry.tesseractcloud.com.
Escape character is '^]'.

maglev-master-1)$ telnet registry-cdn.ciscoconnectdna.com 443
Trying 52.222.162.101...
Connected to d2z0zwk0stt084.cloudfront.net.
Escape character is '^]'.

maglev-master-1))$ telnet cisco.com 443
Trying 72.163.4.185...
Connected to cisco.com.
Escape character is '^]'.

maglev-master-1)$ telnet dnacenter.uservoice.com 443
Trying 104.17.27.92...
Connected to dnacenter.uservoice.com.
Escape character is '^]'.

maglev-master-1)$ telnet tiles.mapbox.com 443
Trying 151.101.112.143...
Connected to mapbox.b.ssl.fastly.net.
Escape character is '^]'.
^CConnection closed by foreign host.

 

I did a fresh install of the version 1.2.10, but after do it some packages upgrade failed to download.

I checked that the Firewall was not cutting the connection, but we had a SSL decryption Server that was causing the issue, it was disrupting the connection to the Cisco repositories to download the packages necessary for the upgrade

Thank you all for the help, all good now

View solution in original post

is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10  https://xender.pro/ https://discord.software/ https://omegle.onl/

This is a known issue. Currently the only workaround is to disable SSL intercept.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi73428/?reffering_site=dumpcr

Farhan Mohamed
Cisco Employee

First of all, there is a process which needs to be followed for seamless upgrade to happen and newest version to work, See below:-

  • Existing customer deployments on 1.2.6: You must apply upgrade to 1.2.8 via patch update. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10.

 

Lastly check if the Firewall was not cutting the connection. Allow few URLs through firewall that would lead to updates within DNAC.

wwachiramanowong
Beginner

Is this possible to upgrade offline ? 

There is no offline upgrade process currently available.

tpoulose
Cisco Employee

The original issue was most likely due to the below defect.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn64303

 

In addition to this please refer to the upgrade guide when upgrading. 1.2.6 -> 1.2.10 direct is not supported. The system and applications must be upgraded to 1.2.8 before upgrading to 1.2.10

 

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/upgrade/b_cisco_dna_center_upgrade_guide.html#id_109272

What's also strange is the version the DNA center asked me to upgrade to.

According to the Cisco documentation, I should go through several intermediate versions until 1.3.0, but the system is asking me upgrade directly.

dna_center_steps.jpg

 

And I have tried to delete the current downloaded packages using "for pkg in $(maglev package status -o json | jq -r '.[] | select(.available!="-") | [ .name,.available | tostring ] | join (":")'); do maglev catalog package delete $pkg 2>/dev/null; done"

But with any luck. It still tells me to go to1.3.0.