cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

2816
Views
10
Helpful
13
Replies
Beginner

Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Hello 

I am not able to upgrade the Cisco DNA center from version 1.2.6 to 1.2.10 (the System version is 1.1.0.659.1). While upgrading the progress is not loading more than 0%

How can I check the upgrade log? I didn´t get any messages explaining why it fail

 

I verified that the firewall is not cutting the connection:

(maglev-master-1) ~$ maglev catalog settings validate
Validating catalog server settings...
Parent catalog settings are valid

 

And I am getting this certificate error, not sure if this could be the reason: ??

(maglev-master-1) ~$ magctl appstack status
Unable to connect to the server: x509: certificate has expired or is not yet valid

 

Thank you 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

I did a fresh install of the version 1.2.10, but after do it some packages upgrade failed to download.

I checked that the Firewall was not cutting the connection, but we had a SSL decryption Server that was causing the issue, it was disrupting the connection to the Cisco repositories to download the packages necessary for the upgrade

Thank you all for the help, all good now

13 REPLIES 13
Rising star

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

So I have also faced issues during most of my DNAC upgrades I have gone through. You may want to check with your Cisco rep on whether or not you can move from 1.2.6 to 1.2.10. Pretty sure there is a 1.2.6 patch that needs to be applied (1.1.0.659.1), then move to 1.2.8 prior to 1.2.10. Here are some very helpful troubleshooting tips you can use:

$ sudo maglev system_updater update_info --Shows status of upgrade via CLI
$magctl service logs -rf system-updater --Tail logs during upgrade to monitor status
$magctl service logs -r system-updater > system_updater.log --Identify which host in your cluster failed installing host components
$sudo journalctl -u maglev-node-updater -f --Tail updater log in real-time
$maglev system_updater update_system 1.1.0.659.1 -f --Force an upgrade via CLI

Remember to download and install the application packages once a good upgrade has occurred prior to performing another upgrade. Good Luck & HTH!

Cisco Employee

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Hi Kindly find the solution  below

Basically ,you must apply upgrade to 1.2.8 from 1.2.6 via patch update. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10

Beginner

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Hello Anantsiv

 

The system update version is 1.1.0.659.1 is available in the production catalog, but is failing when I am try to apply it 

 

Thank you for the help

Regards

 

 

Highlighted
Beginner

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Hello Mike, thank you for the reply

 

I tried to upgrade it via CLI but it fail also, it is not passing through the initial Prevalidations:

 

 $ sudo maglev system_updater update_info
 System update status:
 Version successfully installed: 1.1.0.659
 Updater State:
 Currently processed version: 1.1.0.659.1
 State: FAILED
 Sub-State: DOWNLOAD_INITIATED

 Details: Prevalidations could not be completed
 Progress: 0%


I couldn´t see much in the log with the other commands

 

 $ sudo journalctl -u maglev-node-updater -f
 [sudo] password for maglev:
 -- Logs begin at Sun 2019-04-07 06:51:26 UTC. --
 ^C

 

$ magctl service logs -r system-updater > system_updater.log
Unable to connect to the server: x509: certificate has expired or is not yet valid
Traceback (most recent call last):

 

But I am still getting this certificate error. I am thinking that could be an issue with that.

I couldn't find information about which validations is doing the DNA before to download the new version

 

Regards

 

Rising star

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

You need to ensure that your DNAC host can reach out to the appropriate Cisco Clouds:
For System and package downloads:
Recommended: *.ciscoconnectdna.com:4431

Or, for customers who prefer not to use a wildcard:
https://www.ciscoconnectdna.com
https://cdn.ciscoconnectdna.com
https://registry.ciscoconnectdna.com
https://registry-cdn.ciscoconnectdna.com

See here: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-1/rn_release_1_1_7/b_dnac_release_notes_1_1_7.html#reference_gdr_sk3_2db

It sounds like you may have a connectivity issue.
Beginner

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Hello 

Seems that everything is allow. Anyway I will speak with the person responsible for the FW to check while I am upgrading

Thank you

 

maglev-master-1)$ telnet www.ciscoconnectdna.com 443
Trying 52.27.19.5...
Connected to www.tesseractcloud.com.
Escape character is '^]'.

maglev-master-1)$ telnet cdn.ciscoconnectdna.com 443
Trying 52.222.162.15...
Connected to d3rz7j7nghfq4y.cloudfront.net.
Escape character is '^]'.

maglev-master-1)$ telnet registry.ciscoconnectdna.com 443
Trying 54.244.19.145...
Connected to registry.tesseractcloud.com.
Escape character is '^]'.

maglev-master-1)$ telnet registry-cdn.ciscoconnectdna.com 443
Trying 52.222.162.101...
Connected to d2z0zwk0stt084.cloudfront.net.
Escape character is '^]'.

maglev-master-1))$ telnet cisco.com 443
Trying 72.163.4.185...
Connected to cisco.com.
Escape character is '^]'.

maglev-master-1)$ telnet dnacenter.uservoice.com 443
Trying 104.17.27.92...
Connected to dnacenter.uservoice.com.
Escape character is '^]'.

maglev-master-1)$ telnet tiles.mapbox.com 443
Trying 151.101.112.143...
Connected to mapbox.b.ssl.fastly.net.
Escape character is '^]'.
^CConnection closed by foreign host.

 

Beginner

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

I did a fresh install of the version 1.2.10, but after do it some packages upgrade failed to download.

I checked that the Firewall was not cutting the connection, but we had a SSL decryption Server that was causing the issue, it was disrupting the connection to the Cisco repositories to download the packages necessary for the upgrade

Thank you all for the help, all good now

Beginner

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10  https://xender.pro/ https://discord.software/ https://omegle.onl/

Cisco Employee

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

This is a known issue. Currently the only workaround is to disable SSL intercept.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi73428/?reffering_site=dumpcr

Cisco Employee

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

First of all, there is a process which needs to be followed for seamless upgrade to happen and newest version to work, See below:-

  • Existing customer deployments on 1.2.6: You must apply upgrade to 1.2.8 via patch update. The system update version is 1.1.0.659.1 and is available in the production catalog. After the update is applied, you will see a 1.2.8 banner and can upgrade to 1.2.8 and then to 1.2.10.

 

Lastly check if the Firewall was not cutting the connection. Allow few URLs through firewall that would lead to updates within DNAC.

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

Is this possible to upgrade offline ? 

Cisco Employee

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

There is no offline upgrade process currently available.

Cisco Employee

Re: Failed to upgrade Cisco DNA center from version 1.2.6 to 1.2.10

The original issue was most likely due to the below defect.

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn64303

 

In addition to this please refer to the upgrade guide when upgrading. 1.2.6 -> 1.2.10 direct is not supported. The system and applications must be upgraded to 1.2.8 before upgrading to 1.2.10

 

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/upgrade/b_cisco_dna_center_upgrade_guide.html#id_109272

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards