Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1756
Views
0
Helpful
4
Replies

vESA local upgrade and cluster problem

daniel.tanch
Level 1
Level 1

‎10-07-2019 09:00 AM

Hi, 

 

1) I had a vESA and I try to do a local upgrade using windows IIS but it not working. I had this error message "Could not connect to manifest server." when I tried to do a upgrade. Below are the Service Updates I configure. 

Service Updates.JPG

System Upgrade.JPG

2) I had created clusterconfig on 2 ESA. But when I did a config change on one of the ESA, there is a warning "commit sent to 1 of 2 machines". How do i rectified this? 

Labels:
0 Helpful
4 Replies 4

Mathew Huynh
Cisco Employee
Cisco Employee

‎10-07-2019 03:30 PM

Hey Daniel,

 

For the local upgrade issue, you would need to find out what is the reason of the error - perhaps tailing the upgrade_logs or updater_logs when you attempt the upgrade will provide a bit more information.

 

For the cluster connectivity - log into each machine and run a 'clusterconfig' and make sure they're both connected.

After which run a clusterconfig -> connstatus to ensure they're connected properly, if not you will see an output of possible errors there.

 

Let us know how it goes.

 

Regards,

Mathew 

0 Helpful

daniel.tanch
Level 1
Level 1
In response to Mathew Huynh

‎10-07-2019 11:13 PM

For the local upgrade issue, you would need to find out what is the reason of the error - perhaps tailing the upgrade_logs or updater_logs when you attempt the upgrade will provide a bit more information.

Ans:

- tail upgrade_logs: failure downloading list: could not connect to manifest server.

- tail updater_logs: failed to acquire the server manifest. 

 

For the cluster connectivity - log into each machine and run a 'clusterconfig' and make sure they're both connected.

After which run a clusterconfig -> connstatus to ensure they're connected properly, if not you will see an output of possible errors there.

Ans:

- Both the ESA are communicating via IP address and port 22

- When I did a list, I am able to see both ESA.  

- For connstatus, it shown as connecting. 

- I am able to ping from ESA1 to ESA2 and vice versa, I also did a telnet using port 22 and it shown as connected.

- Both the ESAs are in the same segment but using production link instead of management link. Both ESAs version(9.1.2-041) and featurekeys are the same. 

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to daniel.tanch

‎10-08-2019 02:17 PM

Hey Daniel,

For the local upgrade/update server - can you leave the original services as default and make sure you only update for AsyncOS
Next to ensure connectivity from the ESA to that server is available, try to telnet from the ESA's update interface configured to that web server by hostname as you configured on the required port if the connectivity is there. Also making sure the URL path is valid within the local server.


For the clustering concern, If it's still showing as connecting - i assume it gets an error over time (can you show me the system_logs info on what is the error if there is one?).

You did all the tests i would verify so i wouldn't see an issue. Can you also just do a nslookup against the IPs to see if we get a PTR record or immediate DNS response and no delays? If there is a delay then a servFail response of sorts, that would also cause clustering communication to fail even though you've set it to IP.

Regards,
Mathew
0 Helpful

daniel.tanch
Level 1
Level 1
In response to Mathew Huynh

‎10-29-2019 11:10 PM

Clustering solve after I upgrade to the latest firmware. Thanks for your help.
0 Helpful
Customers Also Viewed These Support Documents