Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2662
Views
5
Helpful
3
Replies

AMP Connector Rollback

pavankumar.kakarla
Level 1
Level 1

‎09-16-2020 08:44 AM

I have accidentally set AMP Product version to 7.2.11 on the policy and servers got upgraded from 6.2.9 to 7.2.11 and pending for reboot. However since these are production servers i cant reboot and they are marked as "Unprotected".

 

How can i rollback them back to 6.2.9 without rebooting the servers or how can i avoid reboot and mark them as "Protected" state.

Labels:
3 Replies 3

dkrull
Cisco Employee
Cisco Employee

‎09-16-2020 09:25 AM - edited ‎09-16-2020 09:25 AM

Greetings,

That is an unfortunate predicament that you have found yourself in. There is no option to roll back. In your current situation it would be best if you can reboot those endpoints as soon as possible or during your next maintenance window. 6.2.9 is EOL and no longer available to download and the oldest version that is currently supported is 6.3.1.11015.  Please see the EOL announcement for the connector versions 'Table 4.  AMP for Endpoints Versions Affected by Support Policy – Phase 2 (July 7, 2020)' : https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215376-end-of-support-announcement-for-amp-for.html and 'Table 5.  Supported AMP for Endpoints Versions' for current supported versions.

The silver lining to this is that after the update from 6.x.x to 7.x.x reboots are no longer required when updating endpoints to a newer version and you also get access to newer features. Please see the release notes for more information on 7.2.11 and newer: https://docs.amp.cisco.com/Release%20Notes.pdf

Please let me know if you have any further questions.

Dmitri Krull
Technical Marketing Engineer - Endpoint Security
dkrull@cisco.com
SSCP - 743085
0 Helpful

pavankumar.kakarla
Level 1
Level 1
In response to dkrull

‎09-16-2020 09:31 AM

The silver lining to this is that after the update from 6.x.x to 7.x.x reboots are no longer required when updating endpoints to a newer version and you also get access to newer features. Please see the release notes for more information on 7.2.11 and newer: https://docs.amp.cisco.com/Release%20Notes.pdf

 

Question - when you say reboots are no longer required from 6.x.x to 7.x.x then why does it says reboot pending in Events page for all the upgraded machines and also Connector is marked as Unprotected. Can you please clarify or let me know if i miss something here.

0 Helpful

dkrull
Cisco Employee
Cisco Employee
In response to pavankumar.kakarla

‎09-16-2020 10:04 AM - edited ‎09-16-2020 10:05 AM

Once your connectors have finished updating to 7.x.x any upgrade to a newer version does not require a reboot. For example, if you update from 7.2.11 to 7.2.13 you do not need to reboot the host. Same if you were to update from 7.0 to 7.1 no reboots needed. But if you are updating from 6.X to 7.X you need to do the reboot since connectors prior to 7.X did not have this feature. 

Let me know if that helped.

Dmitri Krull
Technical Marketing Engineer - Endpoint Security
dkrull@cisco.com
SSCP - 743085
0 Helpful
Customers Also Viewed These Support Documents