Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19689
Views
15
Helpful
13
Replies

FMC Stuck in Deploying phase

ciscoworlds
Level 4
Level 4

‎04-02-2018 07:17 AM - edited ‎02-21-2020 07:35 AM

Hi.

I have an FTDv (6.2.2.81) and an ASA 5515-x FTD (same version) in my lab. On FMC both devices stuck on "Deployment" phase and I cannot cancel it. I managed to stop the ASA FTD and restart the FMC and now it shows "Failed in Deployment" but cannot do the same for FTDv. I restarted FMC and completely powered off the FTDv, but again FMC tried to deploy the policies onto FTDv and stuck at about 40%. It doesn't allow me to deploy another policy and says the deployment is in progress. 

What can I do?

 

fmc0.jpg

10 people had this problem
Labels:
0 Helpful
13 Replies 13

Moon1998
Level 1
Level 1

‎06-13-2018 07:24 AM

I had same issue. Luckily, I had quite recent backup, so I tried restoring FMC from it. It helped, and next policy deployment succeeded.

0 Helpful

Florin Barhala
Level 6
Level 6
In response to Moon1998

‎06-14-2018 04:52 AM

What about traffic impact? If FMC gets stuck is there any risk traffic gets blocked on the ASA ?
0 Helpful

Dustin Anderson
VIP
VIP
In response to Florin Barhala

‎06-15-2018 09:42 AM

This is the second time we have had this happen. It's a bug from 6.0, but must be back in the 6.2 code.

 

You have to open a TAC and they have to go clear/fix the database.

 

As it's compiling the change, there's no risk to the firewall as it is still running with the previous update.

Florin Barhala
Level 6
Level 6
In response to Dustin Anderson

‎06-15-2018 12:48 PM

Thanks for the answer; now is there a specific version affected like 6.2.x.y or or all 6.2.x versions?
0 Helpful

Nikolaj Pabst
Level 5
Level 5
In response to Florin Barhala

‎07-26-2018 01:28 AM

Hi Florin,

I would suggest jumping to the latest 6.2.3 patch, a lot of bugs and CVE's are fixed.

The affcted relases are:

6.2.1
6.2.2
6.2.2.1
 
 
 
6.2.3
0 Helpful

c.sanchez@italtel.com.pe
Level 1
Level 1

‎07-25-2018 09:24 AM

 

I opened a ticket support then Cisco's Engineer send me a script I push that scrip into the FMC and run its. Therefore I applied again the deploy with successful result.

 

 

regards

 

hamoudud1
Level 1
Level 1
In response to c.sanchez@italtel.com.pe

‎09-05-2018 07:04 AM

Dear c.sanchez,

 

Nice to know that you solved your issue, could you share this script with us.

 

am facing same issue here : (

 

BR,

Hamoud Hamdan

 

 

0 Helpful

robinsra82
Level 1
Level 1
In response to hamoudud1

‎01-30-2019 08:24 AM

I am having this same issue on 6.2.3.7...awaiting TAC's response.

0 Helpful

Albert_Hernandez
Level 1
Level 1
In response to robinsra82

‎05-03-2019 11:28 AM

Did you solve it? 

 

I have the same problem...

0 Helpful

KriegerPiloto
Level 1
Level 1
In response to Albert_Hernandez

‎06-25-2019 07:11 AM

I had the same problem at a client, opened a SR and TAC recommended to give FMC a reboot, did that and policy deployment time went back to normal (3-4minutes)

FMC version is 6.2.3.10

0 Helpful

ziqex
Level 4
Level 4
In response to robinsra82

‎07-29-2020 08:37 AM

Facing the same issue Software Version 6.3.0 (build 84).
Waiting for TAC response.
14 appliances stuck in 40% Deployment - Policy and object collection complete.
0 Helpful

Albert_Hernandez
Level 1
Level 1

‎06-25-2019 07:49 AM

I solved the problem.

My problem was with the firepower, my firewall erase, forgot, delete, the firepower module IP. I just rewrite the ip from my module and thats it.

 

0 Helpful

Miguel52
Level 1
Level 1

‎08-26-2019 01:38 PM

Send command on FTD (sensor)

 

>expert
Password:
firepower:/home/root# pmtool restartbyid ngfwManager
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card