01-30-2015 10:53 AM - edited 03-11-2019 10:25 PM
I have a FirePOWER module in my ASA 5525-X and had registered it with my FireSIGHT Management Center. Unfortunately I removed the device from FireSIGHT and hadn't removed the manager from the FirePOWER module first. I also realized I failed to document the registration key I used for the initial registration. I tried re-adding the manager to my FirePOWER module on my ASA and am now getting the message:
Active Peer mysfr.mydomain.com(1.1.1.1) already exists, peer add failed.Active Peer mysfr.mydomain.com:1.1.1.1 already exists
Is there some way to 1) reset the module so it doesn't know about the previous registration, 2) figure out what registration key was used?
When I run "show managers" it says "No managers configured".
Thanks.
Solved! Go to Solution.
01-30-2015 12:13 PM
I'd try adding a manager for some dummy address - that should replace the indeterminate state the FP module is currently in. Then change it back to point to the legitimate FS manager address.
If all else fails you can just re-image the sfr module. That's what we do when sanitizing them for use in multiple customer environments.
ciscoasa# sw-module module sfr shutdown ciscoasa# sw-module module sfr uninstall ciscoasa# reload ciscoasa# sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-5.3.1-152.img ciscoasa# sw-module module sfr recover boot
Re-run setup from the module console and then:
asasfr-boot> system install ftp://<FTPusername:FTPpassword>@<FTP IP>/asasfr-sys-5.3.1-152.pkg
Run setup on the system image and then finally:
>configure manager add <FireSIGHT MC IP> <Registration Key>
01-30-2015 12:13 PM
I'd try adding a manager for some dummy address - that should replace the indeterminate state the FP module is currently in. Then change it back to point to the legitimate FS manager address.
If all else fails you can just re-image the sfr module. That's what we do when sanitizing them for use in multiple customer environments.
ciscoasa# sw-module module sfr shutdown ciscoasa# sw-module module sfr uninstall ciscoasa# reload ciscoasa# sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-5.3.1-152.img ciscoasa# sw-module module sfr recover boot
Re-run setup from the module console and then:
asasfr-boot> system install ftp://<FTPusername:FTPpassword>@<FTP IP>/asasfr-sys-5.3.1-152.pkg
Run setup on the system image and then finally:
>configure manager add <FireSIGHT MC IP> <Registration Key>
02-02-2015 09:24 AM
Found out that Cisco has an ability to remove entries from the MySQL table that will resolve this issue.
Thanks for the suggestion. I'm going to file it away for future reference.
03-07-2016 04:39 PM
Cisco rules.
Simple problem, complex solution.
Defense Center dies and you must reinstall every module. Lovely.
03-07-2016 06:55 PM
The original poster already reported that the TAC was able to resolve his issue via fixing the database.
My suggestion was a last resort method for people who for whatever reason do not have support and is not an official Cisco answer.
This forum has members from all sectors - Cisco, partners, users etc. We help as best we can on a strictly volunteer basis.
03-07-2016 08:48 PM
I´m not saying that your post is a complex solution.
All about SFR on ASA is complex and dissapointing.
If you need to open a TAC case (with manual DB edit included), for a management server change, something is wrong!
06-29-2016 05:20 PM
I just had the same issue and changed it myself. If you session into the sfr module then type the command mentioned above. I didn't have to uninstall it or even shut it down. Once I entered that command, I then added it from Defense Center and all is well now.
>configure manager add <FireSIGHT MC IP> <Registration Key>
10-21-2016 10:02 AM
I had the same issue, I think reinstalling the whole module it is a bit drastric. What worked out for me was deleting the managers that had previously configured on the module, and then reconfiguring the module:
> configure manager delete
Manager successfully deleted.
Manager successfully deleted.
Deleting task list
> configure manager<host> <key> [nat-id]
10-26-2016 06:14 AM
Maybe It's solved on actual release (hope so).
Which version are you using?
(In my last year case, the module die when reinstalling and I need a RMA)
Guido
11-01-2016 11:34 AM
These are the versions that I am using in the Firepower Sensor Module and on the ASA:
Cisco Fire Linux OS v6.0.0 (build 258)
Cisco ASA5525 v6.0.0 (build 1005)
Sorry about your module dying.
08-02-2019 07:13 AM
Thank you, this helped.
Very funny TAC resolves any issue with SFR or FMC itself - reimaging.
06-25-2019 11:35 PM
For me, SW-module module SFR reload worked.!
03-25-2021 06:54 PM
hi marvin,
i need to disable SFR on an ASA since it's not being used. do i really need to apply these 3 commands and is reboot necessary?
ciscoasa# sw-module module sfr shutdown
ciscoasa# sw-module module sfr uninstall
ciscoasa# reload
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide