Solved: Re: I'd try adding a manager for

snowmizer · ‎01-30-2015

I have a FirePOWER module in my ASA 5525-X and had registered it with my FireSIGHT Management Center. Unfortunately I removed the device from FireSIGHT and hadn't removed the manager from the FirePOWER module first. I also realized I failed to document the registration key I used for the initial registration. I tried re-adding the manager to my FirePOWER module on my ASA and am now getting the message:

Active Peer mysfr.mydomain.com(1.1.1.1) already exists, peer add failed.Active Peer mysfr.mydomain.com:1.1.1.1 already exists

Is there some way to 1) reset the module so it doesn't know about the previous registration, 2) figure out what registration key was used?

When I run "show managers" it says "No managers configured".

Thanks.

Marvin Rhoads · ‎01-30-2015

I'd try adding a manager for some dummy address - that should replace the indeterminate state the FP module is currently in. Then change it back to point to the legitimate FS manager address.

If all else fails you can just re-image the sfr module. That's what we do when sanitizing them for use in multiple customer environments.

ciscoasa# sw-module module sfr shutdown
ciscoasa# sw-module module sfr uninstall
ciscoasa# reload

ciscoasa# sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-5.3.1-152.img
ciscoasa# sw-module module sfr recover boot

Re-run setup from the module console and then:

asasfr-boot> system install ftp://<FTPusername:FTPpassword>@<FTP IP>/asasfr-sys-5.3.1-152.pkg

Run setup on the system image and then finally:

>configure manager add <FireSIGHT MC IP> <Registration Key>

View solution in original post

Marvin Rhoads · ‎01-30-2015

I'd try adding a manager for some dummy address - that should replace the indeterminate state the FP module is currently in. Then change it back to point to the legitimate FS manager address.

If all else fails you can just re-image the sfr module. That's what we do when sanitizing them for use in multiple customer environments.

ciscoasa# sw-module module sfr shutdown
ciscoasa# sw-module module sfr uninstall
ciscoasa# reload

ciscoasa# sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-5.3.1-152.img
ciscoasa# sw-module module sfr recover boot

Re-run setup from the module console and then:

asasfr-boot> system install ftp://<FTPusername:FTPpassword>@<FTP IP>/asasfr-sys-5.3.1-152.pkg

Run setup on the system image and then finally:

>configure manager add <FireSIGHT MC IP> <Registration Key>

snowmizer · ‎02-02-2015

Found out that Cisco has an ability to remove entries from the MySQL table that will resolve this issue.

Thanks for the suggestion. I'm going to file it away for future reference.

Guido Arturo Catalano · ‎03-07-2016

Cisco rules.

Simple problem, complex solution.

Defense Center dies and you must reinstall every module. Lovely.

Marvin Rhoads · ‎03-07-2016

The original poster already reported that the TAC was able to resolve his issue via fixing the database.

My suggestion was a last resort method for people who for whatever reason do not have support and is not an official Cisco answer.

This forum has members from all sectors - Cisco, partners, users etc. We help as best we can on a strictly volunteer basis.

Guido Arturo Catalano · ‎03-07-2016

I´m not saying that your post is a complex solution.

All about SFR on ASA is complex and dissapointing.
If you need to open a TAC case (with manual DB edit included), for a management server change, something is wrong!

Jon McCormick · ‎06-29-2016

I just had the same issue and changed it myself. If you session into the sfr module then type the command mentioned above. I didn't have to uninstall it or even shut it down. Once I entered that command, I then added it from Defense Center and all is well now.

>configure manager add <FireSIGHT MC IP> <Registration Key>

andreseugenio.r1 · ‎10-21-2016

I had the same issue, I think reinstalling the whole module it is a bit drastric. What worked out for me was deleting the managers that had previously configured on the module, and then reconfiguring the module:

> configure manager delete
Manager successfully deleted.

Manager successfully deleted.

Deleting task list

> configure manager<host> <key> [nat-id]

Guido Arturo Catalano · ‎10-26-2016

Maybe It's solved on actual release (hope so).

Which version are you using?

(In my last year case, the module die when reinstalling and I need a RMA)

Guido

andreseugenio.r1 · ‎11-01-2016

These are the versions that I am using in the Firepower Sensor Module and on the ASA:

Cisco Fire Linux OS v6.0.0 (build 258)
Cisco ASA5525 v6.0.0 (build 1005)

Sorry about your module dying.

vitalii.gaina · ‎08-02-2019

Thank you, this helped.

Very funny TAC resolves any issue with SFR or FMC itself - reimaging.

EngSaidy · ‎06-25-2019

For me, SW-module module SFR reload worked.!

johnlloyd_13 · ‎03-25-2021

hi marvin,

i need to disable SFR on an ASA since it's not being used. do i really need to apply these 3 commands and is reboot necessary?

ciscoasa# sw-module module sfr shutdown
ciscoasa# sw-module module sfr uninstall
ciscoasa# reload

Reconfigure Manager on FirePOWER Module in ASA