cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
1135
Views
4
Helpful
14
Replies
Beginner

Problem with updates after installing 7.3(4)E4

My sensors are now reporting the following, and don't seem to be updating to sig 903.

---

Auto Update Statistics
lastDirectoryReadAttempt = 16:30:57 GMT-06:00 Tue Jan 12 2016
= Read directory:
= Error: Authentication with ASD server failed.
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 18:51:04 GMT-06:00 Tue Jan 12 2016

---

I attempted to run autoupdatenow on all sensors, but they're stuck at 902. Tried re-applying login credentials, but it's still not working.

14 REPLIES 14
Cisco Employee

Hi,

Hi,

Your IPS is hitting a below bug:

https://tools.cisco.com/bugsearch/bug/CSCuw94570/?reffering_site=dumpcr

This defect was encountered after the ips updated to 7.3.(4) E4. It is verified and the bug might get a fix in next release. You can save the bug and you would receive an automatic update if there is any update for the bug.

However i would recommend to have manual update for signature set in the meantime.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful post.

Beginner

Ugh. When can we see the next

Ugh. When can we see the next release?

Cisco Employee

Hi,

Hi,

That's i am not sure. However the bug is in 'fixed' status. So i expect this to be addressed in next release soon.

As mentioned earlier as well, you can perform manual signature upgrade as of now.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

Beginner

Just upgraded to new release

Just upgraded to new release IPS software ver. 7.3.(5) E4.   Cisco haven't resolved this bug on this release. 

Cisco Employee

Hi All,

Hi All,

Release notes shows that the bug is resolved :

Resolved Caveats:

The following known issues are resolved in the 7.3(5)E4 release:

• CSCuw28572—IPS fails to encrypt RADIUS password in access-request •CSCuw84972—Evaluation of cids for NTP_October_2015

• CSCuw94570—Insufficient log information for ASD auto update errors

http://www.cisco.com/c/en/us/td/docs/security/ips/7-3/release/notes/release7-3-5.pdf

What issue do you see now?

Regards,

Akshay Rastogi

Beginner

Tried re-entering the

Tried re-entering the credentials, but still see Authentication with ASD server failed.

Beginner

I am still getting "

I am still getting " Authentication with ASD server failed." error message.  Contacted Cisco TAC and they are looking into it. 

Beginner

Tested on the auto-update on

Tested on the auto-update on both IME and via CLI.  I also tried to delete and add the IPS module on IME.   It is still getting the same error.  No Luck. 

Highlighted

A interesting hour with

A interesting hour with Rodger from Cisco TAC

My issue was this message in the updater section of the GUI

Error: Authentication witd ASD server failed

Follow these links and you will have the answer

Auto Upgrade the IPS Command Line Link:

http://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/cli/cliguide7/cli_system_images.html#wp1071851

 

Download Software

https://software.cisco.com/download/release.html?mdfid=280432811&flowid=48721&softwareid=282549755&release=S947&relind=AVAILABLE&rellifecycle=&reltype=latest

End of Service/End of Life for Signature Services for Intrusion Detection and Prevention

https://www.cisco.com/c/en/us/about/security-center/eol-ips.html

 

 

Signature versions

 

https://tools.cisco.com/security/center/ipshome.x

Cisco Employee

Hi,

Hi,

Are you using IME for this Auto upgrade?

Could you please remove the device from IME once and then re-add IME. Perform the Auto-update. Is it giving some kind of EULA acceptance error as the reason as well on gui for the failure.? Accept the EULA license acceptance by clicking on below link :

https://software.cisco.com/download/eula.html

Try Auto-update once again.

If that doesn't work, then perform below steps:

sensor(config)# ser host
sensor(config-hos)# default auto
sensor(config-hos)# exit
Apply Changes?[yes]: yes

And then configure Auto-upgrade once again through IME.

(verify that entered credentials are valid).

Hope it helps

Regards,

Akshay Rastogi

Beginner

Still failing over here too.

Still failing over here too.

Beginner

I tried the same on version 7

I tried the same on version 7.1(11) E4 and I'm still getting the same error message. 

Beginner

I also can confirm it is not

I also can confirm it is not fixed in 7.3(5)E4.

Dear all.

Dear all.

I've faced the same issue in one of our customers IPS 4240 sensor after upgrading to the latest, until this time of writing, 7.1(11p1) E4 version. After opening a TAC case and following the procedure below, mentioned by the TAC engineer, the issue resolved. I am posting this procedure for future reference:

Your CCO login on the IPS device must accept an End User License Agreement before auto-update will proceed.  Accept the EULA from the next link 

https://software.cisco.com/download/eula.html

 

If the EULA has already been accepted, the page shows the following text:

 

You have already accepted the latest version of EULA. Thank you.

 

Thank you.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards