Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1322
Views
4
Helpful
6
Replies

Add network object: An unexpected error occurred.

Go to solution
Paweł Kordysz
Level 1
Level 1

ā€Ž04-05-2023 12:17 AM

Hey,

I have problem, where I can't create new object in FDM, I don't know why but the error shows only when creating a new network object or a group.

MateuszMatracki_0-1680678988183.png

FDM is working on 7.3.0-69 version

Reboots didn't help

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Chung
Level 1
Level 1

ā€Ž06-16-2023 05:56 PM

So its this bug and was informed it was fixed in 7.2.4.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc84437

The system sees a duplicate object uuid. They initially told me to search for the offending object's uuid but never told me how to identify the object first. Finally did a screen share with them and when into the CLI and into expert mode in ftd, then "sudu su" and ran the "pigtail ui" command. Went back into the GUI and tried to create an object to replicate the error so it would be captured in the logs. Looked in the log file it created. (Note, only use pigtail commands under the direction of the Cisco Technical Assistance Center.) https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/dr.html#wp1216362940

In the logs we saw this

NGUI: 06-16 23:05:27 ajp-nio-8009-exec-3: ERROR ExceptionHandlerAspect:57 - Un-managed Exception:ConfigEntity com.cisco.ngfw.onbox.backend.services.ConfigurationEntityServiceImpl.create(Class,ConfigEntity,ServiceParam)
NGUI: 06-16 23:05:27 java.lang.IllegalStateException: Duplicate key NetworkObject(9820)/ef0e5573-eb9d-11ed-8068-6fd69d0ea283

When done, did Ctrl+c to stop pigtail from running.

Then we followed these steps they gave me below to delete the bad object.

1. Navigate to the API explorer: https://IP_address/#/api-explorer

2. Under NetworkObject select the GET /object/networks/{objId}

         in my case my objid was ef0e5573-eb9d-11ed-8068-6fd69d0ea283

3. Search for the uuid of the problematic object to identity it and click Try it out!

4. The response Body should show the information of the object:
{ "version": "dxqbm7vj3s4tj", "name": "Securetest61", "description": null, "subType": "HOST", "value": "10.252.251.61", "isSystemDefined": false, "dnsResolution": "IPV4_AND_IPV6", "id": "ef0e5573-eb9d-11ed-8068-6fd69d0ea283", "type": "networkobject", "links": { "self": "https://10.88.243.67:44200/api/fdm/v6/object/networks/ba666b86-6a34-11eb-8482-fde80f4e8730" } }

5. On FDM GUI, navigate to Object > Networks and search for the object name identified on step 4.

6. Remove the Object Network from the Object Group where the object is being used

7. Save and deploy the changes.

I asked why does it see a duplicate uuid when its not listed when pulling all the objects using the api explorer, but the TAC person said there were no details as to why. I suspect it was a database bug which allowed for the object to be duplicated during deployment.

And just curious, why haven't you opened a TAC case?

Also, not sure if I remembered all the steps so proceed with caution if trying out these steps, mainly in the CLI.

 

 

View solution in original post

6 Replies 6

Go to solution
Paweł Kordysz
Level 1
Level 1

ā€Ž04-05-2023 12:54 AM

Update:

We have 3 FDM in our infrastructure, 2 of them are on 7.3.0 version, where is exactly this problem, on 3rd FDM where is 7.0.1 is everything ok, so I supposed maybe there is problem with os 7.3.0? Anyone had this problem?

After upgrade to 7.3 everything worked fine, after 2 months from upgrade there is a problem

Go to solution
Paweł Kordysz
Level 1
Level 1

ā€Ž04-17-2023 06:38 AM

Update: 

When I try create object by Api-Explorer, there is the same issue:

{ "error": { "severity": "ERROR", "key": "General", "messages": [ { "description": "An unexpected error occurred.", "code": "unknownError", "location": "" } ] } }

Go to solution
Paweł Kordysz
Level 1
Level 1

ā€Ž04-17-2023 07:09 AM

Both devices have the same issue, there is the model and version fdm:

1. Cisco Firepower 1140 Threat Defense (78) Version 7.3.0 (Build 69)

2. Cisco Firepower 1010 Threat Defense (78) Version 7.3.1 (Build 19)

0 Helpful

Go to solution
Paweł Kordysz
Level 1
Level 1

ā€Ž06-01-2023 01:30 AM

We have still the same issue, has anyone some ideas?

0 Helpful

Go to solution
John Chung
Level 1
Level 1

ā€Ž06-14-2023 04:43 PM

Was running 7.1.0.1-28 when I starting having the error. Upgraded to 7.2.4-165 but that did not fix it. Currently waiting for TAC to get back to me.

Go to solution
John Chung
Level 1
Level 1

ā€Ž06-16-2023 05:56 PM

So its this bug and was informed it was fixed in 7.2.4.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc84437

The system sees a duplicate object uuid. They initially told me to search for the offending object's uuid but never told me how to identify the object first. Finally did a screen share with them and when into the CLI and into expert mode in ftd, then "sudu su" and ran the "pigtail ui" command. Went back into the GUI and tried to create an object to replicate the error so it would be captured in the logs. Looked in the log file it created. (Note, only use pigtail commands under the direction of the Cisco Technical Assistance Center.) https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/dr.html#wp1216362940

In the logs we saw this

NGUI: 06-16 23:05:27 ajp-nio-8009-exec-3: ERROR ExceptionHandlerAspect:57 - Un-managed Exception:ConfigEntity com.cisco.ngfw.onbox.backend.services.ConfigurationEntityServiceImpl.create(Class,ConfigEntity,ServiceParam)
NGUI: 06-16 23:05:27 java.lang.IllegalStateException: Duplicate key NetworkObject(9820)/ef0e5573-eb9d-11ed-8068-6fd69d0ea283

When done, did Ctrl+c to stop pigtail from running.

Then we followed these steps they gave me below to delete the bad object.

1. Navigate to the API explorer: https://IP_address/#/api-explorer

2. Under NetworkObject select the GET /object/networks/{objId}

         in my case my objid was ef0e5573-eb9d-11ed-8068-6fd69d0ea283

3. Search for the uuid of the problematic object to identity it and click Try it out!

4. The response Body should show the information of the object:
{ "version": "dxqbm7vj3s4tj", "name": "Securetest61", "description": null, "subType": "HOST", "value": "10.252.251.61", "isSystemDefined": false, "dnsResolution": "IPV4_AND_IPV6", "id": "ef0e5573-eb9d-11ed-8068-6fd69d0ea283", "type": "networkobject", "links": { "self": "https://10.88.243.67:44200/api/fdm/v6/object/networks/ba666b86-6a34-11eb-8482-fde80f4e8730" } }

5. On FDM GUI, navigate to Object > Networks and search for the object name identified on step 4.

6. Remove the Object Network from the Object Group where the object is being used

7. Save and deploy the changes.

I asked why does it see a duplicate uuid when its not listed when pulling all the objects using the api explorer, but the TAC person said there were no details as to why. I suspect it was a database bug which allowed for the object to be duplicated during deployment.

And just curious, why haven't you opened a TAC case?

Also, not sure if I remembered all the steps so proceed with caution if trying out these steps, mainly in the CLI.

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card