Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
20
Helpful
8
Replies

ASA 5555-X upgrade from 9.0(3) to above failing

Menelaos Sazos
Level 1
Level 1

‎01-08-2017 09:25 AM - last edited on ‎03-25-2019 05:59 PM by Community Manager

Hello!

I'm trying to perform an upgrade of the ASA 5555-X from version 9.0(3) to 9.1(2), 9.2(4)-5, 9.6(2)-3 and it's failing. The only version I was able to upgrade to is 9.0(4).

According the "Upgrade to ASA 9.1, 9.2 and 9.6" guides, version 9.0(4) is ok to upgade to any of the versions I'm trying to go to.

Upgrade to 9.1 fails with an error:

ERROR: FIPS Self-Test failure,  fips_continuous_rng_test [-1:11:0:4:16]

Upgrade to 9.2 and 9.6 fail with an error:

Panic: vfw_init_thread - ctm_initialize: ctm_snp_initialize failed.

Did anyone experience such an error? Firewall is turned on for the first time and I really think it's a subject to be RMAed.

Labels:
0 Helpful
8 Replies 8

MANI .P
Level 1
Level 1

‎01-08-2017 09:32 AM

Hi ,

This is the bug for the version.

you may refer the below .

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux33808/?referring_site=bugquickviewredir

Thanks,

Mani

Menelaos Sazos
Level 1
Level 1
In response to MANI .P

‎01-08-2017 09:41 AM

Hello, Mani!

Thanks for the reply, but I do have FIPS disabled:

no fips enable

and the bug does describe issues with only with FIPS being enabled.

With the sofwtware releases listed as "fixed" in your bug link I receive following error (just tested with one more version, 9.4(3)-12:

Panic: vfw_init_thread - ctm_initialize: ctm_snp_initialize failed.

Also, I've tried to boot with wiped config at all, still no luck.

0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to Menelaos Sazos

‎01-08-2017 11:24 PM

Have you tried 9.1.3. I believe it is bug

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCud05798/?reffering_site=dumpcr.

Menelaos Sazos
Level 1
Level 1
In response to Pranay Prasoon

‎01-09-2017 12:47 AM

Hello!

Thanks for the proposal, but this bug does say:

Conditions:
This occurs when FIPS is enabled on the firewall and an anomaly is detected with the random number generator.

And I have FIPS mode explicitly disabled. Also, I've tried some more releases, listed as "Fixed" in this bug.

Should I try 9.1(3) or it wouldn't again make any sense?

0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to Menelaos Sazos

‎01-09-2017 12:53 AM

The second error that you are getting points to hardware issue. I say to upgrade to 9.1.3 as the bug I gave doesn't fix the issue even when you disable the FIPS. 

Menelaos Sazos
Level 1
Level 1
In response to Pranay Prasoon

‎01-09-2017 01:36 AM

Tried 9.1(3), the error is the same as with 9.2 and 9.6:

Panic: vfw_init_thread - ctm_initialize: ctm_snp_initialize failed.

Thanks for the assistance, we are RMAing the unit.

0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to Menelaos Sazos

‎01-09-2017 01:47 AM

yes then it seems hardware related

Pranay Prasoon
Level 3
Level 3
In response to Menelaos Sazos

‎01-09-2017 12:56 AM

Also please follow the image as per below link:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574

See section "upgrading the software"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card