Hi
My ASA5506-X logs this problem during bootup:
"There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this."
I have studied CSCvn64163 bug info, but not managed to fix it.
From the Bug Description:
" ...the FSCK process (to check the flash) may inadvertently corrupt the boot image. ...
image file is being truncated "
Is it the ASA software, e.g. asa984-29-lfbff-k8.SPA, that is beeing truncated?
If so, wouldn't an upgrade solve it?
I upgraded ROMMON to 1.1.18 after noticing this (was 1.1.13 before) and then I also
upgraded the ASA and ASDM software but I still get the error message during bootup.
The firewall boots up and appear to start normally. I can enter ROMMON if I want without problem.
Do I have to fix this or is it a cosmetic problem?
If it needs fixing, how do I fix it?
Software running on the ASA as presented in "Show Version" is this:
Cisco Adaptive Security Appliance Software Version 9.8(4)29
Firepower Extensible Operating System Version 2.2(2.138)
Device Manager Version 7.12(2)
------------------------------------------------------------------------------
I include the log from bootup/reload below:
FWHOME#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting... (status 0x9)
..
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...
Rom image verified correctly
Cisco Systems ROMMON, Version 1.1.18, RELEASE SOFTWARE
Copyright (c) 1994-2020 by Cisco Systems, Inc.
Compiled Tue 09/15/2020 20:35:13.52 by wchen64
Current image running: Boot ROM0
Last reset cause: PowerCycleRequest
DIMM Slot 0 : Present
Platform ASA5506 with 4096 Mbytes of main memory
MAC Address: <edited out>
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Located '.boot_string' @ cluster 911750.
#
Attempt autoboot: "boot disk0:/asa984-29-lfbff-k8.SPA"
Located 'asa984-29-lfbff-k8.SPA' @ cluster 873203.
###############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
LFBFF signature verified.
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this.
Starting check/repair pass.
Starting verification pass.
/dev/sdb1: 120 files, 859993/1919830 clusters
dosfsck(/dev/sdb1) returned 0
Mounting /dev/sdb1
IO Memory Nodes: 1
IO Memory Per Node: 205520896 bytes
Global Reserve Memory Per Node: 314572800 bytes Nodes=1
LCMB: got 205520896 bytes on numa-id=0, phys=0x107400000, virt=0x2aaaab000000
LCMB: HEAP-CACHE POOL got 312475648 bytes on numa-id=0, virt=0x7efe43a00000
LCMB: HEAP-CACHE POOL got 2097152 bytes on numa-id=0, virt=0x2aaaaac00000
Processor memory: 1496356715
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 22832
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 22832
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Thu 01-Oct-20 18:47 PDT by builders
Total NICs found: 14
i354 rev03 Gigabit Ethernet @ irq255 dev 20 index 08 MAC: <edited out>
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface @ index 13 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
WARNING: Attribute already exists in the dictionary.
Verify the activation-key, it might take a while...
Running Permanent Activation Key: <edited out>
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 30 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 50 perpetual
Total VPN Peers : 50 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 160 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5506 Security Plus license.
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Cisco Adaptive Security Appliance Software Version 9.8(4)29
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.8
Copyright (c) 1996-2019 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!..
Cryptochecksum (unchanged): <edited out>
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
User enable_1 logged in to FWHOME
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
FWHOME>
