Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
1
Replies

Bugs with memory in FTD 7.4.2 plus not resolved HostScan issue

voidray87
Level 1
Level 1

‎08-27-2024 11:33 PM

Good day!

After upgrading FTDv100 on VmWare from 7.3.2.1 to 7.4.2, got the following issues:

 

Now upgraded to FTDv100 on VMWare to 7.4.2, got the following issues:
 
Unlike in 7.3.2, which suddenly stopped all the traffic on interfaces, now on 7.4.2:
 
- following Syslog message appeared: 
%FTD-3-321007: System is low on free memory blocks of size 2560 (4 CNT out of 8192 MAX)
 
While checking system resources, CPU, memory and hard disks are sufficient.
 
After that:
 
      - suddenly HostScan stopped working properly, stuck on "HostScan mission complete" and not moving to the next steps, as             described in Bug CSCwj08302
            In release notes for 7.4.2 Cisco says this bug is fixed, but it's NOT!!!
 
         - to resolve the issue temporarily, we disabled HostScan. But got the authentication errors for Secure Client users:
 
 [48243] Session Start
[48243] New request Session, context 0x00001487871f14a0, reqType = Authentication
[48243] Fiber started
[48243] Creating LDAP context with uri=ldaps://10.15.132.240:636
[48243] TLS Connection to LDAP server: ldaps://10.15.132.240:636, status = Successful
[48243] supportedLDAPVersion: value = 3
[48243] supportedLDAPVersion: value = 2
[48243] Binding as (svc_CC_ldap@user.ftdisgarbage.local) [svc_CC_ldap@user.ftdisgarbage.local]
[48243] Performing Simple authentication for svc_CC_ldap@user.ftdisgarbage.local to 10.15.132.240
[48243] LDAP Search:
        Base DN = [ou=company,dc=user,dc=pb,dc=lo
cal]
        Filter  = [sAMAccountName=remote_USER]
        Scope   = [SUBTREE]
[48243] Request for remote_USER returned code (-1) Can't contact LDAP server
[48243] Talking to Active Directory server 10.15.132.240
[48243] Failed to get Active Directory current time, ret code(-1) Can't contact LDAP server
[48243] Fiber exit Tx=291 bytes Rx=660 bytes, status=-2
[48243] Session End
 
 Meanwhile test connection to our LDAP works properly, and our other services authenticated there successfully!
 We also checked all the resouces of virtual machine and inside the appliance - everything is sufficient!
 
 TO RESOLVE ALL ISSUES, WE REBOOT THE FTD - AND IT HELPS!
 
Any suggestions please, except calling TAC. Thanks in advance
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎08-27-2024 11:52 PM

I believe that such issues need a deep dive into the databases of the FTDv, I think there may have been some corruption during the upgrade.  My suggestion, since you do not want to hear call TAC, would be to take a complete backup of all configuration on the FTD and then do a fresh install, and restore the configuration.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card