04-27-2016 03:54 AM - edited 02-21-2020 05:48 AM
I'm having problems deploying Default Access Control Policy. I didn't add any rules to begin with.
Warning before proceeding deploy:
Access Control PolicyDefault: No access control rules configured. Improve performance by setting this access control policy's default intrusion policy (pre-rule inspection) to No Rules Active.
After I get this:
Pre-deploy Global Configuration Generation. Unable to load requested Object from DataStore dc906e6e-69ed-11e4-82ce-87dc73eef419,
Deployment failed in policy and object collection. If problem persists after retrying, contact Cisco TAC.
Can you give me an idea of why I can't deploy the policy? And how to fix it.
I have an ASA5506x added to FMC both running ver. 6.0.0.1 incl hotfixes.
Best regards
Kaare
04-27-2016 04:35 AM
Hi
Try to update the rule version on FMC and then test it. If it still doesn't work , try to create another access control policy and deploy. If still doesn't work , it might require a TAC case.
Thanks
Yogesh
04-27-2016 05:26 AM
Hi
Thanks for the reply.
I'm not sure what you mean by updating the rule version. Can you explain that for me please?
And also shouldn't I be able to start with the default first and see it work, and then copy and edit it afterwards?
Thanks
Kaare
04-27-2016 07:04 AM
Hi
Yes ideally you should be able to do that without having to do anything else but that because you have an issue there ,rule update can be tried.
Just navigate to system >updates>rule update and install the latest rule update and test.
04-27-2016 12:25 PM
Hi
it was already the latest version installed.
Do you know what it means:
Pre-deploy Global Configuration Generation. Unable to load requested Object from DataStore dc906e6e-69ed-11e4-82ce-87dc73eef419
What else can I try? I updated it to version 6.0.1. Same issue. Problem not solved.
Do I need to create at new FMC server?
04-29-2016 03:43 AM
Hi Kareem,
It looks like there is an issue with EO Table. The EO Table which has the UUID dc906e6e-69ed-11e4-82ce-87dc73eef419 has some issue. I'd suggest you to open up a TAC case since EO table issues are sensitive.
Regards,
Dv
08-11-2016 05:31 AM
Hi Guys,
I have the same issue
Did you guys sort out the
Deployment failed in policy and object collection. If
Can you give me an idea of why I can't deploy the policy? And how to fix it.
Thanks,
05-04-2016 09:40 AM
Hi,
Did you try to create a new rule and checked if it can be deployed?
The error appears to be showing some corrupt policy objects for that policy being deployed.
Also, one more thing that you can try is disabling any intrusion/file policy if there is any and then try to deploy the same policy.
Thanks,
Ankita
11-17-2018 12:50 PM
All,
Would like to add couple of workaround for this one.
1. Try to edit any random ACL, and then Save it. Once done, go ahead and deploy the policies, this should work.
2. If step 1 don't work, try creating new rule, save it and deploy policies.
3. If Step 1 and 2 ain't helpful, try update rule version. (I have never came till this thing but again this is also considered as workaround).
4. If nothing works, then there is "Fire" in the "Power" contact Fire Brigade "CIsco TAC".
Thanks!
07-03-2019 03:49 PM
Does this workaround work in the case where the error is encountered in a fresh deployment?
07-10-2019 02:45 PM
For posterity.
Since it was in a virtual environment I just ended up importing a new instance into the topology.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide