cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11311
Views
5
Helpful
10
Replies

Can't deploy access control policy in FMC 6.0.0.1

kaaremunksgaard
Level 1
Level 1

I'm having problems deploying Default Access Control Policy. I didn't add any rules to begin with.

Warning before proceeding deploy:

Access Control PolicyDefault: No access control rules configured. Improve performance by setting this access control policy's default intrusion policy (pre-rule inspection) to No Rules Active.

After I get this:

Pre-deploy Global Configuration Generation. Unable to load requested Object from DataStore dc906e6e-69ed-11e4-82ce-87dc73eef419,

Deployment failed in policy and object collection. If problem persists after retrying, contact Cisco TAC.

Can you give me an idea of why I can't deploy the policy? And how to fix it.

I have an ASA5506x added to FMC both running ver. 6.0.0.1 incl hotfixes.

Best regards

Kaare

10 Replies 10

yogdhanu
Cisco Employee
Cisco Employee

Hi

Try to update the rule version on FMC and then test it. If it still doesn't work , try to create another access control policy and deploy. If still doesn't work , it might require a TAC case.

Thanks

Yogesh

Hi

Thanks for the reply.

I'm not sure what you mean by updating the rule version. Can you explain that for me please?

And also shouldn't I be able to start with the default first and see it work, and then copy and edit it afterwards?

Thanks

Kaare

Hi

Yes ideally you should be able to do that without having to do anything else but that because you have an issue there ,rule update can be tried.

Just navigate to system >updates>rule update and install the latest rule update and test.

Hi

it was already the latest version installed.

Do you know what it means:

Pre-deploy Global Configuration Generation. Unable to load requested Object from DataStore dc906e6e-69ed-11e4-82ce-87dc73eef419

What else can I try? I updated it to version 6.0.1. Same issue. Problem not solved.

Do I need to create at new FMC server?

Hi Kareem,

It looks like there is an issue with EO Table. The EO Table which has the UUID dc906e6e-69ed-11e4-82ce-87dc73eef419 has some issue. I'd suggest you to open up a TAC case since EO table issues are sensitive.

Regards,

Dv

Hi Guys,

I have the same issue now..
Did you guys sort out the issue. is anyone able to solve the prblm??

Deployment failed in policy and object collection. If problem persists after retrying, contact Cisco TAC.

Can you give me an idea of why I can't deploy the policy? And how to fix it.

Thanks,

Hi,


Did you try to create a new rule and checked if it can be deployed?

The error appears to be showing some corrupt policy objects for that policy being deployed.

Also, one more thing that you can try is disabling any intrusion/file policy if there is any and then try to deploy the same policy.

Thanks,

Ankita

All,

 

Would like to add couple of workaround for this one. 

1. Try to edit any random ACL, and then Save it. Once done, go ahead and deploy the policies, this should work.

2. If step 1 don't work, try creating new rule, save it and deploy policies.

3. If Step 1 and 2 ain't helpful, try update rule version. (I have never came till this thing but again this is also considered as workaround).

4. If nothing works, then there is "Fire" in the "Power" contact Fire Brigade "CIsco TAC".

 

Thanks! 

Does this workaround work in the case where the error is encountered in a fresh deployment?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

For posterity.

 

Since it was in a virtual environment I just ended up importing a new instance into the topology.

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: