cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7381
Views
1
Helpful
4
Replies

Cisco Firepower Threat Defense DBCheck issue

donnie
Level 1
Level 1

Hi all,

 

When i try to use my FMC to push update firewall policy to my FTDs running HA, i got the error below.

"Deployment failed due to major version change on device 6.2.3 to 6.2.3. Unregister the device and re-register." However my production traffic continue to traverse my FTDs without issue and there is no upgrade of firewall version done recently.

 

I logged a case with TAC and the support engineer gathered the following info.

1) Running "show managers" CLI on both my FTDs show "no manager configured"

2) Running "show network" CLI on my both my FTDs return nothing

3) Tried reconfiguring the manager via CLI on both my FTD with the correct registration key but "show managers" command continue to show "no manager configured"

4) Did a DBCheck with DBCheck.pl and the output was 

“Unable to run DB Check, DB error executing [SELECT uuid,type FROM EOStore] Can't call method "prepare" on an undefined value at /ngfw/usr/local/sf/bin/DBCheck.pl line 71.”

5) Rebooted both my FTDs to no avail

 

TAC recommended the following:

*  Switch failover pair

* Break Failover

*Remove the FTD

* Reimage FTD Hardware.

* Register the FTD on the FMC.

* Build Failover .

 

Suspect the issue was due to an earlier power outage to my data centre. Was wondering the drastic solution of breaking and rebuilding the HA is required in view that both my FTDs continue to be able to route my route traffic. Pls advise. TIA!

 

The model of my firepower is 2130.

4 Replies 4

That very intersting issue. (sorry to say this, but i can understand your frustration). As you have opend a cisco TAC case, and they have give you some recommandation in that case i would suggest you to keep the case open with TAC and esclate it to 2 or 1 line instead of the 3rd line support at TAC. meanwhile put a change Request and approved a change window for your CR. keep TAC involved and keep them in a loop. thats the only advise my friend. And please share your experience till at end as this will help others too.

please do not forget to rate.

DGC090687
Level 1
Level 1

Did you ever find a solution for this issue?

I have the same problem.

 

The FMC reports: Deployment failed due to major version change on device from 7.0.0 to 7.0.1. Unregister the device and re-register.

 

On FTD

Show network returns nothing and Show manager says no manager configured.

DBcheck gives this error: 

Unable to run DB Check, DB error executing [SELECT uuid,type FROM EOStore] Can't call method "prepare" on an undefined value at /ngfw/usr/local/sf/bin/DBCheck.pl line 76.

When DBcheck.pl fails it is important to follow the TAC advice to remedy it.

The failure indicates database corruption which will prevent successful deployments and upgrades until it is fixed.

msc_
Level 1
Level 1

I had the same symptoms, except that show managers did show a pending registration.

I followed the instructions from TAC and reimaged the device from the following article:
cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#task_lzh_2zn_rgb

Remember to select the device that wasn't reimaged as the primary unit, to retain configuration when reconfiguring the HA.

Experienced this with version 7.2.5 og ISA3000 platform.

Review Cisco Networking for a $25 gift card