Solved: Device Upgrade fails

ammann9113 · ‎01-16-2017

Good morning!

I'm not able to update my 5506-X to the latest patch (see log below).

It might be because I installed Hotfix 6.1.0.2 before. FMC suggested it and I - without thinking, unfortunately - just installed it.

Thanks!

admin@firepower:/var/log/sf$ cat update.status
OUT: Verifying archive integrity...OUT: All good.
OUT: Uncompressing Cisco Network Sensor Patch / Fri Dec 2 20:30:43 UTC 2016OUT:                                                                                                                                                                                                                                              .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .                                                                                                                                                                                                                                             OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OU                                                                                                                                                                                                                                             T: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT:                                                                                                                                                                                                                                              .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .                                                                                                                                                                                                                                             OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: ..OUT: ..                                                                                                                                                                                                                                             OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OU                                                                                                                                                                                                                                             T: .OUT: .OUT: .OUT: .OUT: .OUT: ...OUT: .OUT: .OUT: .OUT: ..OUT: .OUT: .OUT: .O                                                                                                                                                                                                                                             UT: .OUT: .OUT: .OUT: .OUT: .OUT: ..OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OU                                                                                                                                                                                                                                             T: .OUT: .OUT: .OUT: .OUT: .OUT: ..OUT: .OUT: ..OUT: .OUT: .OUT: ..OUT: ......OU                                                                                                                                                                                                                                             T: .OUT: .....OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: ..OUT: .OUT: ..OUT:                                                                                                                                                                                                                                              ..OUT: ..OUT: ..OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT                                                                                                                                                                                                                                             : ..OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: ....OUT: ..OUT: .......                                                                                                                                                                                                                                             .........OUT: ....OUT: ...OUT: ..OUT: .OUT: .....OUT: .OUT: .OUT: .OUT: .OUT: .O                                                                                                                                                                                                                                             UT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT                                                                                                                                                                                                                                             : .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT:                                                                                                                                                                                                                                              .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .O                                                                                                                                                                                                                                             UT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT: .OUT                                                                                                                                                                                                                                             :
OUT: [170116 07:54:01] #####################################
OUT: [170116 07:54:01] # UPGRADE STARTING
OUT: [170116 07:54:01] #####################################
OUT: END_SCRIPT_000_start_100_start_messages_sh=1 #[170113 06:31:15]
OUT: [170116 07:54:01] BEGIN 000_start/100_start_messages.sh
OUT: END_SCRIPT_000_start_101_run_pruning_pl=1 #[170113 06:32:48]
OUT: [170116 07:54:03] SKIP   000_start/101_run_pruning.pl
OUT: END_SCRIPT_000_start_102_check_sru_install_running_pl=1 #[170113 06:32:51]
OUT: [170116 07:54:04] SKIP   000_start/102_check_sru_install_running.pl
OUT: END_SCRIPT_000_start_105_check_model_number_sh=1 #[170113 06:32:54]
OUT: [170116 07:54:04] BEGIN 000_start/105_check_model_number.sh
OUT: END_SCRIPT_000_start_106_check_HA_sync_pl=1 #[170113 06:32:57]
OUT: [170116 07:54:06] SKIP   000_start/106_check_HA_sync.pl
OUT: END_SCRIPT_000_start_106_check_HA_updates_pl=1 #[170113 06:33:01]
OUT: [170116 07:54:06] SKIP   000_start/106_check_HA_updates.pl
OUT: END_SCRIPT_000_start_107_version_check_sh=1 #[170113 06:33:05]
OUT: [170116 07:54:07] BEGIN 000_start/107_version_check.sh
OUT: END_SCRIPT_000_start_108_check_sensors_ver_pl=1 #[170113 06:33:08]
OUT: [170116 07:54:11] SKIP   000_start/108_check_sensors_ver.pl
OUT: END_SCRIPT_000_start_109_check_HA_MDC_status_pl=1 #[170113 06:33:15]
OUT: [170116 07:54:12] BEGIN 000_start/109_check_HA_MDC_status.pl
OUT: END_SCRIPT_000_start_110_DB_integrity_check_sh=1 #[170113 06:33:54]
OUT: [170116 07:54:19] SKIP   000_start/110_DB_integrity_check.sh
OUT: END_SCRIPT_000_start_111_FS_integrity_check_sh=1 #[170113 06:33:56]
OUT: [170116 07:54:19] SKIP   000_start/111_FS_integrity_check.sh
OUT: END_SCRIPT_000_start_112_CF_check_sh=1 #[170113 06:33:59]
OUT: [170116 07:54:19] SKIP   000_start/112_CF_check.sh
OUT: [170116 07:54:20]   ** enabling SCRIPT_RECOVERY_MODE for 000_start/113_EO_i                                                                                                                                                                                                                                             ntegrity_check.pl
OUT: [170116 07:54:20] BEGIN 000_start/113_EO_integrity_check.pl
OUT: [170116 07:59:40]   FAILED 000_start/113_EO_integrity_check.pl
OUT: [170116 07:59:40]   ====================================
OUT: [170116 07:59:40]     tail -n 10 /var/log/sf/Cisco_Network_Sensor_Patch-6.1                                                                                                                                                                                                                                             .0.1/000_start/113_EO_integrity_check.pl.log
OUT:
OUT:     Checking eec8ac5a-8ee9-11db-8970-bf65a15c7624
OUT:     Checking f02f3708-8ee4-11db-8cee-91d152c7e4b7
OUT:     Checking f5ede9be-8ee9-11db-87b9-e5822c854dba
OUT:     Checking f8b1f526-8ee1-11db-8270-87baeb97b1e6
OUT:     Checking fbd84ad2-8ee8-11db-9f73-ac999eb2bf70
OUT:     Checking fec02bc6-8ee7-11db-bc3f-a2fc0300255a
OUT:
OUT:
OUT: Total errors: 1
OUT: EOIC failed
OUT:
OUT: [170116 07:59:40] Fatal error: Error running script 000_start/113_EO_integr                                                                                                                                                                                                                                             ity_check.pl
OUT: [170116 07:59:40] Exiting.
OUT: removed '/tmp/upgrade.lock/status_log'
OUT: removed '/tmp/upgrade.lock/UUID'
OUT: removed '/tmp/upgrade.lock/LSM'
OUT: removed '/tmp/upgrade.lock/PID'
OUT: removed '/tmp/upgrade.lock/main_upgrade_script.log'
OUT: removed '/tmp/upgrade.lock/AQ_UUID'
OUT: removed directory: '/tmp/upgrade.lock'
OUT: [170116 07:59:40] Attempting to remove upgrade lock
OUT: [170116 07:59:40] Success, removed upgrade lock
RC: 256
The update failed!

Marvin Rhoads · ‎01-16-2017

Managed device backup refers to unified images (FTD) where the entire device configuration can be backed up to FMC.

FirePOWER modules on ASAs are a hybrid of: ASA configuration, module local configuration (bootstrap things you enter during initial setup) and the policies (deployed to the module from FMC). So you cannot get a "full backup" of the device in that case.

If you are already on 6.1.0.1 and are just going for the hotfix, I recall the release notes for that only indicated it fixed some issues with Series 3 (pure FirePOWER appliances). I'd go ahaead and just wait for 6.2 (due out soon!).

View solution in original post

Marvin Rhoads · ‎01-16-2017

I usually suggest opening a TAC case when the detailed update logs are a bit ambiguous.

The integrity check fail usually indicates a corrupt file but I haven't encountered one of those personally.

ammann9113 · ‎01-16-2017

It's just my home ASA, so opening a TAC case will not be an option...

I've thought for myself of a few options:

- Let it be for now and try again with the next release.

- Reinstall the FirePOWER module on the ASA

> What bugs me here is, that I can't backup the device in the FMC. I just don't see any device... (as one can see in the attached screenshot) What does that mean? Is all the configuration stored in the FMC?

I really don't want to reinstall as long as I'm not sure that my backup is sufficient.

- Find my way to any divinity and start praying.

Marvin Rhoads · ‎01-16-2017

Managed device backup refers to unified images (FTD) where the entire device configuration can be backed up to FMC.

FirePOWER modules on ASAs are a hybrid of: ASA configuration, module local configuration (bootstrap things you enter during initial setup) and the policies (deployed to the module from FMC). So you cannot get a "full backup" of the device in that case.

If you are already on 6.1.0.1 and are just going for the hotfix, I recall the release notes for that only indicated it fixed some issues with Series 3 (pure FirePOWER appliances). I'd go ahaead and just wait for 6.2 (due out soon!).