Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
5
Helpful
5
Replies

Failover mate failed on ASA services module

Go to solution
Colin Higgins
Level 2
Level 2

‎06-21-2018 08:39 AM - edited ‎02-21-2020 07:54 AM

I have two ASA service modules running in a Catalyst 6513-E switch.

 

While upgrading the OS on these from 9.24.33 to 9.64 I receive a message saying that the operating systems are different (which is expected) and the configuration is being sent to the mate (also expected)

 

but when I do a "show failover", the standby unit is listed as failed. The OS running on it is listed as 9.64 but I can't administer it. Everything is in status "unknown"

 

I tried to reboot it using failover exec, but it comes back as 9.64 and in a failed state

 

has anyone seen this? What is the workaround?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Colin Higgins

‎06-25-2018 08:09 AM

There are a few caveats listed here:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_65978

 

If you meet those then it should work.

 

There may be a bug you'r hitting that I'm not immediately aware of. A TAC case would be the best bet to verify that as they can check even for non-public bugs.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Abdullo Salikhov
Level 1
Level 1

‎06-24-2018 09:14 PM

Can you share what steps exactly you have done to upgrade the OS version ?

Abdullo Salikhov
Dushanbe, Tajikistan
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-25-2018 02:40 AM

Can you console into the secondary ASA-SM and share the output of "show failover"?

Go to solution
Colin Higgins
Level 2
Level 2
In response to Marvin Rhoads

‎06-25-2018 07:56 AM

marvin:

 

since this is a asa services module, I had to try and session into the secondary device from the switch (no console port)

 

service-module session switch 2 slot 9

 

but it was unresponsive. The status for the card was listed as "other"

 

So I took the card out and put it into another 6500 series switch. I was then able to session in no problem. It was running 9.6.4, so I set it to boot from 9.2.4. I then put it back into the original switch and it came right up. The two ASAs synched up without issue.

 

So what was happening was that when the secondary unit came up with 9.6.4 running, and the primary tried to synch to it, the whole blade would crash. I'm not sure why this was happening (the model is WS-SVC-ASASM-1). It was like the system doesn't like 9.6.4

 

I am wondering if anyone else has seen this, or if there is some compatibility issue I am unaware of?

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Colin Higgins

‎06-25-2018 08:09 AM

There are a few caveats listed here:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_65978

 

If you meet those then it should work.

 

There may be a bug you'r hitting that I'm not immediately aware of. A TAC case would be the best bet to verify that as they can check even for non-public bugs.

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to Marvin Rhoads

‎06-25-2018 08:15 AM

the 6513-E (with supervisor 2T) is running 15.1(1) SY1

 

so according to the matrix, that should work

 

I will check with the TAC and see if there is some bug involved

 

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card