Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5719
Views
6
Helpful
3
Replies

Firepower 4110 Security Module/Engine Not Responding/Inaccessible

Go to solution
alex.f.
Level 1
Level 1

‎12-05-2021 05:40 AM - edited ‎12-05-2021 01:31 PM

Hello,

I am working on a regular update cycle with several Firepower 4110 / 2110 / 2140.
I installed the update from 6.6.4 to 6.6.5 on up to eight  HA Cluster but the last one failed.
(so four identical Cluster with Firepower 4110 HA Cluster)

So the first Instance of the HA Cluster did get the 6.6.5 but never come back online.
(the second is now Active on 6.6.4)
I tried the following Steps ( mostly in that order) to get some information:

ping the mgmt form the logical device -> not reachable 
connecting to the 4110 Chassis -> OK
(there are some errors in the overview tab see attachment)

Logical Devices lists the FTD in state "Security module not responding"
restarting the FTD logical Device -> no effect
disable/enable the FTD logical Device -> no effect

Security Engine lists one Hardware State "Inaccessible" service state "not responding" Power "off"
I tried to power on/off the module -> no effect
I tried to power cycle the module (GUI and CLI) -> no effect
I tried to power reinitialize the module (GUI and CLI) -> no effect

 

Chassis# scope ssa
Chassis /ssa # scope slot 1
Chassis /ssa/slot # show detail

Slot:
Slot ID: 1
Log Level: Info
Admin State: Ok
Oper State: Not Responding
Disk Format State: Ok
Disk Format Status: 0%
Clear Log Data: Available
Error Msg:
Chassis /ssa/slot #

 

 

Are there any things I can do or check instead of rebooting the Chassis ?

1 person had this problem
Preview file
98 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-05-2021 06:18 AM

Based on what you have done so far, I would say a chassis reboot is a logical next step. If you have physical access, a cold reboot (full power off) is preferred. If you have console access I would recommend using it and capturing the output of the boot and initialization process.

If that fails, then I would open a TAC case.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-05-2021 06:18 AM

Based on what you have done so far, I would say a chassis reboot is a logical next step. If you have physical access, a cold reboot (full power off) is preferred. If you have console access I would recommend using it and capturing the output of the boot and initialization process.

If that fails, then I would open a TAC case.

Go to solution
alex.f.
Level 1
Level 1
In response to Marvin Rhoads

‎12-05-2021 10:15 AM

Thank you Marvin for your quick response.

Currently I'm remote and have no physical access until Monday or maybe Tuesday.

Are all other log files written to the Device and accessible after the cold reboot?

 

I will do the cold reboot with a console log output and post my findings.

 

thx

Alex

0 Helpful

Go to solution
alex.f.
Level 1
Level 1
In response to Marvin Rhoads

‎12-07-2021 11:24 PM

Hi,

I did a cold reboot and after 20 Minutes the FTD / HA was up and running.

Force Active/Standby Switch was successful.

Nevertheless, I now have a HA with two versions 6.6.5 / 6.6.4.
In the updater of the FMC I can also not select a single FTD but only the HA cluster.
So I will have to update the whole HA cluster again.

 


 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card