FirePower Health Errors

JoshfromPHX · ‎10-31-2022

Hello,

I am getting these errors on the firewall and am not 100% sure how to resolve them. Any help on this would be great! Thank you in advance.

ModelSoftware VersionOS

Cisco Firepower Management Center 1600

7.0.2 (build 88)

Cisco Firepower Extensible Operating System (FX-OS) 2.10.1 (build192)

balaji.bandi · ‎10-31-2022

check the physical connection of Eth 1/5 - where this connected to Switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

manofsteel03 · ‎11-01-2022

We had similar issues a while back and opened a case with Cisco TAC. It was related to a bug and it's only a cosmetic issue. They had me run some commands on FMC to gather some data and then followed up with running another set of commands to delete the specific UUIDs associated with the errors. Suggest opening a case with TAC to assist if you have an active support contract.

*SSH into the FMC and run these commands to gather info:
expert
sudo su
OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification;"

hth

Marvin Rhoads · ‎11-01-2022

Like @manofsteel03 mentioned, this is usually due to a cosmetic bug. Here are more details on how to fix it (from FMC). Run these 3 commands in order. After running the last one, you should see "no rows returned"

OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=11;"
OmniQuery.pl -db mdb -e 'delete from notification where uuid=unhex("<insert the uuid that the first command returns here");'
OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=11;"

Also covered in this thread:

https://community.cisco.com/t5/network-security/fmc-health-alert-not-clearable-interface-status-modified/td-p/4528153

JoshfromPHX · ‎11-01-2022

Hi Marvin - Thank you for the reply. I ran the command as you recommended but got a permission denied message. Is this to be expected even using the expert command before issuing the commands provided above?

> expert
firepower:~$ OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=11;"
bash: /ngfw/usr/local/sf/bin/OmniQuery.pl: Permission denied
firepower:~$ OmniQuery.pl -db mdb -e 'delete from notification where uuid=unhex( "<insert the uuid that the first command returns here>");'
bash: /ngfw/usr/local/sf/bin/OmniQuery.pl: Permission denied
firepower:~$ OmniQuery.pl -db mdb -e "select status,category,hex(uuid),body from notification where status=11;"
bash: /ngfw/usr/local/sf/bin/OmniQuery.pl: Permission denied

Marvin Rhoads · ‎11-01-2022

You need to run the commands as superuser (su). So first, "sudo su -" to switch user context to superuser. Then all commands will be authorized in that context.

JoshfromPHX · ‎11-01-2022

Perfect thank you. That worked. How long does it take for these errors to go away in the GUI once these have been issued?

Marvin Rhoads · ‎11-01-2022

By default the health monitor policy runs every 10 minutes and will update the GUI at that time. You can go into the FMC health monitor directly and select "Run All" to kick it off manually out of cycle.

JoshfromPHX · ‎11-08-2022

Unfortunately after following the steps above this did not resolve the issue. Is there anything else I can try before I reach out to TAC?