06-13-2017
12:08 AM
- last edited on
02-21-2020
06:05 AM
by
cc_security_adm
All of our Firepower Management Centers stopped downloading updates. VDB updates etc. are also not working. Internet connectivity is fine.
Error message trying to download updates: Download updates failed: Error parsing the update file. The file may have been corrupted or the download was incomplete.
Error message trying to download rule updates: Error parsing the update file. The file may have been corrupted or the download was incomplete.
Error message trying to download Geolocation Updates: Failed to fetch the latest Geolocation Update from the Support Site.
When you go to Summary Dashboard, Status, the Product Updates part stays empty.
We see it at several locations, so different internet connections. Checking internet connectivity from CLI is all fine.
Others having same issue?
06-13-2017 02:35 AM
Exactly the same issue
Running this as per the troubleshooting here.
"admin@Firepower:~# sudo openssl s_client -connect support.sourcefire.com:443"
Returns "Verify return code: 20 (unable to get local issuer certificate). This is true for any https based site - lack of trusted root CA. Not sure why it's vanished/died, but nice to see it's not just me.
Manual updates work (download yourself then upload to FMC), so that's a temporary workaround.
06-13-2017 03:00 AM
It's the same here:
Verify return code: 20 (unable to get local issuer certificate)
06-13-2017 07:30 AM
After updating FMC to 6.2.1 the problem is solved, all previous versions seem to be affected.
06-13-2017 07:34 AM
6.1 also works again now.
06-13-2017 07:34 AM
I was trying w/ 6.2.1 when the error was occurring.
06-13-2017 03:02 AM
i faced the same problem as you
06-13-2017 05:22 AM
We are having this problem as well, on FMC version 6.2.0.2. Running the command "sudo openssl s_client -connect support.sourcefire.com:443" as [@planning-inc] recommended gives the same output ("Verify return code: 20 (unable to get local issuer certificate)"). This started occurring just within the past few days.
Manual rule and Geolocation DB updates seem to work just fine.
06-13-2017 05:36 AM
Thank you all for your answers. I see this issue in 6.0, 6.1 and 6.2 ... so it looks like every version is having problems. I suppose Cisco is aware if this issue and they will solve it soon.
06-13-2017 05:43 AM
Same issue here on two instances of FMC. Going to see if my contacts at Cisco can shed any light.
06-13-2017 06:07 AM
Odd - it might be something in the trusted root store that FMC uses.
I checked support.sourcefire.com and it resolves to 4 AWS EC2 instances all with the same valid certificate.
SSL Server Test: support.sourcefire.com (Powered by Qualys SSL Labs)
11-10-2017 07:35 AM
I am running 6.2.0.3 and just had this same issue - now the Products Update status will not populate - never-ending spinning status wheel.
Was there a fix that I did not see - otherwise I guess I will open a TAC case.
Thank you,
Anthony
11-27-2018 03:08 PM
Is there any workaround for this issue?, I´m still facing at 6.2.3 version.
admin@firepower:~$ sudo openssl s_client -connect support.sourcefire.com:443
...
Verify return code: 20 (unable to get local issuer certificate)
06-13-2017 06:31 AM
Same problem here running 6.2.0.1. Been having this issue since yesterday and I thought it was just me and have been trying to troubleshoot. I am glad it is not just me that is affected.
06-13-2017 07:17 AM
Seems to work now. Just downloaded updates in FMC 6.2.1.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide