cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
330
Views
3
Helpful
5
Replies

Firepower: Unable to upgrade a ASA5516-X with FTD from 7.0.5 to 7.0.6

swscco001
Level 3
Level 3

Hello everybody,

because the new vulnerabilty I have to upgrade a ASA5516-X with FTD from 7.0.5 to 7.0.6.2.

The FMCv is running rel. 7.0.6. The upgrade a ASA5516-X with FTD from 7.0.5 to 7.0.6 failed
even if the readiness check was successful.

I repeated the upgrade twice but get the following error message in the 'Tasks':
"Update install failed (Update install failed)". See attached screen dump.

Is there a log file with more infomation about the reason?

Is there an overview about log files where I can find more infomation about failed upgrades, deployments etc.
for ASA and Firepower appliances?

Thanks a lot!




Bye
R.

5 Replies 5

Is this ASA5516-X that is re-imaged with FTD software or is it running the FPR module?

Log files you can find in expert mode under either under / var/log/sf or /ngfw/var/log/sf/ then search for the directory with the version you are upgrading to (for example Cisco_FTD_SSP_FP2K_Upgrade-7.4.1).  once you CD into this you you can "less status.log" or "less upgrade_status.log".

Just keep in mind that you need to upgrade to 7.0.6 first before patching to 7.0.6.2.

--
Please remember to select a correct answer and rate helpful posts

Hi Marius,

thanks for your reply!

It is a ASA5516-X that is re-imaged with FTD.

I checked the directory:

root@FTD-LIY-01:/ngfw/var/log/sf/Cisco_FTD_Upgrade-7.0.6# ls -l
total 12
-rw-r--r-- 1 root root  236 Apr 29 07:55 DBCheck.log
-rw-r--r-- 1 root root 1448 Apr 29 07:56 status.log
drwxr-xr-x 4 root root 4096 Apr 29 07:56 upgrade_readiness

The file content of status.log:

root@FTD-LIY-01:/ngfw/var/log/sf/Cisco_FTD_Upgrade-7.0.6# more status.log
state:running
ui:Readiness has begun.
ui: Readiness in progress: ( 0% done). (000_start/000_00_run_cli_kick_start.sh)
ui: Readiness in progress: ( 6% done). (000_start/000_check_platform_support.sh)
ui: Readiness in progress: (11% done). (000_start/100_start_messages.sh)
ui: Readiness in progress: (17% done). (000_start/101_run_pruning.pl)
ui: Readiness in progress: (22% done). (000_start/105_check_model_number.sh)
ui: Readiness in progress: (28% done). (000_start/107_version_check.sh)
ui: Readiness in progress: (33% done). (000_start/110_DB_integrity_check.sh)
ui: Readiness in progress: (39% done). (000_start/113_EO_integrity_check.pl)
ui: Readiness in progress: (44% done). (000_start/250_check_system_files.sh)
ui: Readiness in progress: (50% done). (000_start/410_check_disk_space.sh)
ui: Readiness in progress: (56% done). (200_pre/001_check_reg.pl)
ui: Readiness in progress: (61% done). (200_pre/002_check_mounts.sh)
ui: Readiness in progress: (67% done). (200_pre/005_check_manager.pl)
ui: Readiness in progress: (72% done). (200_pre/006_check_snort.sh)
ui: Readiness in progress: (78% done). (200_pre/007_check_sru_install.sh)
ui: Readiness in progress: (83% done). (200_pre/009_check_snort_preproc.sh)
ui: Readiness in progress: (89% done). (200_pre/011_check_self.sh)
ui: Readiness in progress: (94% done). (200_pre/015_verify_rpm.sh)
ui: Readiness Check completed successfully.
ui: Readiness Check has completed.
state:finished

There is no file "upgrade_status.log".

The directory /var/log/sf has the same content.

Where can I still find information about the faild upgrade?

Thanks a lot!



Bye
R.

If the upgrade_status.log file is not present it means that the upgrade doesn't start.  How soon after initiating the upgrade does it fail?  Have you verified that there are no pending deployments that need to be pushed from the FMC?

You might find a reason for the failure in /ngfw/var/log/messages. you can grep for upgrade or failed perhaps.

--
Please remember to select a correct answer and rate helpful posts

NPE-IPBuild
Level 1
Level 1

Hi Marius,

We have facing same issue while upgrading FTD 7.0.5 to 7.0.6

Pushing Image file and reediness check was completed successful.

After checking the logs upgrade stuck at 60% (MySQL script) and revert back to 7.0.5 IOS.

Please check any bug information you have and revert asap.

 

 

Hi @NPE-IPBuild ,

Please start a new discussion for your issue so to keep it separate from this discussion even though they seem similar.

In the new discussion tag me and include the output of the following command (needs to be run in expert mode): DBCheck.pl

Also, check /ngfw/var/log/sf and CD into the upgrade directory for 7.0.6 and then "less upgrade_status.log" and check the failure reason there.  I suggest also checking "less /ngfw/var/log/messages" file for any failed log entries.

Include this info in the new post and we will try to get to the bottom of what is happening with your upgrade.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card