Re: FMC - FTD Deployment/upgrade issue

KiloBravo · ‎04-27-2021

Hi,

Ive erased the config on a fpr2140 which was being managed by FDM and have now added it to FMC(6.6.1) which seems to have gone through fine, all green ticks etc. Prior to wiping it, the FPR was on 6.6.1 but after wiping it, it's now on 6.3. I tried to do an install of 6.6.1 straight awayfrom the FMC but it failed. I noticed it was still waiting to deploy some config from when it joined so I've tried that but that's failing also. The only error FMC gives me is 'Read Timed Out'... which doesn't say much. I've tried re-doing both but to no avail.

When attempting to deploy the the config changes i also see a warning stating "Update failed/in-progress for one or more devices. Cisco recommends that you proceed with deployment when update completes successfully." which doesn't help much as the upgrade fails too.

Anything i can try?

KiloBravo · ‎04-27-2021

so further troubleshooting has given me a little more detail on the problem. when attempting to deploy the initial policy i get the following:

27-Apr-2021 20:49:11.306,[INFO],(DefenseCenterServiceImpl.java:1407)
com.cisco.nm.vms.api.dc.DefenseCenterServiceImpl, pool-2-thread-5
** REST Request [ CSM ]
** ID : 1302e1d2-a2ac-4265-9176-9b0d833d9a30
** URL: Broadcast message.send.deployment
{
"body" : {
"property" : "deployment:device_failure_configuration_cli",
"argumentList" : [ {
"key" : "PHASE",
"value" : "Phase-6"
}, {
"key" : "DEVICE",
"value" : "2ea48b8a-a750-11eb-9444-dbb4d86b0734"
} ]
},
"user" : "68d03c42-d9bd-11dc-89f2-b7961d42c462",
"type" : "deployment",
"status" : "failure",
"progress" : 100,
"silent" : false,
"restart" : false,
"transactionId" : 51539608090,

When trying to upgrade i get the following on the FMC GUI:

Pre upgrade validation - snort version on device is out of date. Deploy access control policy from FMC and trigger upgrade. Device state is not changed.

so the FMC upgrade says i need to dpeloy the access control policy but when trying to apply the ACL policy i get that above mentioned error.

Running out of ideas.

support040 · ‎08-10-2021

Hello,

I have this problem too.

I deployed FMCv (HA) with FTD-1140 (Version 6.4).

i registered device to FMC and then system wants to deploy intial SYSTEM configuration. but deployment faild with this error:

10-Aug-2021 08:12:07.247,[INFO],(DefenseCenterServiceImpl.java:1431)
com.cisco.nm.vms.api.dc.DefenseCenterServiceImpl, pool-4-thread-5
** REST Request [ CSM ]
** ID : 2781d438-4200-4803-bdd7-eee201d4e3f0
** URL: Broadcast message.send.deployment
{
"body" : {
"property" : "deployment:device_failure_configuration_cli",
"argumentList" : [ {
"key" : "PHASE",
"value" : "Phase-6"
}, {
"key" : "DEVICE",
"value" : "293875f8-f90d-11eb-bdab-89292259c95c"

can anybody help?

Marvin Rhoads · ‎08-10-2021

FMCv HA is only supported since release 6.7.

https://www.cisco.com/c/en/us/td/docs/security/firepower/670/relnotes/firepower-release-notes-670/m_features_functionality.html#Cisco_Concept.dita_9ec1deee-f5e6-45b2-b790-177094453a84

Also, I would recommend upgrading your Firepower 1140 to at least 6.6.4 (assuming FMC is at that version or higher) and then trying it again.

nosc · ‎03-16-2022

Did you ever resolve this issue? I am running into the exact same thing. Currently I am running FMC on 6.6.5 and my FTD Is 6.4.0.

I am trying again but upgrading FTD prior to adding it to FMC to see if this helps at all.