cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2937
Views
6
Helpful
9
Replies

FMC - Installing Vulnerability And Fingerprint Database Updates Failed

swscco001
Level 3
Level 3

Hello everybody,

our customer is running FMCv rel. 7.0.5 with two ASA5516-X running rel. 7.0.5.

He is complaining that the Installing Cisco Vulnerability And Fingerprint
Database Updates Failed (see attached) screen dumps.

I think I can just set the date & time and the effected device for these
scheduled jobs.

I see another job is performed successfully:
- Installing Cisco Firepower GeoLocation Database Update

What can be done to make Installing Cisco Vulnerability And Fingerprint
Database Updates scheduled jobs successful?

Thanks a lot for every hint!

 


Bye
R.

9 Replies 9

tvotna
Spotlight
Spotlight

This can be CSCwe51219. If this is the case, you need to upgrade FMC to 7.0.6+

plwalsh
Level 1
Level 1

Delete VDB 368 from the Updates page. Try to download it again - click the Check for Downloads button on the Updates page . If VDB 368 downloads correctly, either install it manually from the Updates page or schedule a task to install it later. If it does install correctly, a Deploy task will be required.

Hi plwalsh,

thanks for the hints!

In the meanwhile I have upgraded the FMC to the suggested rel. 7.2.4 and installed the hotfix for this rel.

The issue persists unfortunately.

There are no open deployments.

Attached you find the screen dumps of the scheduling and the updates screen.

How would you proceed here to get rid the error messages regarding the 
Vulnerability And Fingerprint Database Updates?

Thanks a lot!



Bye
R.

I would manually download VDB 369 (current latest version) and then upload it to FMC. Install that manually. Deploy to your managed devices (assume you have them on 7.0.6 / 7.2.4 or higher as well).

After that succeeds, scheduled download, install and deploy should start working again.

Hi Marvin,

thannks for the hint!

In the meanwhile VDB369 has been downloaded automatically but I cannot install it manually.
(see attached). There are no open deployments.

Could it be that it is incompatible with rel. 7.0.5 that is still on the devices so that I have
to upgrade them to 7.2.4 too and then retry to install VDB369?

Thanks a lot!


Bye
R.

Your FMC currently has VDB 369 installed which is why you get the message that there are no appliances available for the update.  If you log into the FTD CLI and issue the show version command and verify the VDB version on there.

--
Please remember to select a correct answer and rate helpful posts

Hi Marius,

thanks for the hints!

The 'show version' on the FTD:

> show version
---------------[ fps1.leistritz.de ]----------------
Model                     : ASA5516 (72) Version 7.0.5 (Build 72)
UUID                      : e235acf2-468c-11e7-9fd6-8203821b5486
Rules update version      : 2023-08-14-001-vrt
VDB version               : 369
----------------------------------------------------

So VDB 369 is installed on the FTD.

There are no open deployments.

When I see the red "!" with "No updates to install" in the schedule (see attached) for 
the update installation this let me think that something is not ok. Is it?

What can I do now to get rid of the red "!"?

Thanks a lot!



Bye
R.

 

The red ! would be normal since you download updates only on Sunday (assuming any are available) and then every day of the week try to install any uninstalled updates. That guarantees that at least 6 days of the week the task status will have a red !

Also note a scheduled download task will only find VDBs (assuming you've selected that in the task detail), patches and sometimes hotfixes. Major and minor releases always need to be manually downloaded and it's strongly recommended to read release notes and plan the upgrade accordingly.

Check the deployment history as well as Rule Update Log.

There might be hints as to why the deploy is failing.  My guess is that there is a VDB mismatch between the FMC and FTD

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card