Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1157
Views
5
Helpful
7
Replies

FTD 1010 upgrade to 7.2

Jacob Gibb
Level 1
Level 1

‎08-01-2022 08:41 AM

So I am working with a FPR 1010 running FTD 7.1 latest release and decided to upgrade to 7.2. The first two attempts failed due to pending changes waiting to be committed (odd because there were none from what I could see). The third 'appeared' to be successful even with the green 'completed successfully' but upon checking the unit was still at 7.1. Has anyone had success with this image or should I wait until the next upgrade 7.2.x is released. 

1 person had this problem
0 Helpful
7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-01-2022 11:03 AM

I've upgraded in the lab but that was with FTDv, not a hardware appliance.

Pending changes could be subtle such as SRU or VDB on the FMC at a higher version than what's deployed.

What does the /ngfw/var/log/sf directory for your 7.2 upgrade show in the status.log file on the appliance?

0 Helpful

Jacob Gibb
Level 1
Level 1

‎08-01-2022 12:59 PM

Hey, Marvin. Good to hear from you! It looks as though it still believes there are pending changes but the UI does not show anything nor pending updates being applied that are scheduled. Is there a CLI method to see pending updates and apply? 

ui: Upgrade in progress: (15% done.34 mins to reboot). Updating Operating System... (300_os/100_install_Fire_Linux_OS_aquila_ssp.sh (in background: 200_pre/600_ftd_onbox_data_export.sh 300_os/001_verify_bundle.sh))
ui:__[] Fatal error: Upgrade Failed: Upgrade failed because of undeployed changes present on the device. Wait until deployment is successful and trigger the upgrade again.. Returning to previous version (7.1.0.1)...
admin@TN1FPR1010:/ngfw/var/log/sf/Cisco_FTD_SSP_FP1K_Upgrade-7.2.0.1659302470.rollback$

0 Helpful

Jacob Gibb
Level 1
Level 1

‎08-01-2022 07:31 PM

Looks like I am hitting this bug. https://bst.cisco.com/bugsearch/bug/CSCwc37853 with no resolution at the moment. Joy.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Jacob Gibb

‎08-01-2022 08:26 PM

Ugh. Yet another reason to dislike FDM-based management. At least they should add 7.2 to the known affected releases.

Thanks for sharing the BugID.

0 Helpful

Marius Gunnerud
VIP
VIP

‎08-02-2022 01:07 AM

I have only tried this on FMC so not sure if it will work on FDM, but could you run the following command to view job status.

OmniQuery.pl -db sdb -e "select device_id, device_name,device_status,job_id from jobs_device_status order by device_status_time;"

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Jacob Gibb
Level 1
Level 1

‎08-02-2022 09:12 AM

Looks like the DB does not exists. 

root@TN1FPR1010:/home/admin# OmniQuery.pl -db sdb -e "select device_id, device_name,device_status,job_id from jobs_device_status order by device_status_time;"
Invalid database (sdb does not exist or is unavailable).

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Jacob Gibb

‎08-03-2022 12:49 AM

ah OK, then it is probably only an FMC command.  I would suggest opening a case with TAC for help clearing these errors.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card