02-19-2011 08:20 AM - edited 03-10-2019 05:16 AM
Hi,
I have been trying to load "IPS-engine-E4-req-6.0-6" & "IPS-sig-S536-req-E4.pkg" onto the IDS boxes that at present have "IPS-K9-6.0-6-E3" & "IPS-sig-S479-req-E3.pkg" installed.
However, when I tried to Upgrade the signature, I get:
"Cannot upgrade software on the sensor.
-This update may only be installed on a sensor with and engine version of 4.
The currently installed engine version is 3."
So I upgrade the engine and get:
"Cannot upgrade software on the sensor.
errSystemError-idsPackageMgr: digital signature of the update file was nt valid, use CCO to replace corrupted file This update may only be instlled on a sensor with and engine version fo 4.
The currently installed engine version is 3."
Could you please advise why this is happening and how I resolve this?
Thank you.
Trish
Solved! Go to Solution.
02-25-2011 01:44 AM
How are you applying this upgrade – FTP through CLI, FTP through IDM or “upgrade from local PC” through IDM?
I usually:
Apply Service Packs or software upgrades by FTP from CLI.
Upgrade signature files through “upgrade from local PC” in IDM.
So SSH to the box, then:
sensor# conf t
sensor(config)# upgrade ftp://grant@10.1.1.1/IPS-K9-6.0-6-E4.pkg
Password: ******
Warning: Executing this command will The system may be rebooted to complete the
upgrade.
Continue with upgrade? []: yes
02-19-2011 01:29 PM
You will have to upgrade the engine first to E4, using "IPS-engine-E4-req-6.0-6.pkg" file, and reload the IDS, then after the reload, check the output of "show version" and make sure that it has been updated to 6.0.6(E4), and upate the signature to the latest.
02-21-2011 12:18 AM
Hi Jennifer,
Thank you for your reply. This is exactly what i have been trying to do, but the box won't let it happen. It is currently running IDM Version 6.0.202.36, do i need to run a step inbetween first?
Thank you,
02-21-2011 01:15 AM
Can you please share the output of "show version" as well as a screenshot of when it's not happening/failing? I am not sure I understand what you mean by "the box wont let it happen".
02-21-2011 01:29 AM
Apologies.... I refer to the IDS as the box ....
Version:
Application Partition:
Cisco Intrusion Prevention System, Version 6.0(6)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S479.0 2010-03-19
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: IDS-4215-K9
Serial Number: 88810325171
Licensed, expires: 31-Dec-2011 UTC
Sensor up-time is 1 day.
Using 378417152 out of 510341120 bytes of available memory (74% usage)
application-data is using 33.3M out of 166.8M bytes of available disk space (21% usage)
boot is using 37.6M out of 68.6M bytes of available disk space (58% usage)
application-log is using 529.5M out of 2.8G bytes of available disk space (20% usage)
MainApp N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01:15:08-0500 Running
AnalysisEngine N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01:15:08-0500 Running
CLI N-NUBRA_2009_JUL_15_01_10_6_0_5_57 (Ipsbuild) 2009-07-15T01:15:08-0500
Upgrade History:
* IPS-K9-6.0-6-E3 16:48:06 UTC Wed Jul 15 2009
IPS-sig-S479-req-E3.pkg 15:37:28 UTC Tue Dec 21 2010
Recovery Partition Version 1.1 - 6.0(6)E3
And EM attached on a .doc
Thank you
02-21-2011 01:44 AM
Looks like you are trying to update the signature, not the engine itself.
Can you please re-download "IPS-engine-E4-req-6.0-6.pkg" from cisco.com, and upload this file to update the engine from E3 to E4. Alternatively, you can also upgrade the IPS using the upgrade file instead: IPS-K9-6.0-6-E4.pkg
02-21-2011 02:03 AM
I have tried to ugrade the engine first, but I get the same Error message - it's like a circle. If I try the engine it wants the signature, if I tried the signature it wants the engine and now (just to rub salt into the wounds) I've tried to download both the .pkg, as per you reply, and now Cisco is telling me I'm not authorized! I only did this last week....
Thanks for you help Jennifer, but until I get my account issue resolved, I'm stuck.
Can't I use the download I already have of IPS-engine-E4-req-6.0-6.pkg? I only downloaded this last week.
02-21-2011 02:12 AM
Looks like the package that you downloaded might have been corrupted and it's not the full package.
02-21-2011 01:20 PM
Hello, I work in the TAC IDS team. 1. Make sure you are downloading the correct software image: http://tools.cisco.com/squish/ACdb1 2. Before downloading, make a note of the MD5 Checksum. 3. After downloading the software, download: http://www.fastsum.com/ the software that verifies MD5 checksum. Run this on the downloaded file and make sure checksum matches. 4. Once you have verified this, then upgrade the IPS via IDM and let me know if it works. - Sid
02-22-2011 09:20 AM
02-22-2011 11:32 PM
Can you please advise the exact filename as well as the filesize for each of the attempt that you made based on the screenshot of the 3 error messages.
02-23-2011 01:57 AM
02-23-2011 02:47 AM
That's very strange. The files seem to be OK.
Can you please try to reload the IDS once, then check the output of "show version" and if it's not 6.0.6(E4), please try to update with just "IPS-engine-E4-req-6.0-6.pkg" file.
If it still doesn't work, I would suggest that you open a TAC case to an engineer can further look into the issue.
02-23-2011 09:31 AM
Please open a TAC case to have a TAC engineer troubleshoot the issue. The behavior you are seeing is not normal behavior and might need a webex session to troubleshoot. - Sid
02-24-2011 05:44 AM
I have reloaded this box a couple of times, the version is Cisco Intrusion Prevention System, Version 6.0(6)E3
I have also tried to just load the engine and tried an array of loading sequences between the .pkg upgrades i have (listed on the last doc issued) and every variation produces an error message. It is very much a vicious circle going on here and I'm sure that there is something really daft causing it...... but what!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide