12-14-2004 12:33 PM - edited 03-10-2019 01:11 AM
I have recently rebuilt my entire CW2K (VMS2.2) server. I installed the latest MC 2.0 and after importing my devices into it I've found that I cannot deploy changes to a signature or upgrade signatures.
I get the following message when looking at the messages in the process viewer.
Sensor sensor: Signature Update Process
An error occurred while running the update script on the sensor named sensor. Detail = An error occurred at the sensor during the update, sensor message = Connection failed
I've re-imported the devices, deleted and re-created the TLS keys, but still cannot get them working. When I enter the manual command to upgrade the sensor.
I've also tried the following...
sensor# sh clo
*13:26:53 MST Tue Dec 14 2004
sensor# config t
sensor(config)# service trusted
sensor(config-TrustedCertificates)# sh set
trustedCertificates (min: 0, max: 500, current: 0)
-----------------------------------------------
-----------------------------------------------
sensor(config-TrustedCertificates)# exit
sensor(config)# tls trusted-host ip-address 10.10.10.54 port 443
Certificate MD5 fingerprint is xxxxx
Certificate SHA1 fingerprint is xxxxx
Would you like to add this to the trusted certificate table for this host?[yes]:
yes
Certificate ID: 10.10.10.54 succesfully added to the TLS trusted host table.
sensor(config)# upgrade https://10.10.10.54/ids-config/vms/sensorupdate/IDS
-sig-4.1-4-S130.rpm.pkg
Warning: Executing this command will apply a signature update to the application
partition.
Continue with upgrade? : yes
Error: Error status returned with status str Not
sensor(config)#
Anyone have any ideas?
I'd like to try to resolve this issue instead of reverting back to my old Cisco Works server.
Sincerely,
Ron Russell
12-14-2004 02:56 PM
The error "Error: Error status returned with status str Not" is most commonly seen when the upgrade file does not exist on the https server.
The https server is returning an error "Not Found" and the sensor is accidentally cutting of the "Found" when it reports the error that the server reported.
I would recommend checking your VMS server and ensuring that the IDS-sig-4.1-4-S130.rpm.pkg file exists in the proper directory and has correct permissions.
Then try doing this from a different machine.
Copy the URL into your own desktop into Internet Explorer and see if the server gives you any error.
You will also want to see if you get prompted for a username when attempting to download the file.
It could be that your URL needs a username added in order to properly authenticate to the server:
upgrade https://username@10.10.10.54/ids-config/vms/sensorupdate/IDS
-sig-4.1-4-S130.rpm.pkg
Once you get it to where the sensor can actually download the file, then you might be able to get to another underlying issue that the IDS MC may be seeing.
12-15-2004 10:40 AM
I have checked that the auto-downloaded zip file is located in the cscopx\mdc\etc\ids\updates folder. I unzipped the .rpm.pkg from that zip file and made sure that the permissions in the directory are sufficient.
I cannot however connect to that via the url.
What directory should the .rpm.pkg file be on the CiscoWorks server in a default build to be able to access it from the sensor? I think that's my problem. We've used VMS for all sensor configuration/updates that I'm pretty rusty on the CLI commands.
Ron
12-28-2004 02:13 AM
Hi,
I have the same issue here! Can anyone help, to resolve it?
12-28-2004 08:09 AM
Unfortunately according to the TAC the solution is to uninstall the 2.0 Management Center (just the IDS piece mind you) and reinstall the 1.2.3 MC.
I performed this on our system an all appears well again.
Here is part of the message from the TAC.
The IDS MC 1.2.3 file is...
fcs-IDSMC-V1.2.3-w2k-k9.exe
Check to see that it installed and is recognized:
Server Configuration->Administration->Package Options and select ?IDS MC/Security Monitor Common Framework? on the right hand pane, you will see an entry for VERSION and PATCHVER, you should see:
VERSION 1.2
PATCHVER 3
gives you version 1.2.3
Then apply the latest bug patch, this is very important to apply as it resolves many issues with deployment to sensors and updating signatures. To see if the patch has already been installed do the following:
Server Configuration > About the Server > Applications and Versions > Patches Installed
If not, download it at the following site. You can get the readme or simply follow my installation instructions below. Un-tar it using Winzip or some other unzip package.
http://www.cisco.com/cgi-bin/tablebuild.pl/mgmt-ctr-ids-app
idsmdc1.2.3-win-CSCsa166823.tar
idsmdc1.2.3-win-CSCee609131.tar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide