IDS MC 2.0 - signature update process fails

rrussell · ‎12-14-2004

I have recently rebuilt my entire CW2K (VMS2.2) server. I installed the latest MC 2.0 and after importing my devices into it I've found that I cannot deploy changes to a signature or upgrade signatures.

I get the following message when looking at the messages in the process viewer.

Sensor sensor: Signature Update Process

An error occurred while running the update script on the sensor named sensor. Detail = An error occurred at the sensor during the update, sensor message = Connection failed

I've re-imported the devices, deleted and re-created the TLS keys, but still cannot get them working. When I enter the manual command to upgrade the sensor.

I've also tried the following...

sensor# sh clo

*13:26:53 MST Tue Dec 14 2004

sensor# config t

sensor(config)# service trusted

sensor(config-TrustedCertificates)# sh set

trustedCertificates (min: 0, max: 500, current: 0)

-----------------------------------------------

sensor(config-TrustedCertificates)# exit

sensor(config)# tls trusted-host ip-address 10.10.10.54 port 443

Certificate MD5 fingerprint is xxxxx

Certificate SHA1 fingerprint is xxxxx

Would you like to add this to the trusted certificate table for this host?[yes]:

yes

Certificate ID: 10.10.10.54 succesfully added to the TLS trusted host table.

sensor(config)# upgrade https://10.10.10.54/ids-config/vms/sensorupdate/IDS

-sig-4.1-4-S130.rpm.pkg

Warning: Executing this command will apply a signature update to the application

partition.

Continue with upgrade? : yes

Error: Error status returned with status str Not

sensor(config)#

Anyone have any ideas?

I'd like to try to resolve this issue instead of reverting back to my old Cisco Works server.

Sincerely,

Ron Russell

marcabal · ‎12-14-2004

The error "Error: Error status returned with status str Not" is most commonly seen when the upgrade file does not exist on the https server.

The https server is returning an error "Not Found" and the sensor is accidentally cutting of the "Found" when it reports the error that the server reported.

I would recommend checking your VMS server and ensuring that the IDS-sig-4.1-4-S130.rpm.pkg file exists in the proper directory and has correct permissions.

Then try doing this from a different machine.

Copy the URL into your own desktop into Internet Explorer and see if the server gives you any error.

You will also want to see if you get prompted for a username when attempting to download the file.

It could be that your URL needs a username added in order to properly authenticate to the server:

upgrade https://username@10.10.10.54/ids-config/vms/sensorupdate/IDS

-sig-4.1-4-S130.rpm.pkg

Once you get it to where the sensor can actually download the file, then you might be able to get to another underlying issue that the IDS MC may be seeing.

rrussell · ‎12-15-2004

I have checked that the auto-downloaded zip file is located in the cscopx\mdc\etc\ids\updates folder. I unzipped the .rpm.pkg from that zip file and made sure that the permissions in the directory are sufficient.

I cannot however connect to that via the url.

What directory should the .rpm.pkg file be on the CiscoWorks server in a default build to be able to access it from the sensor? I think that's my problem. We've used VMS for all sensor configuration/updates that I'm pretty rusty on the CLI commands.

Ron

teperjesi · ‎12-28-2004

Hi,

I have the same issue here! Can anyone help, to resolve it?

rrussell · ‎12-28-2004

Unfortunately according to the TAC the solution is to uninstall the 2.0 Management Center (just the IDS piece mind you) and reinstall the 1.2.3 MC.

I performed this on our system an all appears well again.

Here is part of the message from the TAC.

The IDS MC 1.2.3 file is...

fcs-IDSMC-V1.2.3-w2k-k9.exe

Check to see that it installed and is recognized:

Server Configuration->Administration->Package Options and select ?IDS MC/Security Monitor Common Framework? on the right hand pane, you will see an entry for VERSION and PATCHVER, you should see:

VERSION 1.2

PATCHVER 3

gives you version 1.2.3

Then apply the latest bug patch, this is very important to apply as it resolves many issues with deployment to sensors and updating signatures. To see if the patch has already been installed do the following:

Server Configuration > About the Server > Applications and Versions > Patches Installed

If not, download it at the following site. You can get the readme or simply follow my installation instructions below. Un-tar it using Winzip or some other unzip package.

http://www.cisco.com/cgi-bin/tablebuild.pl/mgmt-ctr-ids-app

idsmdc1.2.3-win-CSCsa166823.tar

idsmdc1.2.3-win-CSCee609131.tar