Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
168
Views
0
Helpful
3
Replies

Problem deploying to Firepower 1010

Kasim
Level 1
Level 1

‎06-20-2024 11:04 AM

Hi all, 

I have a Firepower 1010 in FTD mode managed by FMC. Its geographically located in an area with a slow wan connection (but has in the past been able to receive deployments). 

 

Firmware version is 7.2.5

I have problems deploying to the FTD from FMC - deployment will go to 50% then wait for the device to make changes and report back but it fails after quite a long time. I cant do any deployments or firmware upgrades to the device (since deployments fail).

 

Pigtail deploy shows the following error. I'm far from an expert at debugging FTD's but i suspect this is whats causing the failure :

ACTQ: 06-20 17:47:39  ActionQueueScrape.pl[59273]: START TASK || efc2829c-2f13-11ef-bc36-cc1773d983e9 || Process Control RNA Message || Can't use string ("0") as a HASH ref while "strict refs" in use || 10845
ACTQ: 06-20 17:47:43   ActionQueueScrape.pl[59273]: Task failure (efc2829c-2f13-11ef-bc36-cc1773d983e9) Process Control RNA Message : Can't use string ("0") as a HASH ref while "strict refs" in use at /ngfw/usr/local/sf/lib/perl/5.24.4/SF/RNA/Control.pm line 170.
ACTQ: 06-20 17:48:43  ActionQueueScrape.pl[65204]: START TASK || efc2829c-2f13-11ef-bc36-cc1773d983e9 || Process Control RNA Message || Can't use string ("0") as a HASH ref while "strict refs" in use || 10909
ACTQ: 06-20 17:48:46  ActionQueueScrape.pl[65204]: Task failure (efc2829c-2f13-11ef-bc36-cc1773d983e9) Process Control RNA Message : Can't use string ("0") as a HASH ref while "strict refs" in use at /ngfw/usr/local/sf/lib/perl/5.24.4/SF/RNA/Control.pm line 170.

 

Anybody know what needs to be done here? or what else i need to look at/logs to provide to assist me with this? This device might not be covered anymore under service contracts, so opening a TAC case might not be an available option for me.

 

Thanks

 

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎06-20-2024 12:47 PM

what is the FMC  Version ?

try reboot FMC and try again and Try FTD when you have maintenance and try again.

try some troubleshooting tips :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw-virtual/215258-troubleshooting-firepower-threat-defense.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Kasim
Level 1
Level 1
In response to balaji.bandi

‎06-24-2024 06:33 AM

Thanks balaji for the reply. 

Our FMC version is Version 7.4.1.1 (build 12). We have FTD's with version 7.2.5 up to 7.3.1.2 that work fine. FMC has been rebooted a number of times (to resolve other issues), but this one site continues to have problems with applying deployed packages. 

 

when i look thru the pigtail logs more, i can see that it looks like it looses sftunnel communication at some point but it comes back after.. This device uses the exact same config as all our other devices that work without issue, so i doubt its a config. Currently the sftunnel is connected, i can see the device online in FMC and i sent  the deployment to the device, but it remains at 50% "Deployment to device pending." it will stay there for quite a while then fail. 

 

i will take a look at the link you sent and see if it has anything that can help

thanks

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Kasim

‎06-24-2024 06:38 AM

Check MTU in path between FMC abd FTD'

It can that there is one hop use less than 1500 and since the fmc send packet as dont fragment the packet drop and depoly failed.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card