My sensors are now reporting the following, and don't seem to be updating to sig 903.
Auto Update Statistics
lastDirectoryReadAttempt = 16:30:57 GMT-06:00 Tue Jan 12 2016
= Read directory:
= Error: Authentication with ASD server failed.
lastDownloadAttempt = N/A
lastInstallAttempt = N/A
nextAttempt = 18:51:04 GMT-06:00 Tue Jan 12 2016
I attempted to run autoupdatenow on all sensors, but they're stuck at 902. Tried re-applying login credentials, but it's still not working.
Your IPS is hitting a below bug:
This defect was encountered after the ips updated to 7.3.(4) E4. It is verified and the bug might get a fix in next release. You can save the bug and you would receive an automatic update if there is any update for the bug.
However i would recommend to have manual update for signature set in the meantime.
Hope it helps.
Remember to rate helpful post.
That's i am not sure. However the bug is in 'fixed' status. So i expect this to be addressed in next release soon.
As mentioned earlier as well, you can perform manual signature upgrade as of now.
Remember to rate helpful posts.
Release notes shows that the bug is resolved :
The following known issues are resolved in the 7.3(5)E4 release:
• CSCuw28572—IPS fails to encrypt RADIUS password in access-request •CSCuw84972—Evaluation of cids for NTP_October_2015
• CSCuw94570—Insufficient log information for ASD auto update errors
What issue do you see now?
Tested on the auto-update on both IME and via CLI. I also tried to delete and add the IPS module on IME. It is still getting the same error. No Luck.
A interesting hour with Rodger from Cisco TAC
My issue was this message in the updater section of the GUI
Error: Authentication witd ASD server failed
Follow these links and you will have the answer
Auto Upgrade the IPS Command Line Link:
End of Service/End of Life for Signature Services for Intrusion Detection and Prevention
Are you using IME for this Auto upgrade?
Could you please remove the device from IME once and then re-add IME. Perform the Auto-update. Is it giving some kind of EULA acceptance error as the reason as well on gui for the failure.? Accept the EULA license acceptance by clicking on below link :
Try Auto-update once again.
If that doesn't work, then perform below steps:
sensor(config)# ser host
sensor(config-hos)# default auto
Apply Changes?[yes]: yes
And then configure Auto-upgrade once again through IME.
(verify that entered credentials are valid).
Hope it helps
I've faced the same issue in one of our customers IPS 4240 sensor after upgrading to the latest, until this time of writing, 7.1(11p1) E4 version. After opening a TAC case and following the procedure below, mentioned by the TAC engineer, the issue resolved. I am posting this procedure for future reference:
Your CCO login on the IPS device must accept an End User License Agreement before auto-update will proceed. Accept the EULA from the next link
If the EULA has already been accepted, the page shows the following text:
You have already accepted the latest version of EULA. Thank you.