Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1705
Views
30
Helpful
5
Replies

Problems backing up FMC to new SFTP server

ABaker94985
Spotlight
Spotlight

‎03-01-2022 06:42 AM

We're trying to migrate backups on our FMC to a new SFTP server. Various other network devices are using the remote storage, but we're not able to get any of our FMCs to backup. We currently have a physical and a virtual running 7.0.1 and a virtual running 6.6.4. Depending on the SFTP server configuration, we' re getting the following error messages on the FMC:

 

- Error  Cannot create a test file under directory /mnt/remote-storage or /mnt/remote-storage/sf-storage

This error seems like bug CSCvk40714, but I didn't see 7.0.1 listed. Also, with the top error, a test file is placed in the appropriate directory, and there are no errors on the server side. Every once in a while, a test will succeed, but a second push of the test button with no changes fail.

 

- Error   Cannot mounts SSHFS remote device, please verify the remote director name/username/password and advance options.

We are 100% sure the directory, username, and password are correct. The error on the SFTP server says "SSH Protocol Error: invalid key exchange value".

 

Is there some way to change the parameters on the FMC? What can I add into the advanced field to possibly correct this? Any other ideas as to what I might try? Thanks

5 Replies 5

Rob Ingram
VIP
VIP

‎03-01-2022 07:13 AM

@ABaker94985 what is your SFTP server? In the past I've had issues uploading a backup to a linux server where the algorithms on the server (in my instance ubuntu) only supported the more secure algorithms, which the Cisco FMC/ISE did not support. So we had to modify the supported algorithms on the ubuntu server.

ABaker94985
Spotlight
Spotlight
In response to Rob Ingram

‎03-01-2022 07:37 AM

Thanks for the input, Rob. It's a Windows 2019 server running Solarwinds Serv-U, and I can confirm that some of the less secure algorithms have been disabled on this server. Do you know which algorithms the FMC uses? I don't see a debug for SCP or SFTP, so it may fall under SSH. The server didn't specify what the FMC was using either.

 

rawbert0-
Level 1
Level 1
In response to ABaker94985

‎03-12-2024 07:47 AM

By any chance were you able to figure this out? Running the latest Serv-U with FMC 6.7.0 and experiencing the same issue.

0 Helpful

ABaker94985
Spotlight
Spotlight

‎03-12-2024 09:23 AM

Negative, but we no longer have a problem. We've completely moved away from the Firepower platform.

 

0 Helpful

rawbert0-
Level 1
Level 1
In response to ABaker94985

‎03-12-2024 10:14 AM

Thank you for the quick response on this. If I could office space these things, I would.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card