Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5344
Views
20
Helpful
6
Replies

Reimaged ASA to FTD on ASA5506x - Firepower Device Manager won't load

richeejjj
Level 1
Level 1

‎10-13-2016 12:02 PM

I have attempted to reimage a lab ASA5506x to the FTD image. The upgrade process completed but with errors. Those errors are shown at the bottom of this post.

The system boots to the FTD image and even put me through the initial setup configuration on the CLI console. Once setup is complete I can ssh to the FTD system and run CLI commands. But when I try to browse to it using https there is a problem. I'm first shown the Firepower Device Manager login screen and after I login the page directs to me to https://192.168.45.45/#/easysetup/step-1 but is entirely blank. The easy setup page does not load at all.

This is a lab 5506x that does not have FMC. We want to use the standalone version of Firepower Device Manager to manage this system.

I feel like without webaccess to the FTD the system is useless as I don't think you can do much at the CLI. Does anyone know what I can do to troubleshoot this?

Executing S09database-init                                            [  OK  ]
Executing S11database-populate                                        [FAILED]
Executing S12install_infodb                                           [FAILED]
Executing S15set-locale.sh                                            [  OK  ]
Executing S16update-sensor.pl                                         [FAILED]
Executing S19cert-tun-init                                            [  OK  ]
Executing S20cert-init                                                [  OK  ]
Executing S21disable_estreamer                                        [  OK  ]
Executing S25create_default_des.pl                                    [FAILED]
Executing S30init_lights_out_mgmt.pl                                  [  OK  ]
Executing S40install_default_filters.pl                               [  OK  ]
Executing S42install_default_dashboards.pl                            [  OK  ]
Executing S43install_default_report_templates.pl                      [  OK  ]
Executing S44install_default_app_filters.pl                           [  OK  ]
Executing S45install_default_realms.pl                                [FAILED]
Executing S47install_default_sandbox_EO.pl                            [FAILED]
Executing S50install-remediation-modules                              [  OK  ]
Executing S51install_health_policy.pl                                 [  OK  ]
Executing S52install_system_policy.pl                                 [  OK  ]
Executing S53change_reconciliation_baseline.pl                        [FAILED]
Executing S70remove_casuser.pl                                        [  OK  ]
Executing S70update_sensor_objects.sh                                 [  OK  ]
Executing S85patch_history-init                                       [  OK  ]
Executing S90banner-init                                              [  OK  ]
Executing S95copy-crontab                                             [  OK  ]
Executing S96grow_var.sh                                              [  OK  ]
Executing S96install_vmware_tools.pl                                  [  OK  ]

********** Attention **********

   Initializing the system's localization settings.  Depending on available
   system resources (CPU, memory, and disk), this may take 10 minutes
   or more to complete.

********** Attention **********
Executing S96localize-templates                                       [  OK  ]
Executing S96ovf-data.pl                                              [  OK  ]
Executing S97compress-client-resources                                [  OK  ]
Executing S97create_platinum_forms.pl                                 [  OK  ]
Executing S97install_cas                                              [  OK  ]
Executing S97install_cloud_support.pl                                 [  OK  ]
Executing S97install_geolocation.pl                                   [  OK  ]
Executing S97install_ssl_inspection.pl                                [FAILED]
Executing S97update_modprobe.pl                                       [  OK  ]
Executing S98check-db-integrity.sh                                    [  OK  ]
Executing S98htaccess-init                                            [  OK  ]
Executing S98is-sru-finished.sh                                       [  OK  ]
Executing S99correct_ipmi.pl                                          [  OK  ]
Executing S99start-system                                             [  OK  ]
Executing S99z_db_restore                                             [  OK  ]
Executing S99_z_cc-integrity.sh                                       [  OK  ]
Firstboot scripts finished.
Configuring NTP...                                                    [  OK  ]
fatattr: can't open '/mnt/disk0/.private2': No such file or directory
fatattr: can't open '/mnt/disk0/.ngfw': No such file or directory
Model reconfigure detected, executing scripts
Pinging mysql
Found mysql is running
Executing 45update-sensor.pl                                          [FAILED]
Executing 55recalculate_arc.pl                                        [  OK  ]

Labels:
6 Replies 6

richeejjj
Level 1
Level 1

‎10-21-2016 02:18 PM

I troubleshot this for 2 weeks. This community was totally unresponsive. The docs have absolutely no information on troubleshooting. The FTD command prompt is plaint stupid. The expert prompt was more helpful but only because I'm familiar with linux. After all this, I decided to try re-installing the same image again. You can do this by rebooting FTD, and hit escape during the SECOND timer during bootup and choose boot to CLI. From there, redownload the FTD image to wipe the device and start over. On the 2nd install I had no errors and now the FDM works fine.

Now after using the FDM and FTD for a few hours where it's functioning correctly I absolutely hate it. This is the worst product Cisco has ever made. Avoid FTD like it's an STD.

dastuart
Level 4
Level 4
In response to richeejjj

‎10-24-2016 02:52 PM

Hello Mr. Jeskey –

I apologize that you had not received a response from anyone in this community.  Even though it appears that you resolved the question of getting FDM started, we recommend that in the future, with very technical questions like the original, the best place to post them would be in the Cisco Support Community or by opening a Technical Assistance Center (TAC) case.  That way you can be sure to get the support you need quickly.

I'm sorry to understand that you are unhappy with the product.  We always are striving to improve, and our TAC will be happy to accept and document any suggestions for improvement.   We hope that we can better serve you in the future.

tmontgom
Cisco Employee
Cisco Employee

‎11-17-2016 10:17 PM

I have run into this issue as well.

I have found success with the following...  Considering you want a clean install migration from ASA with Firepower Module

This is focused on the state of the SSD drive on the ASA5506x and it's format.

  1. Make sure the ASA rommon is at 1.1.8.  If not, refer to this
  2. erase disk0: from rommon
  3. load either ASA 9.6.2 or 9.6.1 via rommon and TFTP
  4. At the ASA CLI format disk0:
  5. Issue the dir command from the CLI to make sure there is space on the SSD.  If not, go through steps 2-4 again.
  6. Bounce back to rommon and proceed to load the FTD boot file ftd-boot-9.6.2.0.lfbff via TFTP
  7. Use the FTD boot process to load FTD file ftd-6.1.0-330.pkg via FTP or HTTP. Instructions
  8. Hopefully your DB failures will disappear with a lot of green OKs
  9. You will login into the ASA with admin/Admin123 to access the startup script
  10. Provide the info required and make sure you provide a yes for local management
  11. And after the startup script you will need to reboot one more time.
  12. Use your browser to access the ASA and experience the /#/easystartup page.

ugot2nome
Level 1
Level 1
In response to tmontgom

‎12-24-2016 10:12 AM

Thank you for the detailed steps. I would like to add one more thing. When upgrading the image for the ASA 5506-X please ensure the correct image (e.g. asa961-lfbff-k8.SPA) is downloaded via TFTP and not the incorrect image (e.g. asa961-smp-k8.bin) as the document incorrectly states or doesn't correctly clarify. Here is good link in an attempt to pay it forward for the next person that stumbles upon this.

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

0 Helpful

azhar.butt
Level 1
Level 1

‎11-29-2016 11:08 AM

Running into the same issue. Hopefully this product can mature before it's too late for Cisco.

0 Helpful

tmontgom
Cisco Employee
Cisco Employee
In response to azhar.butt

‎11-29-2016 11:19 AM

The above process has worked with over 15 ASA5506x conversions from ASA/FP to FTD 6.1.  However I have seen it may take up to three attempts.  There is some defect in the the install script as indicated by RichieJJJ's log above.  When I see that, I know I am going to have to restart the process.  Apparently I have heard that this may only affect the ASA5506x but I don't have any verification on this.  The key is the erase disk0: from rommon, reload the asa code temporarily so you can format the drive, and then begin the FTD install process.

I have been running this as my home office production firewall for over a month now and it has been stable.  All services turned on.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card