Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2035
Views
0
Helpful
6
Replies

Restored FMC from backup. Can't see or deploy to devices?

andrew.webster
Level 1
Level 1

‎01-25-2023 07:25 AM

hi,

Issue:

Had to rebuild and restore a vmware FMC from an old backup. Now but my FMC won't upgrade and can't connect to Devices?

 

My vmware FMC running 7.0.3 had an issue with its database and TAC recommended to restore from a backup.

Built a new vmware FMC running 7.0.3 and attempted to restore my backup.  The backup runs and eventually returns with the task notification, 'Unable to restore CSM'. 

I have tried this many times with 7.0.3 backups taken from different dates. Same result.

I built another new vmware FMC running 7.0.1 and restore an old backup taken when running 7.0.1.

This restore completes successfully and I see all my FMC settings restored.

Go to Devices page and all my devices show that they're offline.

The Devices are not offline they are happily passing traffic? They are reachable, they are on the same L2 vlan as the FMC.

Next I attempt to upgrade from 7.0.1 to 7.0.3

When attempting to upgrade on the Product Updates webpage I see the error,

'Device configurations are out-of-date. Deploy configurations.'

I cannot select the FMC it is greyed out, the 'Install' button is also greyed out.

I attempt to go to Devices and Deploy to one of my devices.

Deploy fails with error, 'Deployment failed due to communications failure with device. If problem persists after retrying later, contact Cisco TAC'.

Tried multiple times to deploy to device, fails with the same error.

 

 

I am stuck. 

I need the FMC to function again so that I can continue to deploy rule changes to our Devices.

Any ideas what to try next?

 

0 Helpful
6 Replies 6

andrew.webster
Level 1
Level 1

‎01-25-2023 09:42 AM

Ok, 

going through this doc to troubleshoot why my new FMC can't see my devices.

Configure, Verify and Troubleshoot Firepower Device Registration - Cisco

I get to 'show managers' on my Devices and, nothing shows up?

It is like the devices lost their config for the FMC connection?
I don't understand, these were all connected prior to my attempts to restore my FMC backup.

No changes on the devices.

How does this happen with only an FMC restore?

0 Helpful

Marius Gunnerud
VIP
VIP

‎01-25-2023 11:40 PM

I have rebuilt and restored backups for several FMCs without any issues.  You might be hitting a bug and I would recommend opening a TAC case to troubleshoot this further.

The times when I have had to rebuild FMCs, I just built the FMC with the same image version as the previous, connected to the remote storage repository, and then restored backup.  done and dusted. Did not have to deploy or anything more.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

khorram1998
Level 1
Level 1

‎01-26-2023 12:50 AM

 

It sounds like there may be some issues with the restored backup and the current state of the devices. One thing to check is that the backup was taken from the same version of FMC as the one you are restoring to. Additionally, check that the devices that were backed up are the same devices that are currently being managed by the FMC.

Another thing to check is the network connectivity between the FMC and the devices. Ensure that the FMC has the correct IP address and that there is no firewall or other network configuration blocking communication between the FMC and the devices.

You may also want to try resetting the devices to their factory defaults, then re-registering them with the FMC and deploying the configuration again.

If the issue persists, it might be worth opening a TAC case for further troubleshooting and assistance.

Please rate this and mark as solution/answer, if this resolved your issue
All the best,
AK

0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to khorram1998

‎01-26-2023 09:26 PM

..or the devices version is higher than the one on the fmc

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2023 09:53 PM

Adding to other posters - what is the version of FTD?

Has this FMC was in the same DC or EsXI work Group ( may be precise same VLAN or IP Range)

If the FMC  IP changed and ARP not flushed - that need to check ? From FMC Cli are you able to ping FTD ?

If you see all the config in FMC like object and ACP other stuff,

Try to deregister one of the FTD and re-register and for testing push a test policy.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

andrew.webster
Level 1
Level 1

‎04-12-2023 02:35 PM

Update in case a web search leads anyone else here with the same issue:

Here is the fix: Engage tac, escalate.

There is no way I would have found the fix on my own.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card