unable to upgrade from IDS 4.1.5-S204 to 5x

melangnghe · ‎12-01-2005

We need help.

- Need to upgrade 30 sensors from IDS4.1.5.S204 to V5x.

- Upon applying IPS-K9-maj-5.0-1-S149.rpm.pkg the upgrade failed with the following error:

component "signatureDefinition" and the instance "sig0"

/signatures/[sig-id=2001,subsig-id=1]/engine/ -- the union does not have a member selected

Connection Failed.

- Downgraded sensor to 4.1.5 S201 and upgrade again failed.

- Ran "recover application-partition" and brought sensor to S47 and again no luck with upgrade.

Cisco said there is a bug in 4.1.5(S204) and our only choice is to reimage all sensors with the ISO Version 5 while waiting for the fix in the next version. Have you encountered this problem? What did you do to fix it.

Simone.

spetreski · ‎12-02-2005

From the error message, I would suggest deleting sig 2001 and then try upgrading it again. That fixed the problem for me.

If downgraded to S47 then I would upgrde to IDS-K9-sp-4.1-4-S91.rpm.pkg and then go to v5.

--Samuel

marcabal · ‎12-02-2005

That error is generally seen when the upgrade script was unable to convert the 4.x configuration to 5.x style configuration.

As part of the Signature Update installation on a verison 4.x sensor, there are 5.x signature files stored on the sensor. When the 5.x upgrade happens the upgrade script looks for these 5.x signature files for use in converting the 4.x config to 5.x.

Sometimes these 5.x signature files don't get properly installed on the sensor during the signature upgrade process.

There is also another situation where if a 5.0 upgrade files, then as part of the failure recovery the 5.0 upgrade is removing those 5.x signature files from the 4.x sensor. This causes a follow on 5.0 upgrade to fail. This is a bug in the 5.0 upgrade script. When the 5.0 installation fails for some reason it was supposed to leave those 5.x signature files on the sensor so they could be used on the next attempt.

So it is possible that those 5.x signature files have been removed from your sensor accidentally.

Luckily there is an easy recovery method. Simple load the latest S206 signature update.

Also be aware that we have seen several failures in upgrading to 5.x because of space issues on the sensor. The S206 signature update has made changes to the NSDB to reduce the used space on the sensor. So loading S206 before upgrading to 5.x will help with any space problems being encountered during the 5.x upgrade.

The other possibility is that there may be something in your configuration for signature 2001 that does not translate properly to 5.0 configuration. So I would recommend deleting any tuning of your 2001 signature before attempting the 5.0 upgrade again.

In a worst case scenario you could also just re-image the entire sensor to 5.0 using either a System Image file (on the IDS-4215, IPS-4240, IPS-4255, IDSM-2, or NM-CIDS), or using the 5.x CD (for IDS-4210, IDS-4235, or IDS-4250). The System Images can be downloaded from the cisco web site. The 5.x CD would need to be ordered through the Product Upgrade Tool on the Cisco website (it is $0 cost for sensors under maintenance contracts).

Jeffrey Bollinger · ‎12-03-2005

I believe the workaround for this bug is to simply re-apply the previous update. So in your case, you may be able to re-apply 4.1.5S204, or even move to S206 and then try the upgrade.