Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1255
Views
5
Helpful
8
Replies

Upgrade FMCv 7.2 to 7.2.1 - signature validation fails?

andrew.butterworth
Level 7
Level 7

‎10-04-2022 06:43 AM

I've got a FMCv in the lab and am attempting to upgrade from 7.2.0.1-12 to 7.2.1-40, however it is failing the upload from the workstation to the server.  Product Updates, Upload Update, choose file and click upload.  It goes through the motions and then an error pops up saying:fmc-error-1.jpg

The syslog message above indicates the same thing.  I have verified the SHA-512 hash on the workstation I'm uploading it from and its correct.  I've also downloaded it again via a different browser and get the same error when uploading it.

I have checked the disk space requirements and there is 159GB in /Volume and 2GB in /, both of which are more than enough (22GB & 20MB according to the release notes).

The only thing that looks odd is the timestamp on the two syslog messages as they appear to be an hour in front?

Any ideas?

0 Helpful
8 Replies 8

Chakshu Piplani
Cisco Employee
Cisco Employee

‎10-04-2022 06:48 AM

A defect has been filed: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd20551

Regards,

Chakshu

Do rate helpful posts!

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Chakshu Piplani

‎10-04-2022 07:03 AM

Thanks for the BugID @Chakshu Piplani . Multiple people were reporting the same issue in the Firepower Foundry WebEx space. I also confirmed it on one of my deployments.

0 Helpful

andrew.butterworth
Level 7
Level 7

‎10-04-2022 07:36 AM

How much testing actually happens....

0 Helpful

andrew.butterworth
Level 7
Level 7

‎10-04-2022 09:25 AM - edited ‎10-04-2022 09:25 AM

Just tried upgrading a locally managed failover pair of FTDvs from and to the same version (7.2 -> 7.2.1) and this failed with a certificate error (uploaded the image to the standby unit and clicked upgrade and it failed around 50% with this certificate error).  There aren't any certificates installed other than what are built-in or self created as part of the initial build.

I'll refer to my last email - How much testing actually happens....

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to andrew.butterworth

‎10-04-2022 09:30 AM

Most likely you are seeing the same root cause manifesting itself differently when using FDM. The upgrade package is digitally signed using a code-signing certificate. The FDM error is actually a bit more illuminating in that respect in that it points us to a certificate being the problem vs. the more generic "validation" error in FMC.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-05-2022 11:15 AM - edited ‎10-05-2022 08:06 PM

There is a new download available - same file name but updated hash. Apparently something in the original image was corrupted.

I have used it to upgrade two FMCs successfully.

0 Helpful

Chakshu Piplani
Cisco Employee
Cisco Employee

‎10-05-2022 01:10 PM

That's right @Marvin Rhoads the new image is live.

0 Helpful

andrew.butterworth
Level 7
Level 7

‎10-05-2022 02:45 PM

Is the FTD upgrade replacement to follow?

This is error message when upgrading the on-board managed FTD if it helps.

ftdv-upgrade-fail.jpg

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card