02-04-2018 09:50 AM - edited 02-21-2020 07:17 AM
Hi Team,
Need your help to troubleshoot OS upgrade ASA 5550 from ver 9.1(7)7 to 9.1(7)19.
Scenario:
Standby was running on old version [9.1(7)7] and was Active.
Primary was standby with latest version [9.1(7)19].
So, what basically I did:
Primary/Stby# failover active
After re-logging the device. version was 9.1(7)7
Primary/Act# show failover state
state. Last Failure Reason Date/Time
This host - Primary
Active. None
Other host - Secondary
Standby Ready None
===Configuration state===
Sync Done - STANDBY
===Communication state===
Mac set
Primary/act# failover reload-standby
Primary/act# show failover state
state. Last Failure Reason Date/Time
This host - Primary
Active. None
Other host - Secondary
Failed Comm Failure. hr:mn:sec EST MM DD YYYY
===Configuration state===
Sync Done - STANDBY
===Communication state===
Now, Secondary Standby device is un-rechable. Please help troubleshooting. Seems like I don't have console access to secondary device also. Right now, Primary is Active with latest version. Please help urgently, I need to do 8 more fw upgreade but something I missed in hurry :-(
02-04-2018 11:38 AM
All we can see is it has a "Comm Failure". Perhaps try "failover reload-standby" again.
You could also power cycling the standby unit and see what happens.
02-15-2018 06:47 AM
Hi, only to add some stone to the wall and help to find a solution.
Upgrading ASA Active/Passive cluster from 9.1(6)11 to 9.1(7)21 and after that 9.1(7)21 to 9.1(7)23.
During these upgrades, when rebooting the Standby with the new version it still reboot again and again when the active saw the device. (MALLOC in the console).
Debug:
- removing all cable from the standby device and rebooting it -> it worked
- replugging the FAILOVER cable -> MALLOC reboot
- rebooting the device again without cable -> it worked
- removing the failover configuration and replugging the FAILOVER cable -> it worked
- activating the failover -> MALLOC reboot
Solution:
- rebooting the device in romon with the FAILOVER cable in place -> it worked
- setting the failover configuration -> it worked
=> starting to received the configuration from the active device -> device secondary/standby
My concerns now is if one of the devices reboot, will they reboot in loop or not? Waiting Cisco to answer.
02-16-2018 05:03 AM
In regard to Cisco this bug is doing the Malloc reboot:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh90947/?reffering_site=dumpcr
We will see when we will upgrade again. The question is why this is not inside the release note.
02-20-2018 12:10 PM
All expired certificates have been expelled from the device but we are still experiencing the loop booting. Removing the Java Code Signer certificate will solve the issue.
02-21-2018 06:24 AM
What is the impact, if we remove the Java Code Signer Certificate. For what is this needed?
02-21-2018 06:31 AM
02-27-2018 02:11 AM
Any word about a fixed release?
02-27-2018 06:25 AM
It will be in May regarding TAC engineer information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide