Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1072
Views
0
Helpful
5
Replies

ASA 5505 Boot Issues

BeardedRetroGuy
Level 1
Level 1

‎08-04-2022 08:34 AM - edited ‎08-04-2022 08:38 AM

Not sure where to ask this, but going to give it a shot.

I'm a Network Admin at an ISP and I have several Cisco ASA 5505 series units, ONE of which has a booting issue.  I have included the full Console boot logs for reference.  To start, we see "5505 Boot Fail.txt" where apparently the device can't find a boot image on the included 128MB Compact Flash card.  So I thought "Ok, so there's no boot ROM.  Let me load one."  I went through the whole process of setting up a stand-alone TFTP server with the asa917-32-k8.bin file that it was looking for (I work for an ISP, we have tons of BOOT roms saved for all kinds of hardware we operate).  Cool, the ASA downloads the boot ROM and begins to boot....then hangs in a very specific spot.  So I unplug it and plug it back in and we're back to the first boot failure, as if there is no BOOT image on the CF card.  "OK, maybe the CF card is bad.  Let's try one from a known-working unit."

So I took the covers off this one and another known-good working unit and effectively swapped the Compact Flash cards and tried to boot the unit.  It ALSO stops booting in the same spot.  So THAT log is included as "5505 Changed CF Boot.txt".  I have added the <BOOT LOCKUP HERE> at the bottom so you can see where it locked up.  Hitting the Enter key usually would advance the console by one line, but once at THAT spot in the boot, NOTHING happens.  The only thing I can do is unplug it to hard power it off.

I also include "5505 Success Boot.txt" as the log from the 2nd ASA that works.  This is the one I got the CF card from to put into the first ASA.  This is the boot log when it has its own CF card put back in it and it auto-boots all the way to the console prompt for login.

I have a 3rd ASA 5505, but I wiped out the config and haven't set it up for the next project it's going to be working on - which prompted this entire investigation into whether or not I can fix this messed up ASA so we can use it or if I should just chuck it in the ****-it bucket.  I hate throwing away hardware that can be fixed and then used.

EDIT:  Oh yeah, forgot to add.  This unit is older than my employment with this company, so it is entirely possible the unit has internal damage that isn't visible to the eye and maybe that's why it's not fully booting up.  I haven't tried swapping RAM modules either, but the last time I had an issue with a RAM module in an ASA, it never even began booting at all and just gave an orange Status light and sat there, so I'm thinking there's no RAM issue at play here.

Labels:
Preview file
1 KB
Preview file
1 KB
Preview file
1 KB
0 Helpful
5 Replies 5

IP_Cartel
Level 1
Level 1

‎08-04-2022 08:39 AM

Hi -

Try this: https://www.petenetlive.com/KB/Article/0000792

 

0 Helpful

BeardedRetroGuy
Level 1
Level 1
In response to IP_Cartel

‎08-04-2022 09:12 AM - edited ‎08-04-2022 09:26 AM

I did that first.  The boot process locked up in that same place and I never got to a user prompt OR a prompt to do managed setup.  The thing just hard-locked up on me at the same point you see in "5505 Changed CF Boot.txt" (see OP).  But I can do it again if you like.  I just have to set up the TFTP server again.

EDIT:  Tried it.  Same failure.

Preview file
1 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to BeardedRetroGuy

‎08-05-2022 11:47 PM

Hello,

I hope I don't say anything somebody else already mentioned, but when you loaded the image, did you do that from ROMMON (as described in the link below) ?

Either way, is the 'working' ASA using the exact same image ?

Using the ROMMON to load a new image on Cisco ASA Firewall Step-by-Step

https://www.networkstraining.com/using-the-rommon-to-load-a-new-image-on-cisco-asa-firewall/

0 Helpful

RachelGomez161999
Spotlight
Spotlight

‎08-05-2022 11:13 PM

Steps to fix ASA 5505 Boot Issues-

Run the "fsck" utility
The term fsck is an acronym for filesystem check. This utility usually runs automatically at the start-up of the device and verifies for any anomalies within the filesystem in case of any abnormal events. It fixes the problem within the filesystem and save that as a recovery file. You can execute the fsck utility with the fsck flash: command.

The fsck utility repairs a corrupt filesystem. A successful fsck operation results in this output:

CiscoASA# fsck flash:

Checking the boot sector and partition table...

Checking FAT, Files and Directories...

Reclaiming unused space...

Updating FAT...

Destroying old disk cache...

Initializing disk0: cache, please wait......Done.

fsck of flash: complete
In case of any filesystem corruption issues, the fsck utility generates recovery files namely fsck00??.rec. If you can view a number of these recovery files on the flash, these may result because of an automated testing process where the ASA might be power cycled too often. In general, these files do not contain any vital data and can be safely deleted with the delete command. Example is shown:

CiscoASA# delete fsck0012.rec

Note: The FSCK utility runs automatically at startup, so you can see these recovery files even if you did not manually enter the fsck command.

There are certain instances where these recovery files can be seen on the flash of a freshly ordered Cisco ASA appliances. A snippet of show flash: is shown:

96 -rwx 32768 00:00:00 Jan 01 1980 FSCK0000.REC
97 -rwx 32768 00:00:00 Jan 01 1980 FSCK0001.REC
99 -rwx 32768 00:00:00 Jan 01 1980 FSCK0002.REC
100 -rwx 32768 00:00:00 Jan 01 1980 FSCK0003.REC
This is due to a manufacturing testing and this behavior is filed in Cisco bug ID CSCtf63643 (registered customers only) . These FSCK files dated as 1980 due to when they are created with file description initialized to ZERO by the FSCK utility. These files can be deleted and after a device reboot, these files do not appear again. If these files appear again, you are advised to run a format operation.

Format the Flash
If the flash filesystem stays unresponsive even after trying the fsck utility, you can format the flash to erase all the existing files and images. Flash system can be formatted with the format flash: command.

Note: Check on these actions before you perform the format utility:

Copy the running configuration to the tftp-server with the copy run tftp command OR

Copy the start-up configuration to the tftp-server with the copy start tftp command.

Take a backup from the output of the show version command; as you need to use the activation key.

There is another similar command that performs the same job as format do. It is shown here:

CiscoASA erase flash:
This command overwrites all files and erases the file system, which includes hidden system files, and then reinstalls the file system. On Cisco ASA 5500 series security appliances, the erase command destroys all user data on the disk with the 0xFF pattern. In contrast, the format command only resets the file system control structures. When the erase option is used, it deletes all the information related to the licensing. You need to fetch the activation keys in order to retain the licenses on Cisco ASA. Refer to Cisco Licensing Web Page (registered customers only) for more information and in order to request the activation key.

Note: You need to have valid Cisco user credentials in order to access this web page.

Replace the flash card manually
If none of the previous steps works, then you can try to remove the erroneous flash card manually and replace it with another working flash card. Refer to these documents for a detailed step-by-step procedure in order to perform this task:

Removing and Installing the System CompactFlash

Removing and Installing the User CompactFlash

Note: Before you try to manually replace the card, you are advised to contact the Cisco TAC for further troubleshooting. The device should be under valid Cisco contract in order to open a TAC service request.

 

Regards,

Rachel Gomez

0 Helpful

BeardedRetroGuy
Level 1
Level 1
In response to RachelGomez161999

‎08-09-2022 08:02 AM

Ok, so the problem I have with the ASA is that I cannot get to an actual working command prompt.  All I have to work with is the ROMMON prompt.

I brought an old Windows XP system around to the office yesterday and installed a different hard drive and installed Linux.  I was able to access the Compact Flash card and it looks like there's nothing wrong with it.  I've been able to put the Boot roms on it just fine.  But when I stick it into the ASA, it still fails to read from it.  I'm thinking there's a hardware issue on the board itself and if that's the case, the whole thing is basically unusable.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card