05-30-2018 02:24 AM - edited 03-10-2019 01:02 AM
AMP for endpoint failing to start after RHEL patching.
systemctl status cisco-amp
● cisco-amp.service - Cisco AMP for Endpoints daemon
Loaded: loaded (/usr/lib/systemd/system/cisco-amp.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Wed 2018-05-30 03:12:56 EDT; 1h 59min ago
Process: 8796 ExecStartPre=/opt/cisco/amp/bin/cisco-amp-helper start (code=exited, status=1/FAILURE)
/var/log/messages show
init: cisco-amp pre-start: failed to load ampnetworkflow
init: cisco-amp pre-start: failed to load ampnetworkflow.ko version 3.10.0-693.el7.x86_64
init: cisco-amp pre-start: failed to load modules from latest version
systemd: Unit cisco-amp.service entered failed state.
init: cisco-amp pre-start: failed to find compatible kernel version; trying latest version 3.10.0-693.el7.x86_64
05-30-2018 05:41 AM
That looks like a bug / compatibility issue.
If you're already running the latest Linux connector release (currently 1.7.0), I suggest opening a TAC case.
05-30-2018 05:45 AM
Yes we are already on latest 1.7.0.545 connector version.
05-31-2018 03:32 AM
This is TACs reply to this issue
"
Since you are using Linux kernel 3.10.0-862.3.2.el7.x86_64 that corresponds to 7.5. Unfortunately, since 7.5 is not yet supported (since there are performance issues), I would suggest downgrading the kernel back before applying the patch.
We also reproduced this in our lab and indeed 862 corresponds with the April release of 7.5. And also in our lab, AMP failed to start.
Please include attach@cisco.com or REPLY ALL when responding to this email.
Carol Park Floyd
Cisco TAC
Email: cafloyd@cisco.com
So now we are left in a situation where we have to choose between security patches or Cisco AMP.
08-22-2018 01:10 AM
Hi Guys,
Are you seeing similar issues with AMP 1.8 . It says it is supported but i am still seeing it getting failed to start.
08-22-2018 02:14 AM
Even with 1.8 i had issues on some 7.1 versions and then one of the guys on support community showed me release notes of 1.8 on page 27 where it states red-hat 7.2 on wards is supported
12-13-2018 04:14 AM
Hi,
running into same kernel module loading issues with 1.9 and centos 7.6.
Has TAC provided any workarounds? Alternatively, is there a supported way of downgrading to 7.5 or earlier to get it going?
Thanks,
12-13-2018 04:25 AM
Hi,
Apparently there was another issue which was causing AMP to fail.
Unfortunately, we had to roll out AMP . I did heard they rolled out 1.9 to avoid the segmentation issues but the TAC is the best way forward for your scenario.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide