ISR4321 upgrade from 16.3.8 to 17.6.x

Anup Hegde · ‎05-17-2024

hi,

We are trying upgrade IOS for a ISR4321 from 16.3.8 to 17.6.6..

currently on 16.3.8 the rommon version is 16.9(1r).

as part of the ios upgrade we tried to upgrade the rommon to 16.12(2r)

but we get the below error when doing so.

FAILURE: MD5 signature does not match!
Switching back to ROM 1

is there some other procedure to be followed here or is anyone aware of whats happening here?

upgrade rom-monitor filename bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg all
Chassis model ISR4321/K9 has a single rom-monitor.

Upgrade rom-monitor

Target copying rom-monitor image file
selected : 1
Booted : 1
Reset Reason: 0

Info: Upgrading only BIOS from the rommon package
4259840+0 records in
4259840+0 records out
4259840 bytes (4.3 MB) copied, 18.3596 s, 232 kB/s
262144+0 records in
262144+0 records out
262144 bytes (262 kB) copied, 1.10347 s, 238 kB/s
655360+0 records in
655360+0 records out
655360 bytes (655 kB) copied, 2.61189 s, 251 kB/s
File is a FIPS ROMMON image
FIPS-140-3 Load Test on has PASSED.
Authenticity of the image has been verified.
Switching to ROM 0
8192+0 records in
8192+0 records out
4194304 bytes (4.2 MB) copied, 0.0542136 s, 77.4 MB/s
Upgrade image MD5 signature is 871f9d7df678f0c4ea92b7c9c4dfa88c
4259840+0 records in
4259840+0 records out
4259840 bytes (4.3 MB) copied, 21.911 s, 194 kB/s
4194304+0 records in
4194304+0 records out
4194304 bytes (4.2 MB) copied, 60.865 s, 68.9 kB/s
4194304+0 records in
4194304+0 records out
4194304 bytes (4.2 MB) copied, 23.9548 s, 175 kB/s
262144+0 records in
262144+0 records out
262144 bytes (262 kB) copied, 16.2975 s, 16.1 kB/s
Upgrade image MD5 signature verification is dc5378c1b25aa45f0643efddbc17a154

FAILURE: MD5 signature does not match!
Switching back to ROM 1

Leo Laohoo · ‎05-17-2024

Re-download the ROMMON file because it is corrupt.

Cisco ISR & ASR 1k Routers: IOS-XE/Firmware Upgrade (Install Mode)

liviu.gheorghe · ‎05-18-2024

ROMMON upgrade takes place automatically as part of the IOS upgrade if the version differs from the recommended version for the IOS XE version.

You can re-download the ROMMON file like @Leo Laohoo suggested or you can go directly for the IOS XE upgrade and have the ROMMON upgraded automatically.

Hope this helps.

Regards, LG
*** Please Rate All Helpful Responses ***

Anup Hegde · ‎05-20-2024

Thanks @Leo Laohoo , will try this once again on that next attempt. that link of yours has been very helpful on multiple "install" mode upgrades...thanks for that too... i never paid attention to 4300 being able to upgrade in "install" mode.. will try that sometime too

Thanks @liviu.gheorghe for your suggestions...i wasnt sure if rommon is mandatory for which so i was being safe by doing the rommon first.

@both, now we raised a TAC case as well for this... and they've suggested to downgrade to 3.x.x version...upgrade rommon and then upgrade to 17.x.x direectly...so i'm slightly confused

Leo Laohoo · ‎05-20-2024

@Anup Hegde wrote:
and they've suggested to downgrade to 3.x.x version...upgrade rommon and then upgrade to 17.x.x direectly

Please post the exact words from TAC because it is stupid -- ~~4000-series routers do not have 3.X.X firmware~~.

One important thing I want to mention is: It is not possible to do a firmware upgrade from 17.3.X to 17.12 without jumping to an intermediate version like 17.9.X. The reason for this undocumented fact is because 17.12.X requires a ROMMON version of 17.5.1r and the auto ROMMON upgrade only happens in 17.9.X. Auto-ROMMON upgrade is not supported on 17.10.X and later.

The above information is undocumented: I have trawled through different Release Notes for the 1000, 4000 and 8500. All I can see is a matrix table about firmware version and recommended ROMMON version. Nowhere in the Release Notes mention anything an "intermediate" version like 17.9.X.

Cisco introduced the auto ROMMON upgrade after several big customers were not aware that certain versions require certain ROMMON versions. Customers were not (made) aware because Cisco did not include this vital information in the Release Notes. It was "hidden" in plain sight: It was present in some platform but not the others.

Anup Hegde · ‎05-20-2024

Hi Leo,

below is the response from TACL::

"Thanks for sharing the requested logs, I think that we are hitting the following bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg52180/?rfs=iqvred

ISR4000 ROMMON upgrade fails on certain IOS-XE 16.x releases

CSCvg52180

Workaround:

As a workaround, upgrade ROMMON from running version IOS-XE 3.x first.

--------------

Fortunately, there is a 3.X file on your router:

dir bootflash:

Directory of bootflash:/

11 drwx 16384 Nov 9 2017 01:53:37 +00:00 lost+found

80321 drwx 4096 Dec 11 2023 17:36:50 +00:00 .prst_sync

12 -rw- 486645440 Nov 9 2017 02:06:45 +00:00 isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin

353409 drwx 4096 Nov 9 2017 01:54:32 +00:00 .installer

Action plan:

++downgrade your router to the version 03.16.04b

++Try the rommon upgrade again while the router is in the version 03.16.04b

++upgrade the router back to the current version (16.03.08) or to the target version if it is a different one.

"

Leo Laohoo · ‎05-20-2024

I am mistaken about the 3.X.X firmware for the 4300.

I have another option: Upgrade to 17.9.X to take advantage of the auto-ROMMON upgrade and then downgrade to 17.6.X.