Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2386
Views
0
Helpful
9
Replies

Upgraded ROMMON image failed verification check on ISR 4331

eric.yang
Level 1
Level 1

‎06-14-2023 07:43 AM

Hi there,

I tried to upgrade ROMMON firmware from 16.9(1r) to 16.12(2r) on an ISR4331 this morning, but I got the error "Upgraded ROMMON image failed verification check".  Is there any workaround to fix the issue? Thanks

ISR1#upgrade rom-monitor filename bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg r0
Chassis model ISR4331/K9 has a single rom-monitor.

Upgrade rom-monitor

Target copying rom-monitor image file
Booted : 0
Selected : 0
Reset Reason: 0
Switching to ROM 1
Upgrading ROMMON image...
4194304+0 records in
4194304+0 records out
4194304 bytes (4.2 MB, 4.0 MiB) copied, 65.3277 s, 64.2 kB/s
4194304+0 records in
4194304+0 records out
4194304 bytes (4.2 MB, 4.0 MiB) copied, 32.5454 s, 129 kB/s
Verifying ROMMON image...
4194304+0 records in
4194304+0 records out
4194304 bytes (4.2 MB, 4.0 MiB) copied, 30.2041 s, 139 kB/s
Switching back to ROM 0

FAILURE: Upgraded ROMMON image failed verification check.
Upgrade image MD5 signature is 871f9d7df678f0c4ea92b7c9c4dfa88c
Upgraded ROMMON image MD5 signature is fd947e2a5f77be3c0989cd93f1cbb624

Labels:
0 Helpful
9 Replies 9

eric.yang
Level 1
Level 1

‎06-14-2023 07:59 AM

Find the solution at https://community.cisco.com/t5/cisco-software-discussions/isr4431-rommon-upgrade/td-p/4045424. Looks it only worked on IOS 9.16.09.05. 

0 Helpful

eric.yang
Level 1
Level 1

‎06-14-2023 10:15 AM

Any other idea/workaround? Nobody is in this branch office just in case if there is any issue during the upgrade.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to eric.yang

‎06-14-2023 04:18 PM - edited ‎06-14-2023 04:19 PM

The ROMMON firmware is corrupt.  Re-Download the firmware again from the Cisco website and compare the MD5 before continuing.

0 Helpful

eric.yang
Level 1
Level 1
In response to Leo Laohoo

‎06-14-2023 04:41 PM

There was no issue with the Rommon file itself. The MD5 value is the same as the Cisco website.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to eric.yang

‎06-14-2023 08:19 PM - edited ‎06-14-2023 08:19 PM

Post the complete output to the command "verify /md5 bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg ff042bf918b0088e913de0c1c23fa891".

0 Helpful

eric.yang
Level 1
Level 1
In response to Leo Laohoo

‎06-14-2023 10:10 PM

It could be a defect a bug.

ISR1#verify /md5 isr4200_4300_rommon_1612_2r_SPA.pkg
.............................................................................Done!
verify /md5 (bootflash:isr4200_4300_rommon_1612_2r_SPA.pkg) = ff042bf918b0088e913de0c1c23fa891

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to eric.yang

‎06-14-2023 11:47 PM

I have never seen anything like it. 

Raise a TAC Case.  

0 Helpful

eric.yang
Level 1
Level 1

‎06-15-2023 08:14 AM

I have upgraded the ROMMON firmware from 16.9(1r) to 16.12(2r) successfully on IOS 9.16.09.05. Please see ROMMON Compatibility Matrix at https://www.cisco.com/c/en/us/td/docs/routers/access/4400/cpld/isr4400_hwfp.html#pgfId-1077103

The ROMMON release 16.9(1r) is the first release that supports the Cisco BIOS Protection. After a device is upgraded to the 16.9(1r) ROMMON release, the ROMMON release cannot be downgraded to a release earlier than 16.9(1r). All future ROMMON releases can be downgraded to the 16.9(1r) release. Also, if a platform has a 16.9(1r) or later release installed, an IOS XE 16.9.1 or later release, or a SD-WAN 16.11.1 or later release must be used for the upgrade.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to eric.yang

‎06-15-2023 04:04 PM

Thanks.  That is an interesting combo.  It now boils to the question:  Which comes first, the chicken or the egg?

0 Helpful
Customers Also Viewed These Support Documents