cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16739
Views
20
Helpful
17
Replies

Firepower Management Center: Download updates failed

Not applicable

All of our Firepower Management Centers stopped downloading updates. VDB updates etc. are also not working. Internet connectivity is fine.

Error message trying to download updates: Download updates failed: Error parsing the update file. The file may have been corrupted or the download was incomplete.

Error message trying to download rule updates: Error parsing the update file. The file may have been corrupted or the download was incomplete.

Error message trying to download Geolocation Updates: Failed to fetch the latest Geolocation Update from the Support Site.

When you go to Summary Dashboard, Status, the Product Updates part stays empty.

We see it at several locations, so different internet connections. Checking internet connectivity from CLI is all fine.

Others having same issue?

17 Replies 17

planning-inc
Level 1
Level 1

Exactly the same issue

Running this as per the troubleshooting here.

"admin@Firepower:~# sudo openssl s_client -connect support.sourcefire.com:443"

Returns "Verify return code: 20 (unable to get local issuer certificate). This is true for any https based site - lack of trusted root CA. Not sure why it's vanished/died, but nice to see it's not just me.

Manual updates work (download yourself then upload to FMC), so that's a temporary workaround.

It's the same here:

Verify return code: 20 (unable to get local issuer certificate)

After updating FMC to 6.2.1 the problem is solved, all previous versions seem to be affected.

6.1 also works again now.

I was trying w/ 6.2.1 when the error was occurring.  

freebird3163
Level 1
Level 1

i faced the same problem as you

Maureen Smith
Level 1
Level 1

We are having this problem as well, on FMC version 6.2.0.2.  Running the command "sudo openssl s_client -connect support.sourcefire.com:443" as [@planning-inc] recommended gives the same output  ("Verify return code: 20 (unable to get local issuer certificate)").  This started occurring just within the past few days.

Manual rule and Geolocation DB updates seem to work just fine.

Thank you all for your answers. I see this issue in 6.0, 6.1 and 6.2 ... so it looks like every version is having problems. I suppose Cisco is aware if this issue and they will solve it soon.

deyster94
Level 5
Level 5

Same issue here on two instances of FMC.  Going to see if my contacts at Cisco can shed any light.

Marvin Rhoads
Hall of Fame
Hall of Fame

Odd - it might be something in the trusted root store that FMC uses.

I checked support.sourcefire.com and it resolves to 4 AWS EC2 instances all with the same valid certificate.

SSL Server Test: support.sourcefire.com (Powered by Qualys SSL Labs)

Server Key and Certificate #1

Subject support.sourcefire.com 
Fingerprint SHA256: bb4e6b00955dbee84016d7dedc65838a780e1f30354e0d756a18c3b4decef949
Pin SHA256: AHQlXzgIi3xXeDiSoLHFot4xto7QtktZE30000DTFwI=
Common names support.sourcefire.com
Alternative names support.sourcefire.com
Valid from Tue, 25 Aug 2015 00:00:00 UTC
Valid until Thu, 24 Aug 2017 23:59:59 UTC (expires in 2 months and 11 days)

I am running 6.2.0.3 and just had this same issue - now the Products Update status will not populate - never-ending spinning status wheel.

 

Was there a fix that I did not see - otherwise I guess I will open a TAC case.

 

Thank you,

Anthony

Is there any workaround for this issue?, I´m still facing at 6.2.3 version.

admin@firepower:~$ sudo openssl s_client -connect support.sourcefire.com:443

...

Verify return code: 20 (unable to get local issuer certificate)

Daniel Hamilton
Level 1
Level 1

Same problem here running 6.2.0.1. Been having this issue since yesterday and I thought it was just me and have been trying to troubleshoot. I am glad it is not just me that is affected.

deyster94
Level 5
Level 5

Seems to work now.  Just downloaded updates in FMC 6.2.1.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: