Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
7443
Views
0
Helpful
2
Comments

ASA CX stuck in Init

Collin Clark
VIP Alumni
VIP Alumni

‎01-17-2014 10:34 AM - edited ‎03-08-2019 06:53 PM

I was tasked with installing an ASA5515-X with CX. I configured the ASA, installed the AD Agent on a Windows server and configured on-box PRSM. Everything was working great. I then cut over to the new ASA. Everything was working except browsing. I could ping, do DNS lookup's, just no browsing. I concluded that the CX policy must have something to do with the browsing issue. I tried to web to the CX, but I was getting no response. I tried getting to the CLI through the ASA session command. Again no repsonse. I check the status of the module and it looked good.

 

ASA-CX# sh module

 

Mod  Card Type                                    Model              Serial No.

---- -------------------------------------------- ------------------ -----------

   0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525            ***********

ips Unknown                                      N/A                ***********

cxsc Unknown                                      N/A                ***********

 

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version   

---- --------------------------------- ------------ ------------ ---------------

   0 4c4e.35ea.da6b to 4c4e.35ea.darr  1.0          2.1(9)8      9.1(1)

ips 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A          9.1.1

 

Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

ips Unknown                        No Image Present Not Applicable

cxsc ASA CX                         Up               9.1.1

 

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

   0 Up Sys             Not Applicable      

ips Unresponsive       Not Applicable      

cxsc Up                 Up                  

 

Mod  License Name   License Status  Time Remaining

---- -------------- --------------- ---------------

ips IPS Module     Disabled        perpetual   

 

ASA-CX#

 

I decided I would reboot the CX module. Now things went from bad to worse. The CX module would not boot. It would stay in Init. After about 10 minutes it would go to Unresponsive for about 5 seconds and then back into Init. After trying commands to shutdown, reset, reload, etc the CX module without luck I ended up opening a TAC case. They stated I would have to recover the CX. I had figured this already but I already had the AD Agent and all working so I was really trying to not do the recovery. Anyway I had to recover. However I hit another SNAFU. I could not recover it.

 

ASA-CX(config)# sw-module module cxsc recover boot

 

Module cxsc will be recovered. This may erase all configuration and all data

on that device and attempt to download/install a new image for it. This may take

several minutes.

 

Recover module cxsc? [confirm]

 

Module cxsc cannot be recovered, not in Up, Down, or Unresponsive state.

ASA-CX(config)# sh module                       

 

Mod  Card Type                                    Model              Serial No.

---- -------------------------------------------- ------------------ -----------

   0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525            **********

ips Unknown                                      N/A                **********

cxsc Unknown                                      N/A                **********

 

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version   

---- --------------------------------- ------------ ------------ ---------------

   0 4c4e.35ea.da6b to 4c4e.35ea.darr  1.0          2.1(9)8      9.1(1)

ips 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

 

Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

ips Unknown                        No Image Present Not Applicable

 

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

   0 Up Sys             Not Applicable      

ips Unresponsive       Not Applicable      

cxsc Init               Not Applicable      

 

Mod  License Name   License Status  Time Remaining

---- -------------- --------------- ---------------

ips IPS Module     Disabled        perpetual   

 

What finally resolved the issue was a power cycle of the ASA. When the ASA came back up I checked the module status and it again said it was in Init.

 

ASA-CX# sh module

 

Mod  Card Type                                    Model              Serial No.

---- -------------------------------------------- ------------------ -----------

   0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525            *********

ips Unknown                                      N/A                *********

cxsc Unknown                                      N/A                *********

 

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version   

---- --------------------------------- ------------ ------------ ---------------

   0 4c4e.35ea.da6b to 4c4e.35ea.darr  1.0          2.1(9)8      9.1(2)

ips 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

 

Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

ips Unknown                        No Image Present Not Applicable

 

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

   0 Up Sys             Not Applicable      

ips Unresponsive       Not Applicable      

cxsc Init               Not Applicable      

 

Mod  License Name   License Status  Time Remaining

---- -------------- --------------- ---------------

ips IPS Module     Disabled        perpetual   

 

I decided to try and and shut it down again. Nothing to lose right?

 

ASA-CX# sw-module module cxsc shutdown

 

Shutdown module cxsc? [confirm]

Shutdown issued for module cxsc.

ASA-CX# sho module

 

Mod  Card Type                                    Model              Serial No.

---- -------------------------------------------- ------------------ -----------

   0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525            *********

ips Unknown                                      N/A                *********

cxsc Unknown                                      N/A                *********

 

Mod  MAC Address Range                 Hw Version   Fw Version   Sw Version   

---- --------------------------------- ------------ ------------ ---------------

   0 4c4e.35ea.da6b to 4c4e.35ea.darr  1.0          2.1(9)8      9.1(2)

ips 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

cxsc 4c4e.35ea.da69 to 4c4e.35ea.darr  N/A          N/A        

 

Mod  SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

ips Unknown                        No Image Present Not Applicable

 

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

   0 Up Sys             Not Applicable      

ips Unresponsive       Not Applicable      

cxsc Down               Not Applicable      

 

Mod  License Name   License Status  Time Remaining

---- -------------- --------------- ---------------

ips IPS Module     Disabled        perpetual  

 

Finally that fixed it! Now that it is down I can recover the image.

Labels:
0 Helpful
Comments
Austin Clark
Level 1
Level 1
‎06-03-2015 10:31 AM

I'm having this exact same problem with our SFR module.  Waiting for a maintenance window to power cycle ASA.  I have found no documentation on how to get the sfr module out of init.  I'll let you know how it goes. 

Travis Marzo
Level 1
Level 1
‎08-21-2015 10:46 AM

I had the same problem with the SFR module. Issued a "sw-module module sfr recover stop" and waited a couple mins. Reloaded with "sw-module module sfr recover boot" and was back in business. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents