Solved: SG200-26 Web Interface Inaccessible from Chrome After Upgrade to 1.4.11.02

dtheese · ‎10-20-2019

After upgrading my SG200-26 switch to 1.4.11.02, I can no longer access it from Chrome (version 77.0.3865.120).

I have cleared the cache, history, etc from my browser. I have rebooted both the switch and the computer I am trying to access it from.

The only browser extension I have installed is uBlock Origin. I have added the FQDN that's assigned to the SG200-26 to this extension's whitelist.

Is this a known issue? Any suggestions on how to recover without doing a factory reset?

Andrew Bailey · ‎10-28-2019

Hello,

I'm seeing similar issues on the SG300 switches after the 1.4.11.02 release upgrade.

In my case I have a wildcard certificate on the switches and am using HTTPS only. I can't access the web interface via the DNS name but can via the IPv4 address (obviously with certificate errors). It's not a name resolution issue- definitely something up on the swtiches.

I've tried reverting to the default cert but that doesn't help either. So doesn't seem to be certificate related.

IPv6 access to the web interface is also broken- but this seems to be a known issue and is listed in the release notes. That may explain why others are not able to reach their web interfaces perhaps.

I agree a factory reset to resolve this isn't a great resolution. It's a big job to rebuild a network of these switches that way....

Kind Regards,

Andy.

View solution in original post

balaji.bandi · ‎10-20-2019

Try clear the browse cache or different browser, if all tried best option is contact SMB TAc support, they can asists better and quicker.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

VadimSavitsky01623 · ‎10-21-2019

SG300 have the same problems. No one browser is working for me.
Is factory reset solve this problem?

balaji.bandi · ‎10-21-2019

May be but bare in mind factory reset clear all your config. if this acceptable, try that is no harm

Personally i suggest to call SMB Tac about the issue, so they may have a quick fix for you, end you can reset the device any time.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dtheese · ‎10-27-2019

The Edge browser does not work either.

I don't now what the TAC is, but it sounds like it probably requires a support contract which I do not have.

My configuration is complex. I am trying to avoid a reset if possible. Also, if a reset does not solve the problem and I can't get back in to reconfigure, my whole network is hosed and I'm down for the count. so, this is not an option until Cisco reproduces the problem with the exact same hardware / firmware and verifies that a factory reset will fix the issue.

Using wget, I get the following:

[root@my-host ~]# wget -d --no-check-certificate https://my-switch.example.com
Setting --check-certificate (checkcertificate) to 0
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = ‘UTF-8’
Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)
Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)
--2019-10-27 09:21:16-- https://my-switch.example.com/
Resolving my-switch.example.com (my-switch.example.com)... 192.168.1.101
Caching my-switch.example.com => 192.168.1.101
Connecting to my-switch.example.com (my-switch.example.com)|192.168.1.101|:443... connected.
Created socket 3.
Releasing 0x000000000181f8f0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x0000000001828360
certificate:
subject: /CN=my-switch.example.com
issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
WARNING: cannot verify my-switch.example.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’:
Unable to locally verify the issuer's authority.

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.14 (linux-gnu)
Accept: */*
Host: my-switch.example.com
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 400 Bad Request

---response end---
400 Bad Request
Registered socket 3 for persistent reuse.
] done.
2019-10-27 09:21:17 ERROR 400: Bad Request.

This is a very breaking change. It should have never gotten past QA. Other users are experiencing it on other models as well. Even if a firmware fix were offered, we can't get into the switch to update the firmware.

Is there a command-line interface to the SG200-26? I've never found one.

What are we to do? How do we recover from this, Cisco?

VadimSavitsky01623 · ‎10-28-2019

Hi,

Factory reset solve this problem, but you cannot use previously saved backup for restore old config. When you restore the old config, switch again became unresponsable with web. I configured it again manually after factory reset.

For complex config this is very bad.

Andrew Bailey · ‎10-28-2019

Hello,

I'm seeing similar issues on the SG300 switches after the 1.4.11.02 release upgrade.

In my case I have a wildcard certificate on the switches and am using HTTPS only. I can't access the web interface via the DNS name but can via the IPv4 address (obviously with certificate errors). It's not a name resolution issue- definitely something up on the swtiches.

I've tried reverting to the default cert but that doesn't help either. So doesn't seem to be certificate related.

IPv6 access to the web interface is also broken- but this seems to be a known issue and is listed in the release notes. That may explain why others are not able to reach their web interfaces perhaps.

I agree a factory reset to resolve this isn't a great resolution. It's a big job to rebuild a network of these switches that way....

Kind Regards,

Andy.

dtheese · ‎10-28-2019

Oh wow, accessing via IP address rather than host name worked for me too. Thank you, that really saved the day!

It would sure be nice if someone from Cisco acknowledged this bug, confirmed it is in their bug tracking system, and will be fixed in the next release. I don't know off-hand if this is purely a community forum, or if Cisco employees also keep any eye on what's going on so as to get bugs into the bug tracking system.

comeon2k · ‎10-29-2019

What a shame. It's just poor that this update passes QA. Go to hell!

comeon2k · ‎10-29-2019

Please remove the word "professional" from all your websites. Haha Cisco

... will switch to other products in future.

Gary Buhrmaster · ‎12-07-2019

As the SG300 switches are now beyond the last software support date, I suspect there will never be an official fix (the 1.4.11.2 release was likely queued before the end of software support date, and got pushed out along with the other related fixes for the same bug at the same time which was technically after the end of software support). Looks like it is time to schedule the hardware refresh.

K. M. Peterson · ‎12-21-2019

Actually, I don't see a software EOL - end of support is listed as 23 May 2023 for my SG200.

I'm glad I found this thread, I was pulling my hair out over this. Unfortunately, my experience has been so far rebuilding the config triggers this issue even if done manually (last update: setting an alias interface, then the connection dropped). I don't have Smartnet on this, of course.

In case anyone is interested, I ran curl against the management interface, and it stalls after printing <HTML> .

I'm hoping someone will come up with some ideas on this. Next time we need to look at release/end-of-sale dates

more carefully.

Gary Buhrmaster · ‎12-26-2019

2023 is HW EOL, the SW EOL was earlier this year (Feb 2019) for the SG200s, and a bit later (Oct 2019) for the SG300s. If someone is still under warranty (bought within the last year?) it is probably worth trying to contract Cisco via phone support.