Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2207
Views
1
Helpful
7
Replies

WSA IRONPORT AsyncOS upgrade not working

Go to solution
FrejusMA
Level 1
Level 1

‎06-13-2023 02:18 PM

Hello team 

I am trying to upgrade my WSA to a new AsyncOS version (currently using version 14-5-0-537), unfortunately when we tried to upgrade from the GUI we have the error message "couldn't connect to the manifest server" even though the WSA can successfully telnet to the manifest servers (update-manifests.ironport.com & updates-static.ironport.com) on both port 80 and 443. I tried to download the package from the url http://updates.ironport.com/fetch_manifest.html and put it on a local web server. But I'am having tremendous difficulties to access the URL. Am I the only one? Is there any other way to download the package!?

Please help !!!!!!!!!!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to FrejusMA

‎06-15-2023 09:53 AM

at this point, I'd open a TAC case... I'm having issues getting it too... 

View solution in original post

0 Helpful

Go to solution
FrejusMA
Level 1
Level 1

‎06-20-2023 03:20 AM

Hi everyone

I have reached out to the TAC and it turns out that I didn't have a VLN, Virtual License Number which is mendatory to perfrom update and upgrade activities. They generated a VLN and I load it via CLI with the command loadlicense, After that I was able to perform my upgrade.

Thanks for all your reply

View solution in original post

7 Replies 7

Go to solution
fw_mon
Level 1
Level 1

‎06-13-2023 04:12 PM

Hello @FrejusMA 

do you have a split routing (separate management and data routing)? If yes, check which is used for update/upgrade, try to switch and try again.

If still not working, try to create a packet capture on each interfaces with a filter "host update-manifests.ironport.com or host updates-static.ironport.com" and also with "port 53 or icmp"

0 Helpful

Go to solution
FrejusMA
Level 1
Level 1
In response to fw_mon

‎06-14-2023 06:07 AM

Hello @fw_mon 

Thanks for for your feedback

Yes I have done that, currently on the management. But is there anyway to get this image anywhere on the internet!?

0 Helpful

Go to solution
FrejusMA
Level 1
Level 1
In response to Ken Stieers

‎06-15-2023 08:28 AM

Hello @Ken Stieers 

Thanks for your interest to my issue.

This is actually the same exact guide/instructions I've followed but I cannot download the file.

When I enter my virtual appliance info, it gives me my upgrade path, I launch the download but it just stopped with network error. I thought this was an office network issue but it's not as I tried on a different network (my home Wi-Fi for instance) and I'm having the same issue, download start and stop right after.

Thanks for your help !!!

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to FrejusMA

‎06-15-2023 09:53 AM

at this point, I'd open a TAC case... I'm having issues getting it too... 

0 Helpful

Go to solution
amojarra
Cisco Employee
Cisco Employee

‎06-17-2023 01:12 AM

Hello @FrejusMA 

 

you can check Upgrade logs to have more insight of what is the Error. 

if you you see the Error right after to start download please verify:

[1] from Upgradelogs you can see what is the exact URL which WSA is trying to connect, also the protocol (HTTP/HTTPS) 

to do this from CLI type grep and choose the number associated with : "upgrade_logs" Type: "Upgrade Logs" Retrieval: FTP Poll 

[2] from CLI type telnet

Choose your interface (not the Auto please) and add the URL and type port 443 to make sure you have access 

[3] check TLS version in your WSA, make sure TLSv1.2 is enabled for updater 

to do this from CLI > sslconfig > version > see if for Updater TLSv1.2 is enabled.

[4] also it is good to check free disk space for NextRoot partition from CLI > type ipcheck

please note that ipcheck  is a hidden command.

since you mentioned the Error in GUI is "couldn't connect to the manifest server", most probably item number 4 is not the issue, Im just posting this here for further use maybe. 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

  

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful

Go to solution
FrejusMA
Level 1
Level 1

‎06-20-2023 03:20 AM

Hi everyone

I have reached out to the TAC and it turns out that I didn't have a VLN, Virtual License Number which is mendatory to perfrom update and upgrade activities. They generated a VLN and I load it via CLI with the command loadlicense, After that I was able to perform my upgrade.

Thanks for all your reply

Customers Also Viewed These Support Documents