cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5006
Views
5
Helpful
6
Replies

Intermitten Warning FMC: The cloud databases for these appliances are not synced

kai schoene
Level 1
Level 1

We are getting this warning several times a day and sometimes the duration is several hours untill it is cleared from healt monitor.

We are running virtual FMC and purly ASA-X with FirePOWER.

FMC at latest and greates 6.0.1.1 and ASA's @ 5.4.0.6, a couple are @ 6.0.1.1 for testing purposes before we upgrade the rest.

My question is what is this warning about, and how can I force a sync of the cloud databases to the ASA's?

cant find anything about this in any documentation except that the ASA's should be synking the URL/AMP/etc. databases from the FMC.

6 Replies 6

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Kai,

I would have few questions for you .

How often are you seeing this alert? Or does it stay constantly for days?

In general this means that there is a temporary disconnect from the cloud server. However, you may be also hitting a know bug related to this alert:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut77594/?reffering_site=dumpcr

What is the ASA version that is in use?

Rate if the post helps you

Regards

Jetsy 

This has now been constant for a couple of days, before that it was between 5 and 10 warnings a day with varying duration from a few minutes to a couple of hours.

we are running asa 9.5(2)2 on all units.

I also had the same issue first with the URL database unable to update. I dropped the service-policy on the ASA which allowed the FMC to update although it wasn't being denied by a policy that I could see in the event logs of FMC or the ASA (the ASA stated the SFR requested to drop the packet). Once the update was complete I started receiving the 'out of sync' error messages. I fixed it by slightly modifying my access policy and re-deploying to the SFR module. We'll see how long this lasts. The ASA is running 9.5(2)14 and the FMC 6.1.0.

its been constant since my last update.

Is there a log where I can track down the root cause of the warnings, and is there a way to manually tigger a sync of the database?

there should be more verbose error messages in the FireSIGHT system for warnings and errors like this.

Ok, now this is weird.

I had one of our Firepower modules with a crashed SFDataCorrelato, which I had a TAC case on.

When we finally fixed that error, the cloud database sync warning went away for all the others.

this tells me that this warning actually is for the sync status between ALL sensors registered to the same FireSIGHT management system and not for the individual sensor sync to the FSM it self.

this in turn could explain the intermitten warnings, as they may not all be synced at all times.

which, in my personal opinion, should not warrent a warning unless its remains so for a longer period of time.

For anyone facing this problem. Here is the Bug ID and workaround listed.

CSCvc84721
Review Cisco Networking for a $25 gift card