AIP-SSM-20 Upgrade

Answered Question
Feb 26th, 2008
User Badges:

Trying to upgrade an AIP-SSM-20.


We have 2 ASA's in a failover configuration, the upgrade on the secondary AIP-SSM-20 was successful.


On the primary AIP-SSM-20 we are getting the following error when trying to upgrade via FTP from the same server that we upgraded the secondary SSM module from:


execUpgradeSoftware: permission denied


Current version is 6.0(1)E1, tyring to upgrade to 6.0(4)E1


We have tried it when the module is active and when it is not...same error both ways. Doesn't seem to be an FTP user error since we get a different error when purposely mistyping the user or password.


Our SSM user has administrator privilege (default cisco user) and we have tried rebooting the SSM...no luck


Anyone have an idea on this?


Thanks


John Stemke

Correct Answer by marcabal about 9 years 3 months ago

I don't know if the error is being generated by the sensor itself, or coming from the ftp server.


To find out try running a packet sniffer on the ftp server or the "packet" command on the CLI for the sensor's command and control interface.


Execute the upgrade command and see if an ftp connection is even attempted by the sensor.


If no ftp connection is attempted, then the error would be from the sensor itself, and it would appear that the user does not have admin permissions (which does not seem to be your case by what you've written).


If the ftp connection is attempted, then the error is probably coming from the ftp server. Look at the packets you've captured and see if an error is coming from the ftp server. The problem may be a permission problem on the file on the ftp server. The ftp directory or the file itself may not have read permission for the file.

You might also try an ftp from your own desktop to the same ftp server using the same user and password being used for the sensor and seeing if you can download it to your own desktop.




As a workaround to get your sensor updated and work on this permission problem later is to copy the upgrade to your desktop.

Run IDM and use IDM to push the upgrade from your desktop directly to the sensor.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
marcabal Tue, 02/26/2008 - 12:06
User Badges:
  • Cisco Employee,

I don't know if the error is being generated by the sensor itself, or coming from the ftp server.


To find out try running a packet sniffer on the ftp server or the "packet" command on the CLI for the sensor's command and control interface.


Execute the upgrade command and see if an ftp connection is even attempted by the sensor.


If no ftp connection is attempted, then the error would be from the sensor itself, and it would appear that the user does not have admin permissions (which does not seem to be your case by what you've written).


If the ftp connection is attempted, then the error is probably coming from the ftp server. Look at the packets you've captured and see if an error is coming from the ftp server. The problem may be a permission problem on the file on the ftp server. The ftp directory or the file itself may not have read permission for the file.

You might also try an ftp from your own desktop to the same ftp server using the same user and password being used for the sensor and seeing if you can download it to your own desktop.




As a workaround to get your sensor updated and work on this permission problem later is to copy the upgrade to your desktop.

Run IDM and use IDM to push the upgrade from your desktop directly to the sensor.


jstemke Tue, 02/26/2008 - 14:55
User Badges:

Thanks...going into the IDM locally worked.


Not sure why it worked on one, but, not the other.

Actions

This Discussion