cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2238
Views
5
Helpful
21
Replies

IDSM Hang problem

ayman emara
Level 1
Level 1

Hi All,

can anyone advice int the below error message as it happened to me twice:

Error: Cannot communicate with mainApp (getVersion). Please contact your system
administrator.
Would you like to run cidDump?[no]:

I have 4IDSMs (2 on each 6513 core) and this case happened to me 2 times and i coudn't solve it .

The only way to solve it to reset the module power in order to access it again.

can anyone help in this.

THanks in Advance,


Best Regards,

Ayman Yehia

7 Accepted Solutions

Accepted Solutions

IDSM-1 matches bugID: CSCsq51372:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq51372

Fix in 6.2.2(E3). I would upgrade it to the latest version 7.0.2(E4).

IDSM-2 seems to match bugID: CSCsv52117:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv52117

Also fix in 6.2.2(E3). Again, I would recommend upgrade to the latest version of 7.0.2(E4)

View solution in original post

The easiest way to upgrade is to just connect via IDM, then go to: Configuration --> Sensor Management --> Update Sensor --> Update is located on this client --> upload the upgrade file from your desktop/folder where the file is --> click the "Update Sensor" button.

Upgrade file to use is IPS-K9-7.0-2-E4.pkg

View solution in original post

I've advised to download the upgrade file: IPS-K9-7.0-2-E4.pkg instead of the reimage file: IPS-IDSM2-K9-sys-1.1-a-7.0-2-E4.bin.gz.

Please use the upgrade file instead of the reimage file to upgrade the IDSM.

View solution in original post

Hi Ayman,

    The RDEP server functionality was deprecated in IPS 6.1 but the "Enable RDEP Event Server Subscribtions" option was left in the software to allow for legacy compatibility with third party products while they were updated to use SDEE.  As of IPS 7.x the RDEP server has been completely removed from the IPS software.  Remotely recent versions of the MARS software should have no issue retrieving events from your IDSM-2 device via SDEE.  What version of MARS software are you running?

-JT

View solution in original post

Hi Ayman,

    The MARS 6.0.3 should have no compatability issue with the 7.x IDSM-2, so you're all set there.  Can you verify that:

1.  The IDSM-2 is actually generating events for the MARS to retrieve since the upgrade?

2.  The IDSM-2 is reachable by the MARS using the "Test Connectivity" button on the device information page for the IDSM-2 in the MARS GUI?

You may notice during the test for #2 that you're prompted to accept a new certificate for the device.  If so, make sure to verify and accept it as appropriate.  Remember to Submit/Activate the changes in MARS when you're done.

Thanks,
JT

View solution in original post

Hi Ayman,

Please remove the IDSM from the MARS device list, and re-add the IDSM as IPS version 6.0.

That should resolve the issue.

View solution in original post

Try to reload the hang IDSM one more time. It should work after.

View solution in original post

21 Replies 21

Jennifer Halim
Cisco Employee
Cisco Employee

You would need to collect the cidDump, and open a TAC case to get the cidDump analysed. You might be hitting a bug.

Hi Halijenn,

Thanks for your quick response but not all the modules hang together but once 2 of the IDSMs happened together on 2 different cores (one module on each core switch ).

Is their any test or another way else rather opening a TAC case.

another question is "what is the cidDump means??"

Regards,

Ayman Yehia

cidDump is crash file for IPS.

What version is your IDSM? and please share the logs from show tech.

Dear Halijenn,

Thanks for your reply

i have attached the show tech for 2 IDSMs one from each core

The IDSMs version is
Cisco Intrusion Prevention System, Version 6.2(1)E3.

thanks in advance

Best Regards,

Ayman Yehia

IDSM-1 matches bugID: CSCsq51372:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq51372

Fix in 6.2.2(E3). I would upgrade it to the latest version 7.0.2(E4).

IDSM-2 seems to match bugID: CSCsv52117:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv52117

Also fix in 6.2.2(E3). Again, I would recommend upgrade to the latest version of 7.0.2(E4)

Dear Halijenn,

Thanks for your great help.

can you tell us how to upgrade and if you can send us a guide for it so as to be able to upgrade the 4 IDSMs.

Best Regards,

Ayman Yehia

The easiest way to upgrade is to just connect via IDM, then go to: Configuration --> Sensor Management --> Update Sensor --> Update is located on this client --> upload the upgrade file from your desktop/folder where the file is --> click the "Update Sensor" button.

Upgrade file to use is IPS-K9-7.0-2-E4.pkg

Dear halijenn,

i have downloded the version that you said "IPS-IDSM2-K9-sys-1.1-a-7.0-2-E4.bin.gz" but when i tried to update the IDSM module it reported me the following error message:

cannot upgrade software on the sensor

errSystemError-idsPackageMgr: digital signature of the update file was not valid,use CCO to replace corrupted file.

i don't know how to solve this problem.

Best Regards,

Ayman Yehia

I've advised to download the upgrade file: IPS-K9-7.0-2-E4.pkg instead of the reimage file: IPS-IDSM2-K9-sys-1.1-a-7.0-2-E4.bin.gz.

Please use the upgrade file instead of the reimage file to upgrade the IDSM.

hi halijenn,

Thanks for reply i have done the upgrade successfully but another issue appeared to me.

the check box of "Enable RDEP Event Server Subscribtions" is not found in the Configuration--->Network place.

and i didn't have any logs from the IPS on the cisco MARS after upgrde.

can you help in this.

Best Regards,

Ayman Yehia

Hi Ayman,

    The RDEP server functionality was deprecated in IPS 6.1 but the "Enable RDEP Event Server Subscribtions" option was left in the software to allow for legacy compatibility with third party products while they were updated to use SDEE.  As of IPS 7.x the RDEP server has been completely removed from the IPS software.  Remotely recent versions of the MARS software should have no issue retrieving events from your IDSM-2 device via SDEE.  What version of MARS software are you running?

-JT

hi juteixei,

Thanks for clarification MARS version is 6.0.3 and i do not know what to do to see IDSM2 logs on MARS again as i enabled RDEP check box before upgrading but now no log is collected in MARS.

waiting for your reply.

Thanks

Ayman Yehia

Hi Ayman,

    The MARS 6.0.3 should have no compatability issue with the 7.x IDSM-2, so you're all set there.  Can you verify that:

1.  The IDSM-2 is actually generating events for the MARS to retrieve since the upgrade?

2.  The IDSM-2 is reachable by the MARS using the "Test Connectivity" button on the device information page for the IDSM-2 in the MARS GUI?

You may notice during the test for #2 that you're prompted to accept a new certificate for the device.  If so, make sure to verify and accept it as appropriate.  Remember to Submit/Activate the changes in MARS when you're done.

Thanks,
JT

hi juteixei,

1- i have checked the show events command and found the IDSM generates events normally.

2- from IDSM i can ping the MARS and from the MARS i have done the connectivity test and it is reachable and discovery is done successfully.

# i didn't notice get any certificates and i have done the activate

but it still did not work

but i have a notice i didn't do that i have the latest supported Device type in MARS is IPS6.x

shall i add the module as 6.x or what can i do??

Thanks for help

Best Regards,

Ayman Yehia

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: