AIP-SSM No longer auto updates from cisco.com

Unanswered Question
Jun 17th, 2010

Up until the 490 signatures, my IPS module auto-updated from cisco.com.  It stopped doing that after manually updating the engine and the signature files.  Nothing I do will get it to auto-update.  Has anyone else seen this behavior?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Justin Teixeira Thu, 06/17/2010 - 07:10
gdemaderios,
     Are there any error messages in the event store accompanying the failure?  Can you post the output of a "show version"?

Best,
JT

gdemaderios Thu, 06/17/2010 - 07:44

My IPS version is 7.0(2)E4


I just discovered what I think may be the issue.  My current license on the IPS says it doesn't expire until 7/1/11 for this serial number.  However, if I try to update the license from cisco.com, I get an error that says, "Failed to update license on sensor.  errExpiredLicense-The new license expire date is older than the current license expire date."


Even though I can login to cisco.com and manually download the most current signature updates, I'm wondering if for some reason, it thinks my license is expired when the module tries to automatically update?

Justin Teixeira Thu, 06/17/2010 - 08:08

Hmm.  As long as the expiration date for the license in the "show version" is showing a date in the future it should not cause an issue retrieving the signature updates.  The error from cisco.com in retrieving a new license should also not be causing any issue.  It's just indicating that there's a license on the sensor that has as much or more time left on it as the one being offered by cisco.com.


Can you check the URL in the auto update field and copy-paste it here? It's likely that you'll need to open a TAC case to troubleshoot this further as it will be dififcult without collecting a "show tech" (which you do *not* want to post to these forums).


Best,

JT

gdemaderios Thu, 06/17/2010 - 12:06

I should have mentioned that in my last reply.  Your URL was what I WAS using until it just stopped.  The www.cisco.com was what I plugged in to try to get it to work.  I will try your URL again and then open a TAC call if that's not successful.


Thanks for your help.

Scott Fringer Thu, 06/17/2010 - 12:19

The IPS cannot perform DNS resolution, so the URL Justin provided is the default/expected URL.


Should the update not succeed, please provide the full output of the command sh stat host.


Scott

gdemaderios Thu, 06/17/2010 - 12:45

I swear to god that the URL with the IP address is what it was set to when it stopped working.  At any rate, setting it back to the IP address instead of the DNS name has now corrected the problem.  WTF?

Scott Fringer Thu, 06/17/2010 - 12:47

I cannot address what may have been the problem; but when you encounter issues with the auto signature updates, checking the output of sh stat host should provide additional insight.


Scott

Actions

This Discussion