problems with upgrading WAE's from 4.1.5b to ver 4.2.3c via CM

Answered Question
Jan 12th, 2011

Hi all,

im currently running sw ver 4.1.5b on my accelerators. due upgrade procedure i upgraded CM to 4.2.3c.

So my WAE's running 4.1.5.b while my CM is running 4.2.3c.

now i started software upgrade procedure to 4.2.3c for the first 5 WAE's via CM Web GUI.

I submitted yesterday but the sw upgrade procedure didn't start. my CM is showing the affected WAE's in status pending.

Now to my questions:

Is there a chance to cancel the started but failed sw upgrade procedure?

or

How can i push the upgrade procedure from status pending.

Additional Information:

due the sw upgrade and reboot of CM my securestore was closed.

This secure store was created for a test and is not necessary for me at the moment.

anyway i was no more able to reopen the secure store cause i missed the password for it.

After the sw upgrade procedure is pending since one day i did the following:

"cms secure-store reset" to remove the not needed secure-store from CM

The idea was that this has something to do with the upgrade problems.

Thanks for your help

Dieter

I have this problem too.
0 votes
Correct Answer by Jan Rockstedt about 3 years 3 months ago

Dieter,

I had an similar problem.

My solution was this.

- 'cms deregister force' on our WAE

- delete the device from CM

- from config mode do 'cms enable' on the WAE

- 'crypto pki mana init' on WAE

Jan

Correct Answer by Michael Korenbaum about 3 years 3 months ago

Dieter,

I'd suggest you follow the steps outlined in the configuration guide here:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/other.html#wp1053862

This is the link for an overview of what the secure store is and how it operates, and one of the subsections goes over how to reset the secure store.

In your situation, you stated you don't need to do use the secure store, so you may want to go through the reset procedure completely (e.g. re-open/ initialize the secure store on all devices which will clear your alarms), then go through the disable procedure outlined at the end of that section.

Hope that helps,

Mike

Correct Answer by Michael Korenbaum about 3 years 3 months ago

Hi Dieter,

Yes, as you have observed when you reload the CM the CMS Secure store must be re-opened manually.  If the CMS secure store is not re-opened after the reload the software upgrade jobs will not push properly to the WAEs, and they will remain in the pending status. 

Since you don't remember the secure store passphrase you would need to reset this as per the command "cms secure-store reset"

After the secure store is reset you should be able to push the software upgrade job to your WAEs.

If the WAEs still show in a pending status, I'd suggest you delete the software job you pushed to it, which should clear the pending status.  Then recreate the same software job.  Next, ensure there are no alarms present on the WAEs complaining about secure store (there shouldn't because you just reset it).  Lastly, push the newly created software job to your WAEs.

Hope this helps,

Mike Korenbaum

Cisco WAAS PDI Help Desk

http://www.cisco.com/go/pdihelpdesk

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
Correct Answer
Michael Korenbaum Wed, 01/12/2011 - 13:35

Hi Dieter,

Yes, as you have observed when you reload the CM the CMS Secure store must be re-opened manually.  If the CMS secure store is not re-opened after the reload the software upgrade jobs will not push properly to the WAEs, and they will remain in the pending status. 

Since you don't remember the secure store passphrase you would need to reset this as per the command "cms secure-store reset"

After the secure store is reset you should be able to push the software upgrade job to your WAEs.

If the WAEs still show in a pending status, I'd suggest you delete the software job you pushed to it, which should clear the pending status.  Then recreate the same software job.  Next, ensure there are no alarms present on the WAEs complaining about secure store (there shouldn't because you just reset it).  Lastly, push the newly created software job to your WAEs.

Hope this helps,

Mike Korenbaum

Cisco WAAS PDI Help Desk

http://www.cisco.com/go/pdihelpdesk

joepena2012 Wed, 01/12/2011 - 13:46

Hi Mike,

thanks for your help,

status pending is no more present.

Now the only persisting problem i have is that for some reason two of my WAE's are having the following errors:

Failed to open SSL store due to failure in getting key from Central Manager.

Unable to generate and/or retrieve SSL managed store encryption key from the Key Manager

And a "CMS secure-store reset didn't work either:

ndewa003-Central-Manager#cms secure-store reset
Secure-store is not in "initialized and not opened state".

Do you have any idea how i can remove these alarms?

thanks again

Correct Answer
Michael Korenbaum Wed, 01/12/2011 - 14:24

Dieter,

I'd suggest you follow the steps outlined in the configuration guide here:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/other.html#wp1053862

This is the link for an overview of what the secure store is and how it operates, and one of the subsections goes over how to reset the secure store.

In your situation, you stated you don't need to do use the secure store, so you may want to go through the reset procedure completely (e.g. re-open/ initialize the secure store on all devices which will clear your alarms), then go through the disable procedure outlined at the end of that section.

Hope that helps,

Mike

joepena2012 Thu, 01/13/2011 - 03:57

Hi Mike,

i followed the steps as proposed.

So at least i was able to initiate a new secure store.

Additional sw upgrade process started immediatly after secure store on CM was initiated.

However, the alarms on Accelerator still exists. Even if i have successfully initiated the secure store there.

So my next thing was, to clear the secure store again. Even when i close the secure store on Accelerator the error message still persists.

ndewa036#sh alarms

Critical Alarms:
----------------
        Alarm ID                 Module/Submodule               Instance
   ---------------             --------------------          ---------------
   1 mstore_key_retrieval      cms                          ssl_mstore_key
   2 mstore_key_failure        sslao                        mstore_key_failure

Do you have an idea, how i'm able to finally fix this issue?

Correct Answer
Jan Rockstedt Thu, 01/13/2011 - 04:25

Dieter,

I had an similar problem.

My solution was this.

- 'cms deregister force' on our WAE

- delete the device from CM

- from config mode do 'cms enable' on the WAE

- 'crypto pki mana init' on WAE

Jan

joepena2012 Thu, 01/13/2011 - 04:31

Hi Jan,

thats it,

however, it was enough to do a deregister followed by a cms ena.

There was no need for deleting WAE from CM

Now the alarms are cleared.

Thank you very much

Dieter

Actions

Login or Register to take actions

This Discussion

Posted January 12, 2011 at 1:22 PM
Stats:
Replies:6 Avg. Rating:5
Views:1496 Votes:0
Shares:0
Tags: upgrade, 4.2.3c
+

Related Content

Discussions Leaderboard