×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ESA IronPort C160 failed to upgrade AsyncOS

Answered Question
Dec 10th, 2013
User Badges:

Hello.


I have faced failed upgrade procedure while trying to upgrade my AsyncOS 7.6.3-019.


Here is log:


(Machine ironport2) [Disconnected]> version

 

Current Version

===============

Product: Cisco IronPort C160 Messaging Gateway(tm) Appliance

Model: C160

Version: 7.6.3-019

Build Date: 2013-06-09

Install Date: 2013-12-06 09:02:43

Serial #: A4BADBE0BE2C-CBZRT4J

BIOS: 1.4.6I

RAID: 02

RAID Status: READY

RAID Type: 1

BMC: 1.79


(Machine ironport2) [Disconnected]> ping cisco.com

Press Ctrl-C to stop.

PING cisco.com (72.163.4.161): 56 data bytes

64 bytes from 72.163.4.161: icmp_seq=0 ttl=235 time=175.531 ms

64 bytes from 72.163.4.161: icmp_seq=1 ttl=235 time=174.608 ms

64 bytes from 72.163.4.161: icmp_seq=2 ttl=235 time=174.603 ms

64 bytes from 72.163.4.161: icmp_seq=3 ttl=235 time=174.454 ms

64 bytes from 72.163.4.161: icmp_seq=4 ttl=235 time=174.449 ms

64 bytes from 72.163.4.161: icmp_seq=5 ttl=235 time=174.613 ms

64 bytes from 72.163.4.161: icmp_seq=6 ttl=235 time=179.600 ms


(Machine ironport2) [Disconnected]> upgrade

Would you like to save the current configuration to the configuration directory before upgrading? [Y]>

Would you like to email the current configuration before upgrading? [N]>

Do you want to include passwords? Please be aware that a configuration without passwords will fail when reloaded with loadconfig. [Y]>


Upgrades available.

1. AsyncOS 8.0.1 build 023 upgrade For Email, 2013-10-14

2. BIOS Firmware Update for S160/C160/M160 (Reboot Required)

[2]> 1


Performing an upgrade may require a reboot of the system after the upgrade is applied. You may log in again after this is done. Do you wish to proceed with the upgrade? [Y]>

[Errno 54] Connection reset by peerFailure fetching selected upgrade.


(Machine ironport2) [Disconnected]> upgrade

Would you like to save the current configuration to the configuration directory before upgrading? [Y]>

Would you like to email the current configuration before upgrading? [N]>

Do you want to include passwords? Please be aware that a configuration without passwords will fail when reloaded with loadconfig. [Y]>

Upgrades available.

1. AsyncOS 8.0.1 build 023 upgrade For Email, 2013-10-14

2. BIOS Firmware Update for S160/C160/M160 (Reboot Required)

[2]> 1


Performing an upgrade may require a reboot of the system after the upgrade is applied. You may log in again after this is done. Do you wish to proceed with the upgrade? [Y]>


Downloading Reputation Engine... done.

The system upgrade failed.  This could be the result of a network interruption or a more serious error.  If this problem persists, please contact customer support.


(Machine ironport2.gazfond.ru) [Disconnected]>


Could somebody knows why that happens?


Thank you in advance!

Correct Answer by Murad Al Halawa about 3 years 8 months ago

No problem  ,


As far as I know there was no downtime on upgrade servers, can you try to suspend the listener for the appliance and try to perform the upgrade again after business hours to make sure you have good bandwidth and nothing is interrupting the upgrade process.



From CLI type command: suspendlistener


Or command: suspend


Then try to perform upgrade, after it finishes use command: resume, to make sure everything is back to normal.


and Disable reports before the upgrade too , becuase it can cause some problems sometime to do that from CLI :

esa> diagnostic

Choose the operation you want to perform:

- RAID - Disk Verify Utility.

- DISK_USAGE - Check Disk Usage.

- NETWORK - Network Utilities.

- REPORTING - Reporting Utilities.

- TRACKING - Tracking Utilities.

- RELOAD - Reset configuration to the initial manufacturer values.


2)Choose reporting as shown below which shows the current reporting status:

[]> REPORTING


> disable


after you finish repeat same steps to enable reports again.


Regarding internal check unfortunately you can only check the upgrade setting, from GUI: System Administration -> upgrade setting make sure you are using Ironport servers but for deeper investigation that requires Secure tunnel which only available for Cisco TAC engineers.


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Vasiliy Rudomanov Tue, 12/10/2013 - 05:06
User Badges:

I have tried to test connection as well. Everything is fine.


(Machine ironport2) [Disconnected]> telnet downloads.ironport.com 80

Trying 23.3.90.72...

Connected to a23-3-90-72.deploy.static.akamaitechnologies.com.

Escape character is '^]'.

^]

telnet> q

Connection closed.


(Machine ironport2) [Disconnected]> telnet update-manifests.ironport.com 443

Trying 208.90.58.5...

Connected to update-manifests.ironport.com.

Escape character is '^]'.

}^]

telnet> q

Connection closed.


(Machine ironport2) [Disconnected]> telnet updates.ironport.com 80

Trying 23.3.90.186...

Connected to a23-3-90-186.deploy.static.akamaitechnologies.com.

Escape character is '^]'.

^]

telnet> q

Connection closed.


(Machine ironport2) [Disconnected]> telnet upgrades.ironport.com 80

Trying 63.251.108.107...

Connected to 63.251.108.107.

Escape character is '^]'.

SSH-2.0-OpenSSH_4.2p1 FreeBSD-20060930

^]

telnet> q

Connection closed.


(Machine ironport2) [Disconnected]> telnet upgrades.ironport.com 443

Trying 63.251.108.107...

Connected to 63.251.108.107.

Escape character is '^]'.

SSH-2.0-OpenSSH_4.2p1 FreeBSD-20060930

^]

telnet> q

Connection closed.

Murad Al Halawa Tue, 12/10/2013 - 11:29
User Badges:
  • Cisco Employee,

Hello ,


I would suggest to suspend the listeners , and disable reports before performing the upgrade.



after that try to perform upgrade again , most probably this is a network issue.


Please let me know if you need help in doing that.

Vasiliy Rudomanov Tue, 12/10/2013 - 11:39
User Badges:

Murad, thank you for a reply.


Agree with that it is looks like a network issue, even we have two error message about this:


[Errno 54] Connection reset by peerFailure fetching selected upgrade.


The system upgrade failed.  This could be the result of a network interruption or a more serious error.  If this problem persists, please contact customer support.


But I had show you how I checked connections and it is looks like an appliance has HTTP\HTTPS connections with necessary sites.

I suppose maybe there is something with the box? How I can check internal things? Or maybe someone knew about planned IronPort upgrade site downtime?

Correct Answer
Murad Al Halawa Tue, 12/10/2013 - 12:05
User Badges:
  • Cisco Employee,

No problem  ,


As far as I know there was no downtime on upgrade servers, can you try to suspend the listener for the appliance and try to perform the upgrade again after business hours to make sure you have good bandwidth and nothing is interrupting the upgrade process.



From CLI type command: suspendlistener


Or command: suspend


Then try to perform upgrade, after it finishes use command: resume, to make sure everything is back to normal.


and Disable reports before the upgrade too , becuase it can cause some problems sometime to do that from CLI :

esa> diagnostic

Choose the operation you want to perform:

- RAID - Disk Verify Utility.

- DISK_USAGE - Check Disk Usage.

- NETWORK - Network Utilities.

- REPORTING - Reporting Utilities.

- TRACKING - Tracking Utilities.

- RELOAD - Reset configuration to the initial manufacturer values.


2)Choose reporting as shown below which shows the current reporting status:

[]> REPORTING


> disable


after you finish repeat same steps to enable reports again.


Regarding internal check unfortunately you can only check the upgrade setting, from GUI: System Administration -> upgrade setting make sure you are using Ironport servers but for deeper investigation that requires Secure tunnel which only available for Cisco TAC engineers.


Regards

Vasiliy Rudomanov Tue, 12/10/2013 - 12:22
User Badges:

Murad, thank you for your advices!


I going to check it within my business hours.

Vasiliy Rudomanov Wed, 12/11/2013 - 00:21
User Badges:

Murad,

Today at morning I prepare to do your recommendations, but first of all, I again tried to start upgrade procedure and fortunately it was successful! Without any my actions.

So I suppose there was server side issue for several days (4-5).


However, thank you for your help.

Murad Al Halawa Wed, 12/11/2013 - 00:45
User Badges:
  • Cisco Employee,

Vasiliy,


I am glad that everything worked fine with you , Sometimes those issue happens from Network connections thats why we recommend to suspend and disable resports on the appliance to make sure nothing is interrupting the process.


In case the same issue happeneded in future i recommend to follow steps i sent , it helps.


anyway enjooy your day


Regards

Murad

Actions

This Discussion