cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
649
Views
0
Helpful
12
Replies

Problem with Signature Update 4.1(2)S59

8rpalmer
Level 1
Level 1

I've loaded this update via IDS-MC to two separate version 4 sensor appliances, and both of them now report their current version as 4.1(1)S47. I've also attempted to downgrade the sensor by issuing the dowgrade command via the cli in config t mode on the sensor and it returns that there is nothing to downgrade to. Anyone else having this problem?

12 Replies 12

csailer
Level 1
Level 1

In order to install the 4.1(2)S59 sig update, you must first install the 4.1(2)S58 Service Pack which is also available on CCO.

IDS-K9-sp-4.1-2-S58.rpm.pkg

Once the sensor has been upgraded to 4.1(2), attempt the install of S59 again.

Sensors were already at 4.1(2)S58 prior to my attempt to push 4.1(2)S59 to them.

There is a known bug with MC reporting not reporting failed upgrades of a sensor. CSCec426658.

It is resloved by the following patch:

idsmdc1.2.0-win-CSCec426658.tar

Do you have this patch installed? If not, it is possible that the actual update of the sensor to 4.1(2)S58 failed. Without the patch MC would report no errors and would show the expected version. A requery of the sensor, or deleting the sensor and re-importing it, would then show the actual version.

If you do not have the patch, I would recommend intsalling the patch. Then delete the sensors from MC and re-import them (I know this is pain). Then attempt the install of Service Pack 4.1(2)S58 again.

If you do have the patch installed and the 4.1(2)S58 was pushed via then MC, then let me know, I will contact you off the forum as I will need a lot more details about the sensor.

Chad: Where would I look to find out if this patch is applied on my IDS-MC?

Bob

In CiscoWorks

Left hand pane Select:

Server Configuration

Then:

Applications and Vesions

Scroll down the right hand pane, there should be a section for "Patches Installed". The patch CSCec426658 will be listed there if it has been installed.

Chad: I don't have that patch loaded. I will try to get it and load it today. then I'll readd the sensors and try the update and let you know. Thanks -

OK Chad. I've got the patch loaded and I still can't apply the 4.1(2)S58 update to the sensors. I am going to try to push the 4.1(3)S61 srevice pack to the sensors this morning and see if that goes well.

Chad: The push of 4.1(3)S61 also failed. Audit log reports several issues, such as not being able to communicate with the CLI and another one stating that the process exceeded the expected timeout of 120 sec. I've opened a TAC Case (E757289) for this problem. If you'd like you can see the audit log in the TAC Case. Otherwise, Thanks for the help.

I will take a look at the TAC case.

I have looked at that enclosure, and it appears that the sensor is down. Can you login to the sensor via the cli manually? If this fails, do you have a service account that we can use to login? If you have a service account, login as the service account user and do a "su - root", the password will be the same as the service account. Once in as root, do a "reboot". If you cannot login via the cli and do not have a service account you will have to physically power cycle the box.

Once the box has rebooted, attempt to login via the cli again. If you are successful, please do a "sho tech" and forward the output. Also, do a "sho ver" and compare it to the information MC is reporting and make sure they match.

If you are still unable to login via the cli after reboot, I am afraid we will probably have to re-image the sensor. If you can login via the service account though, let me know, I would like to get some additional information off of the box before you re-image. You can re-image by power cycling the sensor, or if you have a service account issue a "reboot". On the system console, after system tests, there is a boot selection screen. At this point, select "Cisco IDS Recovery". This will Restore the sensor from the recovery partition.

The sensor will retain it's ip address and accest-list info through the re-image. You will, however, need to login and change the cisco user password as it will be reset to the default.

Then once again, import the sensor into MC and attemp the upgrades.

Chad,

I do not know if this has been resolved yet or not but I did enbounter a very simaler situation, TAc Case:E71664

Basicaly I was unable to perform upgrades, in some ways I am still haveing the problem and can only upgrade teh sig files by perfomr a local SCP install. Just thought I would provide an FYI.

Thanks,

Brian

alll
Level 1
Level 1

Is it possible to change the interface on a 4230 to 100/full???

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: