Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AIP-SSM-20 Upgrade

Trying to upgrade an AIP-SSM-20.

We have 2 ASA's in a failover configuration, the upgrade on the secondary AIP-SSM-20 was successful.

On the primary AIP-SSM-20 we are getting the following error when trying to upgrade via FTP from the same server that we upgraded the secondary SSM module from:

execUpgradeSoftware: permission denied

Current version is 6.0(1)E1, tyring to upgrade to 6.0(4)E1

We have tried it when the module is active and when it is not...same error both ways. Doesn't seem to be an FTP user error since we get a different error when purposely mistyping the user or password.

Our SSM user has administrator privilege (default cisco user) and we have tried rebooting the SSM...no luck

Anyone have an idea on this?

Thanks

John Stemke

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AIP-SSM-20 Upgrade

I don't know if the error is being generated by the sensor itself, or coming from the ftp server.

To find out try running a packet sniffer on the ftp server or the "packet" command on the CLI for the sensor's command and control interface.

Execute the upgrade command and see if an ftp connection is even attempted by the sensor.

If no ftp connection is attempted, then the error would be from the sensor itself, and it would appear that the user does not have admin permissions (which does not seem to be your case by what you've written).

If the ftp connection is attempted, then the error is probably coming from the ftp server. Look at the packets you've captured and see if an error is coming from the ftp server. The problem may be a permission problem on the file on the ftp server. The ftp directory or the file itself may not have read permission for the file.

You might also try an ftp from your own desktop to the same ftp server using the same user and password being used for the sensor and seeing if you can download it to your own desktop.

As a workaround to get your sensor updated and work on this permission problem later is to copy the upgrade to your desktop.

Run IDM and use IDM to push the upgrade from your desktop directly to the sensor.

2 REPLIES
Cisco Employee

Re: AIP-SSM-20 Upgrade

I don't know if the error is being generated by the sensor itself, or coming from the ftp server.

To find out try running a packet sniffer on the ftp server or the "packet" command on the CLI for the sensor's command and control interface.

Execute the upgrade command and see if an ftp connection is even attempted by the sensor.

If no ftp connection is attempted, then the error would be from the sensor itself, and it would appear that the user does not have admin permissions (which does not seem to be your case by what you've written).

If the ftp connection is attempted, then the error is probably coming from the ftp server. Look at the packets you've captured and see if an error is coming from the ftp server. The problem may be a permission problem on the file on the ftp server. The ftp directory or the file itself may not have read permission for the file.

You might also try an ftp from your own desktop to the same ftp server using the same user and password being used for the sensor and seeing if you can download it to your own desktop.

As a workaround to get your sensor updated and work on this permission problem later is to copy the upgrade to your desktop.

Run IDM and use IDM to push the upgrade from your desktop directly to the sensor.

New Member

Re: AIP-SSM-20 Upgrade

Thanks...going into the IDM locally worked.

Not sure why it worked on one, but, not the other.

147
Views
0
Helpful
2
Replies