Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDSM Hang problem

Hi All,

can anyone advice int the below error message as it happened to me twice:

Error: Cannot communicate with mainApp (getVersion). Please contact your system
administrator.
Would you like to run cidDump?[no]:

I have 4IDSMs (2 on each 6513 core) and this case happened to me 2 times and i coudn't solve it .

The only way to solve it to reset the module power in order to access it again.

can anyone help in this.

THanks in Advance,


Best Regards,

Ayman Yehia

7 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: IDSM Hang problem

IDSM-1 matches bugID: CSCsq51372:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq51372

Fix in 6.2.2(E3). I would upgrade it to the latest version 7.0.2(E4).

IDSM-2 seems to match bugID: CSCsv52117:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv52117

Also fix in 6.2.2(E3). Again, I would recommend upgrade to the latest version of 7.0.2(E4)

Cisco Employee

Re: IDSM Hang problem

The easiest way to upgrade is to just connect via IDM, then go to: Configuration --> Sensor Management --> Update Sensor --> Update is located on this client --> upload the upgrade file from your desktop/folder where the file is --> click the "Update Sensor" button.

Upgrade file to use is IPS-K9-7.0-2-E4.pkg

Cisco Employee

Re: IDSM Hang problem

I've advised to download the upgrade file: IPS-K9-7.0-2-E4.pkg instead of the reimage file: IPS-IDSM2-K9-sys-1.1-a-7.0-2-E4.bin.gz.

Please use the upgrade file instead of the reimage file to upgrade the IDSM.

Re: IDSM Hang problem

Hi Ayman,

    The RDEP server functionality was deprecated in IPS 6.1 but the "Enable RDEP Event Server Subscribtions" option was left in the software to allow for legacy compatibility with third party products while they were updated to use SDEE.  As of IPS 7.x the RDEP server has been completely removed from the IPS software.  Remotely recent versions of the MARS software should have no issue retrieving events from your IDSM-2 device via SDEE.  What version of MARS software are you running?

-JT

Re: IDSM Hang problem

Hi Ayman,

    The MARS 6.0.3 should have no compatability issue with the 7.x IDSM-2, so you're all set there.  Can you verify that:

1.  The IDSM-2 is actually generating events for the MARS to retrieve since the upgrade?

2.  The IDSM-2 is reachable by the MARS using the "Test Connectivity" button on the device information page for the IDSM-2 in the MARS GUI?

You may notice during the test for #2 that you're prompted to accept a new certificate for the device.  If so, make sure to verify and accept it as appropriate.  Remember to Submit/Activate the changes in MARS when you're done.

Thanks,
JT

Cisco Employee

Re: IDSM Hang problem

Hi Ayman,

Please remove the IDSM from the MARS device list, and re-add the IDSM as IPS version 6.0.

That should resolve the issue.

Cisco Employee

Re: IDSM Hang problem

Try to reload the hang IDSM one more time. It should work after.

21 REPLIES
Cisco Employee

Re: IDSM Hang problem

You would need to collect the cidDump, and open a TAC case to get the cidDump analysed. You might be hitting a bug.

New Member

Re: IDSM Hang problem

Hi Halijenn,

Thanks for your quick response but not all the modules hang together but once 2 of the IDSMs happened together on 2 different cores (one module on each core switch ).

Is their any test or another way else rather opening a TAC case.

another question is "what is the cidDump means??"

Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

cidDump is crash file for IPS.

What version is your IDSM? and please share the logs from show tech.

New Member

Re: IDSM Hang problem

Dear Halijenn,

Thanks for your reply

i have attached the show tech for 2 IDSMs one from each core

The IDSMs version is
Cisco Intrusion Prevention System, Version 6.2(1)E3.

thanks in advance

Best Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

IDSM-1 matches bugID: CSCsq51372:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq51372

Fix in 6.2.2(E3). I would upgrade it to the latest version 7.0.2(E4).

IDSM-2 seems to match bugID: CSCsv52117:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv52117

Also fix in 6.2.2(E3). Again, I would recommend upgrade to the latest version of 7.0.2(E4)

New Member

Re: IDSM Hang problem

Dear Halijenn,

Thanks for your great help.

can you tell us how to upgrade and if you can send us a guide for it so as to be able to upgrade the 4 IDSMs.

Best Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

The easiest way to upgrade is to just connect via IDM, then go to: Configuration --> Sensor Management --> Update Sensor --> Update is located on this client --> upload the upgrade file from your desktop/folder where the file is --> click the "Update Sensor" button.

Upgrade file to use is IPS-K9-7.0-2-E4.pkg

New Member

Re: IDSM Hang problem

Dear halijenn,

i have downloded the version that you said "IPS-IDSM2-K9-sys-1.1-a-7.0-2-E4.bin.gz" but when i tried to update the IDSM module it reported me the following error message:

cannot upgrade software on the sensor

errSystemError-idsPackageMgr: digital signature of the update file was not valid,use CCO to replace corrupted file.

i don't know how to solve this problem.

Best Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

I've advised to download the upgrade file: IPS-K9-7.0-2-E4.pkg instead of the reimage file: IPS-IDSM2-K9-sys-1.1-a-7.0-2-E4.bin.gz.

Please use the upgrade file instead of the reimage file to upgrade the IDSM.

New Member

Re: IDSM Hang problem

hi halijenn,

Thanks for reply i have done the upgrade successfully but another issue appeared to me.

the check box of "Enable RDEP Event Server Subscribtions" is not found in the Configuration--->Network place.

and i didn't have any logs from the IPS on the cisco MARS after upgrde.

can you help in this.

Best Regards,

Ayman Yehia

Re: IDSM Hang problem

Hi Ayman,

    The RDEP server functionality was deprecated in IPS 6.1 but the "Enable RDEP Event Server Subscribtions" option was left in the software to allow for legacy compatibility with third party products while they were updated to use SDEE.  As of IPS 7.x the RDEP server has been completely removed from the IPS software.  Remotely recent versions of the MARS software should have no issue retrieving events from your IDSM-2 device via SDEE.  What version of MARS software are you running?

-JT

New Member

Re: IDSM Hang problem

hi juteixei,

Thanks for clarification MARS version is 6.0.3 and i do not know what to do to see IDSM2 logs on MARS again as i enabled RDEP check box before upgrading but now no log is collected in MARS.

waiting for your reply.

Thanks

Ayman Yehia

Re: IDSM Hang problem

Hi Ayman,

    The MARS 6.0.3 should have no compatability issue with the 7.x IDSM-2, so you're all set there.  Can you verify that:

1.  The IDSM-2 is actually generating events for the MARS to retrieve since the upgrade?

2.  The IDSM-2 is reachable by the MARS using the "Test Connectivity" button on the device information page for the IDSM-2 in the MARS GUI?

You may notice during the test for #2 that you're prompted to accept a new certificate for the device.  If so, make sure to verify and accept it as appropriate.  Remember to Submit/Activate the changes in MARS when you're done.

Thanks,
JT

New Member

Re: IDSM Hang problem

hi juteixei,

1- i have checked the show events command and found the IDSM generates events normally.

2- from IDSM i can ping the MARS and from the MARS i have done the connectivity test and it is reachable and discovery is done successfully.

# i didn't notice get any certificates and i have done the activate

but it still did not work

but i have a notice i didn't do that i have the latest supported Device type in MARS is IPS6.x

shall i add the module as 6.x or what can i do??

Thanks for help

Best Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

Hi Ayman,

Please remove the IDSM from the MARS device list, and re-add the IDSM as IPS version 6.0.

That should resolve the issue.

New Member

Re: IDSM Hang problem

Hi Halijenn,


I have updated the IDSM2 and removed them from MARS and added them again as version 6.x and it all worked fine exept for one of them.

i have done the upgrade for it and accessed it once but it refused to continue and hanged again and i can't reach it from gui or from the core itself.

i don't know why as i upgraded the other 3 IDSM2 before it .

can you help me in this.

Best Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

Try to reload the hang IDSM one more time. It should work after.

New Member

Re: IDSM Hang problem

Thank you very much halijenn and you too juteixei your answers are really helpful to me and my IDSM2s are running well and reporting to MARS as well.

Thanks again for your great help.

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

Thanks Ayman.

New Member

Re: IDSM Hang problem

Dear juteixei , halijenn,

after days of monitoring the IDSMs i have i found two of them hanged again even after the upgrade.

i do not know what is the the problem now.

can you help me in this case.

Best Regards,

Ayman Yehia

Cisco Employee

Re: IDSM Hang problem

Ayman, I would suggest that you open a TAC case so it can get further investigated.

1424
Views
5
Helpful
21
Replies
CreatePlease to create content