Our ASA image upgrade failed and FPR1140 console prompt showed:
firepower-1140-failed
Working with Cisco TAC, it was mentioned this was caused by a full directory.
Note, below issue was found on two more hardware FPR1140s.
TAC stated this does not occur with FPR VMs.
As prep for future image upgrades, was informed to check storage space, via following commands from enable prompt:
connect fxos admin
scope fabric-interconnect
show storage
" opt/cisco/platform 921 Full <-----------"
If Full or almost full, immediately open a TAC case to have this directory cleared out via secure login, which only TAC has the access to generate the challenge string response:
firepower-1140-failed# connect local-mgmt
firepower-1140-failed(local-mgmt)# secure-login
Challenge String (Please copy everything between the asterisk lines exclusively):
********************************************************************************
Jur//<removed>
DONE.
********************************************************************************
Please input your response when ready:
AQAAAA<removed>
DONE.\
You have successfully entered all text. Please wait...
###
TAC then went about clearing out the necessary storage space:
Linux#cd /opt/cisco/platform/logs
Linux#cd sysmgr
Linux#cd sam_logs/
Linux#ls -alh
total 560M
-rw-r--r-- 1 root root 539M May 6 2024 management0.log.1
Linux#echo > "" > management0.log.1
###
TAC also had to clear out some message files:
Linux#cd /opt/cisco/platform/logs
Linux#cd var
Linux#cd log
Linux#ls -alh
total 362M
-rw-r----- 1 root adm 260M Mar 20 2022 messages.1
-rw-r----- 1 root adm 3.2M Mar 2 2021 messages.2
-rw-r----- 1 root adm 58M Feb 26 2021 messages.3
-rw-r----- 1 root adm 1.1M Dec 15 2020 messages.4
-rw-r----- 1 root adm 41M Dec 14 2020 messages.5
Linux#echo "" > messages.1
Linux#echo "" > messages.2
Linux#echo "" > messages.3
Linux#echo "" > messages.4
Linux#echo "" > messages.5
After above, firewall was rebooted, image upgrade process auto-started and failed, firewall came up in failsafe mode again.
TAC had to revert image to previous version, via the Linux kernel, reboot firewall, and unit came up on previous image.
Then had to go into running config, and update boot parameter to reference the previous image file, and save, to ensure firewall would boot up into working image. Rebooted firewall one more time to verify unit comes up correctly.