I'm using CSA 5.1 MC and deploying agent kits that are 0.69. I've stumbled over an issue that has me kind of puzzled. After deploying an agent kit, I would assign additional groups to the host. Sounds easy, but now I have a few hosts that are shedding these added groups on restart, reverting back to the initial agent kit install groups. This isn't happening to all hosts, just a few. I'm still trying to find a common cause. Anyone have any ideas as to a resolution, besides adjusting agent kits and redeploying?
They do change registration date to when they come back online. I'll pull the event logs in the mean time, but I was thinking 88 might assist. Right now I'm holding out on the TAC till I can exclude all non-cisco possibilities. The situation though is happening on a semi consistent basis. Also, these are servers that aren't really bugging out.
Great! I really appreciate you opening the TAC. I have the few systems scheduled to be updated tonight on the 88. I still have to read the text file associated to that release a little more in depth though, which I'll do tonight. I'll post the results in the thread.
Ok, so all questionable hosts are upgraded to .88. We've seen the following alert on one of the upgraded hosts after it rebooted:
Critical No security policies are being enforced on this agent. This could be due to an incompatible software version (the agent is running version 220.127.116.11) or the agent has re-registered and the original installation kit has been removed. This agent should be added into the correct group(s) and the rules regenerated as soon as possible. If the agent software is not current, then it should be updated.
Now, the other servers didn't respond this way after upgrade. Also, we are still holding steady with these hosts not dropping their groups after the upgrade. I'll give it another few days and give an update on the situation.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...