Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
4
Replies

Errors installing MP 1.3.2 upgrade

Go to solution
csthomas
Level 1
Level 1

‎07-04-2003 06:04 AM - edited ‎03-10-2019 01:27 PM

I am attempting to install the 1.3.2 maintenance partition image on a 6500 IDSM-2 blade so I can upgrade to 4.1. I have tried two different servers (which work for sig updates.) I get past the URL and pw, and receive the "continuing will update the maintenance partition to 1.3.2- OK? I reply "yes" and nothing happens for about five minutes, then:

Using the Windows 2k pro FTP server, I get the message "error; exp. timeout" on the sensor

Using a Linux HTTP server, I get the message "error: connection failed" on the sensor

The MD5 checksum on the server images matches that on CCO. I signed on with the service account and looked in .../var/updates and its subdirectories and don't see the MP file. df says I have 15 GB free, so space isn't the problem.

What am I doing wrong?

/Chris Thomas, UCLA ATS

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎07-04-2003 06:04 AM

On the Linux FTP Server you might try running tcpdump to monitor the ftp connection between the sensor and the Linux FTP Server.

You will be able to see if the FTP Server is returning any errors to the sensor like invalid login errors, or file not found errors.

Worst case scenario you can try:

1) Create a service account

2) Login as the service account

3) Manually ftp the file from the ftp server to the service account's hoem directory on the sensor.

4) Login as the standard cisco account

5) configure terminal

6) Accept the sensors's own ssh key as a ssh server key: "ssh host-key 10.1.1.1"

NOTE: Replace 10.1.1.1 with your sensor's ip address.

7) Now you access the file through the sensor's own scp server for the upgrade or copy command: scp://johndoe@10.1.1.1/filename

Replace johndoe with your service account username

Replace 10.1.1.1 with your sensor ip address

Replace filename with the MP filename

View solution in original post

0 Helpful
4 Replies 4

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎07-04-2003 06:04 AM

On the Linux FTP Server you might try running tcpdump to monitor the ftp connection between the sensor and the Linux FTP Server.

You will be able to see if the FTP Server is returning any errors to the sensor like invalid login errors, or file not found errors.

Worst case scenario you can try:

1) Create a service account

2) Login as the service account

3) Manually ftp the file from the ftp server to the service account's hoem directory on the sensor.

4) Login as the standard cisco account

5) configure terminal

6) Accept the sensors's own ssh key as a ssh server key: "ssh host-key 10.1.1.1"

NOTE: Replace 10.1.1.1 with your sensor's ip address.

7) Now you access the file through the sensor's own scp server for the upgrade or copy command: scp://johndoe@10.1.1.1/filename

Replace johndoe with your service account username

Replace 10.1.1.1 with your sensor ip address

Replace filename with the MP filename

0 Helpful

Go to solution
csthomas
Level 1
Level 1
In response to marcabal

‎07-04-2003 06:04 AM

Thanks, Marcoa. BTW, I enjoyed your session last week at NW 2003.

I tried FTPing from the service account, and that completes immediately (0.8 sec) with no problem. I'll try sniffing another UPDATE from the user account and see what I find.

Is this possibly a problem with the IDSM being busy. I have a small amount of traffic SPANned to it, but a ps aux on the sensorApp processes shows a peak of maybe 5% CPU.

/Chris

0 Helpful

Go to solution
marcabal
Cisco Employee
Cisco Employee
In response to csthomas

‎07-04-2003 06:04 AM

Glad you enjoyed the session.

I don't think the problem is with the IDSM being busy. I would have to venture that maybe mainApp is seeing prompts from the FTP Server that it can't recognize or maybe your username, password, or filename in your upgrade command are misspelled.

I would be interested in seeing what the sniffing of the FTP connection shows.

0 Helpful

Go to solution
csthomas
Level 1
Level 1
In response to marcabal

‎07-04-2003 06:04 AM

I found part of the problem. My linux server is multihomed, and I used an IP not in the sensor's trusted list. When I set up the sniffer, I used the correct IP and it worked like a charm. It would be nice if the update command gave a "success" message rather than just returning. I booted off the 1.3.2 partition, and it looks fine.

The following might be of use to other customers with Linux servers: I'm using a Linux freeware HTTP server called Tiny HTTP. It's trivial to install and has nice security options (like only listening on my private network interface). And it communicates with the IDSM properly.

I'm running Redhat Linux 9.0. The stock FTP server is VSFTP (very secure FTP). The IDSM-2 does not seem to communicate properly with this server. From a sniffer, the comm proceeds OK until vsftp says "230 Login successful. Have fun." at which point the IDSM2 hangs and never sends another packet. That's why I'm using Tiny HTTP.

I have also been unsuccessful in trying to get SCP to work to a Linux server. I notice that the only servers Cisco supports seem to be Windows and Solaris. Since a growing number of customers will have Linux machines (and a decreasing number, Solaris), it would be nice to have some supported Linux options.

I still don't know why my (supported) Windows FTP server is failing, and I will have to sniff that.

Thanks for the help!

/Chris

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents