I've loaded this update via IDS-MC to two separate version 4 sensor appliances, and both of them now report their current version as 4.1(1)S47. I've also attempted to downgrade the sensor by issuing the dowgrade command via the cli in config t mode on the sensor and it returns that there is nothing to downgrade to. Anyone else having this problem?
In order to install the 4.1(2)S59 sig update, you must first install the 4.1(2)S58 Service Pack which is also available on CCO.
Once the sensor has been upgraded to 4.1(2), attempt the install of S59 again.
There is a known bug with MC reporting not reporting failed upgrades of a sensor. CSCec426658.
It is resloved by the following patch:
Do you have this patch installed? If not, it is possible that the actual update of the sensor to 4.1(2)S58 failed. Without the patch MC would report no errors and would show the expected version. A requery of the sensor, or deleting the sensor and re-importing it, would then show the actual version.
If you do not have the patch, I would recommend intsalling the patch. Then delete the sensors from MC and re-import them (I know this is pain). Then attempt the install of Service Pack 4.1(2)S58 again.
If you do have the patch installed and the 4.1(2)S58 was pushed via then MC, then let me know, I will contact you off the forum as I will need a lot more details about the sensor.
Left hand pane Select:
Applications and Vesions
Scroll down the right hand pane, there should be a section for "Patches Installed". The patch CSCec426658 will be listed there if it has been installed.
Chad: I don't have that patch loaded. I will try to get it and load it today. then I'll readd the sensors and try the update and let you know. Thanks -
OK Chad. I've got the patch loaded and I still can't apply the 4.1(2)S58 update to the sensors. I am going to try to push the 4.1(3)S61 srevice pack to the sensors this morning and see if that goes well.
Chad: The push of 4.1(3)S61 also failed. Audit log reports several issues, such as not being able to communicate with the CLI and another one stating that the process exceeded the expected timeout of 120 sec. I've opened a TAC Case (E757289) for this problem. If you'd like you can see the audit log in the TAC Case. Otherwise, Thanks for the help.
I have looked at that enclosure, and it appears that the sensor is down. Can you login to the sensor via the cli manually? If this fails, do you have a service account that we can use to login? If you have a service account, login as the service account user and do a "su - root", the password will be the same as the service account. Once in as root, do a "reboot". If you cannot login via the cli and do not have a service account you will have to physically power cycle the box.
Once the box has rebooted, attempt to login via the cli again. If you are successful, please do a "sho tech" and forward the output. Also, do a "sho ver" and compare it to the information MC is reporting and make sure they match.
If you are still unable to login via the cli after reboot, I am afraid we will probably have to re-image the sensor. If you can login via the service account though, let me know, I would like to get some additional information off of the box before you re-image. You can re-image by power cycling the sensor, or if you have a service account issue a "reboot". On the system console, after system tests, there is a boot selection screen. At this point, select "Cisco IDS Recovery". This will Restore the sensor from the recovery partition.
The sensor will retain it's ip address and accest-list info through the re-image. You will, however, need to login and change the cisco user password as it will be reset to the default.
Then once again, import the sensor into MC and attemp the upgrades.
I do not know if this has been resolved yet or not but I did enbounter a very simaler situation, TAc Case:E71664
Basicaly I was unable to perform upgrades, in some ways I am still haveing the problem and can only upgrade teh sig files by perfomr a local SCP install. Just thought I would provide an FYI.