This is just a quick blog post for those that might have FDM issues after upgrading your FTD software.
I have recently updated my Firepower appliance from 6.5.0 to 6.5.0.2. One of the reasons to update is not only that 6.5.0 is a .0 release, but also that I noticed some failed rule-update deployments that set snort to block all traffic.
Unfortunately, after upgrading, FDM reported an error that it could not be launched with an application failure error. The suggested action was to remove the manager, add a new local manager and begin from scratch. This is the error: “The Firepower Device Manager application cannot be opened. Please try again”
While googling for a possible caveat of this behavior on 6.5.0.2, I came across a caveat in 6.2.3 that has the same behavior.
That caveat has supported me in fixing my solution. What I did was executing the following commands:
> expert
**************************************************************
NOTICE - Shell access will be deprecated in future releases
and will be replaced with a separate expert mode CLI.
**************************************************************
admin@na-grm-ftd01:~$ sudo su -
Password:
root@my-ftd01:httpd# cd /ngfw/var/cisco/ngfwWebUi/
root@my-ftd01:ngfwWebUi# ls -a
. .bootstrap-failed clifile deploy ha_pkg lina_cli_sqlite_stores pjb_output sslCiphers variables.ftd_onbox
.. bin clisyncer ftd_onbox_6.5.0.2_previous libs ngfw_onbox_bootstrap.sh sru tomcat version
root@my-ftd01:ngfwWebUi# rm .bootstrap-failed
root@my-ftd01:pmtool disablebyid tomcat
root@my-ftd01:pmtool enablebyid tomcat
Basically, you go into expert mode, find the tomcat directory used for FDM and then remove a status file and try to restart it.
With me, this worked and helped me get back access to FDM. Should you run into issues with FDM after an upgrade, this “hack” might help you.
Disclaimer: You are entering expert mode of FTD, it means you can DESTROY your FTD configuration and box. Be aware of what you are doing and make sure you have a backup.
One Response