General
On a Firepower 2110 platform configured as FDM-HA, auto deployment fails after updating Security Intelligence, Geolocation and VDB with policy deploy. Subsequent manual deployment works.
Symptom
On a Firepower 2110 platform configured as FDM-HA, auto deployment fails after updating Security Intelligence, Geolocation and VDB with policy deploy.
Steps to reproduce:
1. Re-image two FP 2110 device to version 6.4.0-102 and form HA.
2. Configure Interfaces, AC rules, NAT and identity policies.
3. Update the SRU to the latest version and run traffic across the devices.
4. Upgrade the devices to version 6.4.0.9-39.
5. start update on Security Intelligence feeds, Geolocation and VDB update (select auto deploy), in that order.
Expected result:
All the updates are complete and policy deployment works.
Actual result:
All the updates are successful but the policy deploy fails. Manually deploying the policy at a later time, works.
Conditions
> show version
-------------------[ mt-2110-4 ]--------------------
Model : Cisco Firepower 2110 Threat Defense (77) Version 6.4.0.9 (Build 39)
UUID : d234258a-6485-11ea-8113-940be43cefc2
Rules update version : 2020-03-23-001-vrt
VDB version : 332
----------------------------------------------------
Workaround
Manually retry the deployment
Further Problem Description
The VDB Update may not complete when the auto deploy starts. As stated in the workaround, retry the deployment.
