Symptom

I have a basic configuration loaded on cat9k device and I am trying to move to a full configuration with the command: configure replace flash:AM11-c9407-1_running_config.txt list force time 1 To test the auto-rollback functionality, I am not issuing the ?configure confirm? command. I expected the device to auto-rollback to the previous configuration entirely after 1 minute. But I am seeing that the device rolls back halfway and ends up in a bad state. On the console logging I am seeing a prompt when it is rolling back: %HA_EM-6-LOG: catchall: configure replace flash:AM11-c9407-1_running_config.txt list force time 1 %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to bootflash:archived_config-Nov-12-18-58-06-44 Rollback:Acquired Configuration lock. %SYS-5-CONFIG_R: Config Replace is Done %HA_EM-6-LOG: catchall: event manager applet catchall %HA_EM-6-LOG: catchall: no action 1 %HA_EM-6-LOG: catchall: no event cli Rollback Confirmed Change: Rollback will begin in one minute. Enter "configure confirm" if you wish to keep what you've configured Rollback Confirmed Change: rolling to:bootflash:archived_config-Nov-12-18-58-06-44 Warning: Address not yet configured. Warning: Address not yet configured. Warning: Address not yet configured. Warning: Address not yet configured. %Warning, modifying policy-map "ZTN_Policy_v2.4" may impact sessions hosted on ports for which "ZTN_Policy_v2.4" has already been applied. Deleting Parameter-Map which is already in use, may impact new and existing Sessions. Do you wish to continue? [yes]: The issue is this prompt does not show up on the ssh connection which I am using for my configurations. It only shows up in the console telnet session. If I don’t have a console connection open then I have no way of interacting with this prompt and the device ends up in a half rollback state. ------ Device Details ------ AM11-c9407-1#sh ver Cisco IOS XE Software, Version V1612_3_MTH_ES3 Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.12.3, CUST-SPECIAL:V1612_3_MTH_ES3 This software is supported for a limited time under special agreement with Cisco Systems, Inc. MTH_ES3 Copyright (c) 1986-2020 by Cisco Systems, Inc. Compiled Wed 08-Apr-20 13:16 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2020 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ("GPL") Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: IOS-XE ROMMON BOOTLDR: System Bootstrap, Version 17.3.1r[FC2], RELEASE SOFTWARE (P) AM11-c9407-1 uptime is 7 weeks, 1 day, 16 hours, 35 minutes Uptime for this control processor is 7 weeks, 1 day, 16 hours, 37 minutes System returned to ROM by PowerOn at 08:05:12 EST Tue Feb 26 2019 System image file is "bootflash:packages.conf" Last reload reason: PowerOn This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Technology Package License Information: ------------------------------------------------------------------------------ Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------------------ network-advantage Smart License network-advantage dna-advantage Subscription Smart License dna-advantage AIR License Level: AIR DNA Advantage Next reload AIR license Level: AIR DNA Advantage Smart Licensing Status: UNREGISTERED/EVAL MODE cisco C9407R (X86) processor (revision V01) with 1867985K/6147K bytes of memory. Processor board ID FXS2311Q36J 2 Virtual Ethernet interfaces 96 Gigabit Ethernet interfaces 16 Ten Gigabit Ethernet interfaces 4 Forty Gigabit Ethernet interfaces 32768K bytes of non-volatile configuration memory. 16010152K bytes of physical memory. 10444800K bytes of Bootflash at bootflash:. 1638400K bytes of Crash Files at crashinfo:. 0K bytes of WebUI ODM Files at webui:. 10444800K bytes of Bootflash at bootflash-1-1:. 1638400K bytes of Crash Files at crashinfo-1-1:. 234430023K bytes of SATA hard disk at disk0-1-1:. Base Ethernet MAC Address : 00:fd:22:7a:66:80 Motherboard Assembly Number : 4855 Motherboard Serial Number : FXS23050063 Model Revision Number : V02 Motherboard Revision Number : 3 Model Number : C9407R System Serial Number : FXS2311Q36J Configuration register is 0x102 AM11-c9407-1#show ip ssh SSH Enabled - version 2.0 Authentication methods:publickey,keyboard-interactive,password Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96 KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Authentication timeout: 120 secs; Authentication retries: 2 Minimum expected Diffie Hellman key size : 2048 bits IOS Keys in SECSH format(ssh-rsa, base64 encoded): AM11-c9407-1.svs.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYiu/pS47Ls0+h8xAssVNadRuoirEhtn6P1m7ks/vE zk38PDH+fw2Kv7uE2xuAjts+IQmIxNMf2zWHH7dHzrQkoVLqfSs+Q4/Ratkh8cUo7UECeAlUcAoIRuee LZaseQQMGEQY6OkygH9JSq8d+Ypvlx5gd5F/sENbc56eov6KDC9po8Gz6Tl9m+1X5tlv3bdeJ/V+UJ0g gZGqNpctTBGuBhbn9x69tNiRPHSkK/K47Ux5RGQFNy7VjOn87XH7QFPeFfWmWc0WtK3NdzaP/p/9X/Qe xfZRypryxD1ItvLS24V5Sz4caERCSRJ+ua+LfpIBXIQ3dXQkamwLq+beMbeZ

Conditions

The repro steps are: - open ssh connection and console telnet connection to the device. On the ssh session, do the following - original config (has ZTN policy map) is present on device - config replace to file ‘appliced_basic_config’ (has not ZTN policy map on it) - configure replace flash:appliced_basic_config - apply the original config (has ZTN policy map) with auto-rollback timer - configure replace flash:original_config list force time 1 - do not issue "configure confirm" command and let the rollback timer expire - Automatic rollback kicks in, the interactive prompt gets displayed on the console connection and not on the ssh connection that is used for configuration

Workaround

Interact with the prompt on the console connection

Further Problem Description