Symptom
After successfully upgrading FTD HA to version 7.0.2.1, customer could not push a deployment. FTD HA was broken, and both FTDs seem to has lost interfaces, routes configuration. When FTD was formed HA but there was no configuration
Conditions
FMC and FTD version 7.0.2
Further Problem Description
Timeline: All times in UTC
ASA Bug encountered after reboot following upgrade(.53):
2022-07-29 04:37:20 .........................Init-ed RW database for -- lcore 13 lport 1 addr 0x150f00000000
2022-07-29 04:37:21 .............................................................................................................ERROR: Input line size exceeded available buffer (511 characters). First 511 chars of the line:
2022-07-29 04:37:22 access-list CSM_FW_ACL_ remark rule-id 2684
2022-07-29 04:37:22
2022-07-29 04:37:22 Config Failed
FTD HA was broken, configuration was wiped from .52, and since there was no configuration on .53 this results in the outage.
29-Jul-2022 05:00:02.192,[ERROR],(NgfwHaRemoveFailoverTask.java:71)
com.cisco.nm.vms.api.rest.registration.ngfwhapair.NgfwHaRemoveFailoverTask, pool-41-thread-2 Break SUCCESS!!!! ContainerExtnData Arguments for NO_FAILOVER : {"ha_container_config_clear_unit":"CFRP14_P3_8126_104_ SMST_FW1","HA_TASK_MESSAGE":"failover:ha_break_success_on_device","ha_container_config_clear_unit_id":"176093682283","config_retain_unit_deploy_done":"true","ha_container_config_retain_unit":"CFRP14_P3_8126_104_ SMST_FW2","ha_container_config_retain_unit_id":"176093682484","ha_container_config_retain_unit_ip":"10.3.20.53","ha_container_config_clear_unit_ip":"10.3.20.52"}
There were no logs showing a recovery from the bug above. As .53 remained without config until 5:30 --show failover history--
05:30:13 UTC Jul 29 2022
Negotiation Cold Standby Detected an Active mate
05:30:14 UTC Jul 29 2022
Cold Standby App Sync Detected an Active mate
