Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
An attempt to break Secure Firewall Threat Defense (FTD) high availability (HA) fails with the following error message appearing in the Tasks tab of the notification area of the Secure Firewall Management Center / Firepower Management Center (FMC) GUI... --- Failed to break the HA pair. Check the deployment tab for the failure reason and possible recovery action. --- ... and the Deployments tab shows the following error message... --- Deployment failed due to configuration error . If problem persists after retrying, contact Cisco TAC. --- If a "Show troubleshooting details" link appears, clicking it will reveal a partial transcript from the deployment, and that output will show one of the following two lines... --- System (/bin/tar zxvf /ngfw/var/cisco/deploy/current-policy-bundle.tgz) Failed System (/bin/tar xvf /ngfw/var/cisco/deploy/current-policy-bundle.tgz) Failed --- Even without such a link does not appear in the error on the Deployments tab of the notification area, one may also go to the deployment history (Deploy > Deployment History), find the past deployment related to the FTD HA break ("High availability break" will appear in the "Deployment Notes" column), and review the transcript for the job. The error message just above will appear in the "SNORT APPLY" section of the transcript.
The attempt to break FTD HA from the FMC GUI. A recent past deployment failed to at least one of the FTDs in the pair.
Use one of the following two methods to resolve the error condition on the FTD(s). method 1 (preferred) --- 1. On the FMC GUI, navigate to (Devices > Device Management). 2. Open the FTD (or FTD HA pair) for editing. 3. Within the device configuration, go to the "Device" sub-tab. 4. Click the "Edit General Settings" icon (which will look like a pencil). 5. In the "General" box that appears, click on the right arrow to the right of the "Force Deploy" label. 6. Enter a note in the "Deployment Notes" box about the force deploy (optional), and then click the "Deploy" button in the box. --- method 2 (if method 1 does not work) --- 1. Log into the CLI of the FTD on which the deployment error occurred. 2. Go to expert mode: expert 3. Execute the following command (when prompted, enter the password for the CLI user): sudo mv /ngfw/var/cisco/deploy/failed-policy-bundle.tgz /ngfw/var/cisco/deploy/current-policy-bundle.tgz --- After using one of these methods, attempt to break FTD HA from the FMC GUI again.