BugZero | Cisco BugID CSCwh59440 - FMC after software upgrade it is not possible to c...

Cisco - Defect ID: CSCwh59440

FMC after software upgrade it is not possible to create new access routes and search for objects.

Cisco - Defect ID: CSCwh59440

FMC after software upgrade it is not possible to create new access routes and search for objects.

Last updated on 10/17/2024

Overall: 7.47.4

Severity: 8.28.2

Lifecycle: 4.64.6

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.47.4

Severity: 8.28.2

Lifecycle: 4.64.6

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Issue 1: Unable to create Access List ++ When you ++++++++++++++++++++++++++++++++++++++ TCAT: 09-12 TCAT: 09-12 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 TCAT: 09-12 21:44:33 ++++++++++++++++++++++++++++++++++++++ and Issue 2: Search ++ When you +++++++++++++++++++++++++++++++++++ USMS: 09-12 22:09:08 USMS: 09-12 USMS: 09-12 USMS: 09-12 22:09:08 Exception thrown! USMS: 09-12 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 +++++++++++++++++++++++++++++++++++ USMS: 09-12 USMS: 09-12 USMS: 09-12 22:09:08 Exception thrown! USMS: 09-12 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 USMS: 09-12 22:09:08 +++++++++++++++++++++++++++++++++++ Also observing Due to this Exception: +++++++++++++++++++++++++++++++++++ root@firepower:/var/opt/CSCOpx# ls -lah total 112K drwxr-xr-x 27 root root drwxr-xr-x 7 root root -rw-r--r-- 1 casuser casusers drwxr-xr-x 27 root root ++++++++++++++++++++ navigate to Policies > ACP > PolicyNAME > NEW UI [Default] > Add Rule > Observed that all fields are empty with "No data" 21:44:33 [ajp-nio-127.0.0.1-9009-exec-9] ERROR com.cisco.api.external.rest.common.resource.ContainerServerResource - Search Service 21:44:33 com.cisco.nm.vms.search.SearchException$INTERNAL_ERROR: Search Service at com.cisco.nm.vms.buildingblock.search.BuildingBlockSearchServiceImpl.globalSearch(BuildingBlockSearchServiceImpl.java:452) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at com.cisco.nm.vms.common.external.VmsExternalProxy.invoke(VmsExternalProxy.java:221) at com.sun.proxy.$Proxy37.globalSearchWithDomain(Unknown Source) at com.cisco.api.external.rest.resource.GlobalSearchResource.searchObjects(GlobalSearchResource.java:378) at com.cisco.api.external.rest.resource.GlobalSearchResource.getObjects(GlobalSearchResource.java:287) at com.cisco.api.external.rest.resource.AbstractRESTResource.getObjects(AbstractRESTResource.java:316) at com.cisco.api.external.rest.application.ConfigServiceProxyImpl.getObjects(ConfigServiceProxyImpl.java:232) at com.cisco.api.external.rest.common.resource.FrameworkResource.fetchObjects(FrameworkResource.java:476) at com.cisco.api.external.rest.common.resource.FrameworkResource.fetchData(FrameworkResource.java:430) at com.cisco.api.external.rest.common.resource.ContainerServerResource.get(ContainerServerResource.java:172) at org.restlet.resource.ServerResource.doHandle(ServerResource.java:603) at com.cisco.api.external.rest.common.resource.FrameworkResource.doHandle(FrameworkResource.java:216) at org.restlet.resource.ServerResource.doNegotiatedHandle(ServerResource.java:662) at org.restlet.resource.ServerResource.handle(ServerResource.java:1022) for Network Object Fails with error "Error Loading Data. Search Service Please try again" navigate to Objects > Object Management > Network > Enter text "nameobject" and Search > Fails with abovr error 22:09:08 [ERROR],(BuildingBlockSearchServiceImpl.java:799) 22:09:08 com.cisco.nm.vms.buildingblock.search.BuildingBlockSearchServiceImpl, ajp-nio-127.0.0.1-9009-exec-8 22:09:08 java.lang.IllegalArgumentException: Could not create directory: "/var/opt/CSCOpx/MDC/search/BuildingBlock/text" at com.cisco.nm.vms.search.SearchUtils.getDirectory(SearchUtils.java:128) at com.cisco.nm.vms.search.SearchUtils.getFSDirectory(SearchUtils.java:144) at com.cisco.nm.vms.search.SearchUtils.getIndexSearcher(SearchUtils.java:234) at com.cisco.nm.vms.search.AbstractSearchService.initIndexSearcher(AbstractSearchService.java:104) at com.cisco.nm.vms.search.AbstractSearchService.getIndexSearcher(AbstractSearchService.java:118) 22:09:08 [ERROR],(AbstractSearchService.java:398) 22:09:08 com.cisco.nm.vms.search.AbstractSearchService, ajp-nio-127.0.0.1-9009-exec-8 22:09:08 java.util.concurrent.ExecutionException: java.lang.IllegalArgumentException: Could not create directory: "/var/opt/CSCOpx/MDC/search/BuildingBlock/text" at java.base/java.util.concurrent.FutureTask.report(Unknown Source) at java.base/java.util.concurrent.FutureTask.get(Unknown Source) at com.cisco.nm.vms.search.AbstractSearchService.search(AbstractSearchService.java:389) at com.cisco.nm.vms.search.AbstractSearchService.searchByText(AbstractSearchService.java:485) at com.cisco.nm.vms.api.buildingblock.LwBuildingBlockManagerImpl.getPolicyObjects(LwBuildingBlockManagerImpl.java:801) at com.cisco.nm.vms.api.buildingblock.LwBuildingBlockManagerImpl.getPolicyObjectsForListing(LwBuildingBlockManagerImpl.java:700) at jdk.internal.reflect.GeneratedMethodAccessor595.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at com.cisco.nm.vms.common.external.VmsExternalProxy.invoke(VmsExternalProxy.java:221) at com.sun.proxy.$Proxy90.getPolicyObjectsForListingWithDomain(Unknown Source) at com.cisco.nm.vms.rpc.buildingblock.BuildingBlockRPCImpl.getPolicyObjectsForListing(BuildingBlockRPCImpl.java:257) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) that the directory ownership for MDC has changed to root instead of casuser. change, the search directory is not created . Could not create directory: "/var/opt/CSCOpx/MDC/search/BuildingBlock/text" 4.0K Sep 9 01:44 . 4.0K Sep 8 23:24 .. 24 Sep 7 17:59 .CSCO.vars 4.0K Sep 8 23:24 MDC +++++++++++++++

Conditions

Running impacted versions, both the issues Issue 1 and Issue 2 are interrelated.

Workaround

1. Login to FMC , elevate as root user 2. navigate to dir : /var/opt/CSCOpx/ by issuing command cd /var/opt/CSCOpx/ 3. Check the ownership of dir MDC +++++++++++++++++++++++++++++++++++ root@firepower:/var/opt/CSCOpx# ls -lah total 112K drwxr-xr-x 27 root root 4.0K Sep 9 01:44 . drwxr-xr-x 7 root root 4.0K Sep 8 23:24 .. -rw-r--r-- 1 casuser casusers 24 Sep 7 17:59 .CSCO.vars drwxr-xr-x 27 root root 4.0K Sep 8 23:24 MDC +++++++++++++++++++++++++++++++++++ 4. Change the ownership of the dir MDC to the user/group to casuser/casusers , use command : root@firepower:/var/opt/CSCOpx# chown casuser:casusers MDC 5. Confirm the ownership of dir is updated . root@firepower:/var/opt/CSCOpx# ls -lah total 112K drwxr-xr-x 27 root root 4.0K Sep 9 01:44 . drwxr-xr-x 7 root root 4.0K Sep 8 23:24 .. -rw-r--r-- 1 casuser casusers 24 Sep 7 17:59 .CSCO.vars drwxr-xr-x 27 casuser casusers 4.0K Sep 8 23:24 MDC 6. Restart Tomcat using pmtool 7. Verify : Issue 1 : --> Switch to domain - Firewalls in FMC GUI -->Navigate to Policies > ACP > Edit POLICY > NEW UI [Default] > Add Rule > Populates all data Issue 2: --> Switch to domain - Firewalls in FMC GUI -->Navigate to Objects > Object Management > Network > Enter text "Zoom" and Search > Returns the network objects which contain name "zoom".

Further Problem Description

No further problem

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwh59440

FMC after software upgrade it is not possible to create new access routes and search for objects.

Cisco - Defect ID: CSCwh59440

FMC after software upgrade it is not possible to create new access routes and search for objects.

Last updated on 10/17/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?