BugZero | Cisco BugID CSCwr08483 - Primary FTD Upgrade to 7.6.2 failed (Error running...

Cisco - Defect ID: CSCwr08483

Primary FTD Upgrade to 7.6.2 failed (Error running script 200_pre/200_enable_maintenance_mode.pl.)

Cisco - Defect ID: CSCwr08483

Primary FTD Upgrade to 7.6.2 failed (Error running script 200_pre/200_enable_maintenance_mode.pl.)

Last updated on January 14th, 2026

BugZero Risk Score
7.4 High

Overall: 7.4

Severity: 8.2

Lifecycle: 4.0

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 3

Description

Symptom

Customer planned to upgrade the FTD (Cisco Firepower 1140 Threat Defense) in HA from 7.4.2 to 7.6.2 - Secondary FTD got upgraded successfully to 7.6.2. - Primary FTD upgrade failed. - The Primary FTD upgrade failed with the following error log message: ui: Upgrade in progress: (14% done.24 mins to reboot). Preparing to upgrade... (200_pre/200_enable_maintenance_mode.pl) ui:__[] Fatal error: Upgrade Failed (Device not operational): Error running script 200_pre/200_enable_maintenance_mode.pl. 250828 01:29:21:170] Current backup-config.cfg size: 14945 , remaining size: 2041 [250828 01:29:23:178] Current backup-config.cfg size: 14945 , remaining size: 2041 [250828 01:29:23:186] It seems startup-config file copy hung or non-progressing, need to come out [250828 01:29:23:193] Retaining /mnt/disk0/backup-config.cfg file as /mnt/disk0/backup-config.cfg_2025-08-28-01-29-23 in case of invalid checksum or partial copy [250828 01:29:23:503] : END - Entering Maintenance mode return code rc= 2 rc was 2, Exiting ... Backed up file /ngfw/var/sf/upgrades_backup/ThreatUpgrade.pm_7.4.2 doesn't exist. Removing the directory /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ unlink /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ThreatUpgrade.pm rmdir /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade Entering maintenance mode failed. rc=2 Startup-config backup operation failed, current backup-config.cfg size: 14945 , startup-config size: 16986 remaining size: 2041 Aborting upgrade Error entering Maintenance Mode: Startup-config backup operation failed, current backup-config.cfg size: 14945 , startup-config size: 16986 remaining size: 2041 Aborting upgrade cannot unlink file for /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ThreatUpgrade.pm: Read-only file system at 200_pre/200_enable_maintenance_mode.pl line 135. cannot restore permissions to 0100444 for /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ThreatUpgrade.pm: Read-only file system at 200_pre/200_enable_maintenance_mode.pl line 135. cannot remove directory for /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade: Read-only file system at 200_pre/200_enable_maintenance_mode.pl line 135. Removed maintenance-state file (/ngfw/var/log/sf/Cisco_FTD_SSP_FP1K_Upgrade-7.6.2/maint_state) Fatal error: Failure to enter maintenance mode: rc=2, error=:Startup-config backup operation failed, current backup-config.cfg size: 14945 , startup-config size: 16986 remaining size: 2041 Aborting upgrade Aug 28, 2025, 8:10 AM Other

Conditions

FTD (managed by FMC) upgrade from 7.4.2 to 7.6.2

Workaround

Contact TAC for workaround

Further Problem Description

- Checked the disk space on the Primary FTD, and it appears to be normal. root@Ese-wifi-ftd-1:/mnt/disk0# df -Th Filesystem Type Size Used Avail Use% Mounted on rootfs rootfs 7.3G 7.5M 7.3G 1% / devtmpfs devtmpfs 7.3G 80M 7.2G 2% /dev tmpfs tmpfs 7.8G 508K 7.8G 1% /run /dev/sda1 ext3 7.3G 1.1G 5.9G 16% /mnt/boot /dev/sda2 ext3 922M 34M 841M 4% /opt/cisco/config /dev/sda3 ext3 922M 21M 854M 3% /opt/cisco/platform/logs /dev/sda5 xfs 149G 25G 125G 17% /opt/cisco/csp /dev/sda4 ext3 28G 148K 26G 1% /var/data/cores cgroup_root tmpfs 7.8G 0 7.8G 0% /dev/cgroups none tmpfs 371M 0 371M 0% /dev/shm/snort tmpfs tmpfs 1.0M 0 1.0M 0% /var/data/cores/sysdebug/tftpd_logs root@Ese-wifi-ftd-1:/mnt/disk0# du -shx * 4.0K asa-cmd-server.log 16K backup-config.cfg_2025-08-29-00-24-03 16K backup-config.cfg_2025-08-29-00-57-46 4.0K boot 0 coredumpfsys 0 coredumpfsysimage.bin 4.0K coredumpinfo 192K csco_config 0 cspCfg.xml 4.0K hitcnt_del_ruleid_list 184M log 8.0K modified-config.cfg 0 packet-tracer 4.0K snortpacketinfo.conf 16K string 4.0K troubleshoot_file root@Ese-wifi-ftd-1:/mnt/disk0# - Based on the error, there seems to have been an issue while copying the startup-config file contents into backup-config.cfg under /mnt/disk0. - Deleted all the previous backup-config.cfg file under /mnt/disk0 - Manually copied the contents of startup-config to backup-config.cfg using the command below: cp .private/startup-config backup-config.cfg - Checked the hash values of both files; they were same: root@Ese-wifi-ftd-1:/mnt/disk0# md5sum backup-config.cfg d26d1e79a14fa01547446ed1bb78844f backup-config.cfg root@Ese-wifi-ftd-1:/mnt/disk0/.private# md5sum startup-config d26d1e79a14fa01547446ed1bb78844f startup-config - Initiated the upgrade again through FTD but it failed with the same error message. ui: Upgrade in progress: (11% done.25 mins to reboot). Preparing to upgrade... (200_pre/006_check_snort.sh) ui: Upgrade in progress: (14% done.24 mins to reboot). Preparing to upgrade... (200_pre/200_enable_maintenance_mode.pl) ui:__[] Fatal error: Upgrade Failed (Device not operational): Error running script 200_pre/200_enable_maintenance_mode.pl. 50829 01:28:59:579] Current backup-config.cfg size: 15025 , remaining size: 1961 [250829 01:28:59:591] It seems startup-config file copy hung or non-progressing, need to come out [250829 01:28:59:602] Retaining /mnt/disk0/backup-config.cfg file as /mnt/disk0/backup-config.cfg_2025-08-29-01-28-59 in case of invalid checksum or partial copy [250829 01:28:59:637] : END - Entering Maintenance mode return code rc= 2 rc was 2, Exiting ... Backed up file /ngfw/var/sf/upgrades_backup/ThreatUpgrade.pm_7.4.2 doesn't exist. Removing the directory /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ unlink /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ThreatUpgrade.pm rmdir /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade Entering maintenance mode failed. rc=2 Startup-config backup operation failed, current backup-config.cfg size: 15025 , startup-config size: 16986 remaining size: 1961 Aborting upgrade Error entering Maintenance Mode: Startup-config backup operation failed, current backup-config.cfg size: 15025 , startup-config size: 16986 remaining size: 1961 Aborting upgrade cannot unlink file for /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ThreatUpgrade.pm: Read-only file system at 200_pre/200_enable_maintenance_mode.pl line 135. cannot restore permissions to 0100444 for /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade/ThreatUpgrade.pm: Read-only file system at 200_pre/200_enable_maintenance_mode.pl line 135. cannot remove directory for /ngfw/var/sf/lib/perl/5.32.1/SF/Upgrade: Read-only file system at 200_pre/200_enable_maintenance_mode.pl line 135. Removed maintenance-state file (/ngfw/var/log/sf/Cisco_FTD_SSP_FP1K_Upgrade-7.6.2/maint_state) Fatal error: Failure to enter maintenance mode: rc=2, error=:Startup-config backup operation failed, current backup-config.cfg size: 15025 , startup-config size: 16986 remaining size: 1961 Aborting upgrade

Relevant Products

Click on a version to see all relevant bugs

Relevant Products

Click on a version to see all relevant bugs

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCwr08483

Primary FTD Upgrade to 7.6.2 failed (Error running script 200_pre/200_enable_maintenance_mode.pl.)

Cisco - Defect ID: CSCwr08483

Primary FTD Upgrade to 7.6.2 failed (Error running script 200_pre/200_enable_maintenance_mode.pl.)

Last updated on January 14th, 2026

BugZero Risk Score7.4 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
7.4 High