mti-adminz
asked on
Cisco ASA 5505 dumped config,software, and license upon upgrade to 8.0.4 OS
We have 5 of our ASA 5505 security devices that have erased all of their configuration, and software images upon attempting to upgrade to ASA804-k8. When the systems boot we get to "Launching BootLoader..." and the systems hang. I can break into rommon and boot from a tftp image, from there I can load a config, save it to startup-config, and copy the image down from tftp, however the systems are still hanging on the bootloader after reboot. Also they showing the license key as invalid when booting from tftp.
The upgrade was run in two phases, the software images were pushed to the devices and ensured that they copied fine. secondly a job was run using kiwi cat tools to run the following commands on the the devices:
conf t
no boot system disk0:/asa802-k8.bin
boot system disk0:/asa804-k8.bin
boot system disk0:/asa802-k8.bin
asdm image disk0:/asdm-615.bin
write mem
reload noconfirm
80+ worked fine using this technique. 5 blew up and have not worked since. Does anyone have any experience with these devices hanging on bootloader....
The upgrade was run in two phases, the software images were pushed to the devices and ensured that they copied fine. secondly a job was run using kiwi cat tools to run the following commands on the the devices:
conf t
no boot system disk0:/asa802-k8.bin
boot system disk0:/asa804-k8.bin
boot system disk0:/asa802-k8.bin
asdm image disk0:/asdm-615.bin
write mem
reload noconfirm
80+ worked fine using this technique. 5 blew up and have not worked since. Does anyone have any experience with these devices hanging on bootloader....
can you give me a sh flash ?
ASKER
Will do. I have been doing some work on one of the units wtih Cisco TAC. I will fire up another one and show you exactly what I see when I first boot Via TFTP.
Thanks,
Thanks,
ASKER
First I have to boot into ROMON and tftpboot to the new image asa804-k8.bin The system will then boot:
ciscoasa> en
Password:
ciscoasa# show flash
--#-- --length-- -----date/time------ path
62 2048 Nov 07 2008 15:06:13 log
65 2048 Nov 07 2008 15:06:28 crypto_archive
127135744 bytes total (87851008 bytes free)
ciscoasa# dir /all
Directory of disk0:/
62 drwx 2048 15:06:13 Nov 07 2008 log
65 drwx 2048 15:06:28 Nov 07 2008 crypto_archive
127135744 bytes total (87851008 bytes free)
ciscoasa# show start
ciscoasa# show startup-config
ciscoasa#
ciscoasa#
ciscoasa# show boot
BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# show ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "tftp://172.16.19.5/asa804-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 2 mins 22 secs
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0 : address is 001d.a24d.fab8, irq 11
1: Ext: Ethernet0/0 : address is 001d.a24d.fab0, irq 255
2: Ext: Ethernet0/1 : address is 001d.a24d.fab1, irq 255
3: Ext: Ethernet0/2 : address is 001d.a24d.fab2, irq 255
4: Ext: Ethernet0/3 : address is 001d.a24d.fab3, irq 255
5: Ext: Ethernet0/4 : address is 001d.a24d.fab4, irq 255
6: Ext: Ethernet0/5 : address is 001d.a24d.fab5, irq 255
7: Ext: Ethernet0/6 : address is 001d.a24d.fab6, irq 255
8: Ext: Ethernet0/7 : address is 001d.a24d.fab7, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Disabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has a Base license.
ciscoasa> en
Password:
ciscoasa# show flash
--#-- --length-- -----date/time------ path
62 2048 Nov 07 2008 15:06:13 log
65 2048 Nov 07 2008 15:06:28 crypto_archive
127135744 bytes total (87851008 bytes free)
ciscoasa# dir /all
Directory of disk0:/
62 drwx 2048 15:06:13 Nov 07 2008 log
65 drwx 2048 15:06:28 Nov 07 2008 crypto_archive
127135744 bytes total (87851008 bytes free)
ciscoasa# show start
ciscoasa# show startup-config
ciscoasa#
ciscoasa#
ciscoasa# show boot
BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# show ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "tftp://172.16.19.5/asa804-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 2 mins 22 secs
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0 : address is 001d.a24d.fab8, irq 11
1: Ext: Ethernet0/0 : address is 001d.a24d.fab0, irq 255
2: Ext: Ethernet0/1 : address is 001d.a24d.fab1, irq 255
3: Ext: Ethernet0/2 : address is 001d.a24d.fab2, irq 255
4: Ext: Ethernet0/3 : address is 001d.a24d.fab3, irq 255
5: Ext: Ethernet0/4 : address is 001d.a24d.fab4, irq 255
6: Ext: Ethernet0/5 : address is 001d.a24d.fab5, irq 255
7: Ext: Ethernet0/6 : address is 001d.a24d.fab6, irq 255
8: Ext: Ethernet0/7 : address is 001d.a24d.fab7, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Disabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has a Base license.
i don't see the asa804-k8.bin file in the flash on disk0
are you sure its on the asa ?
do a copy tftp flash of the file.
or a'm i making a mistake ?Shoulddn't the file be on the asa
( it's bin a while since i worked with the asa
are you sure its on the asa ?
do a copy tftp flash of the file.
or a'm i making a mistake ?Shoulddn't the file be on the asa
( it's bin a while since i worked with the asa
Damalano is correct you need to run the commands below
copy tftp: disk0:
Address or name of remote host []? <TFTP Server IP>
Source filename []? ASA804-k8.bin
Destination filename [ASA804-k8.bin]? <Hit Enter>
this should copy the bin to the asa. Then do the same thing for the asdm-615.bin
After the files are copied run these commands.
conf t
boot system disk0:/asa804-k8.bin
boot system disk0:/asa802-k8.bin
asdm image disk0:/asdm-615.bin
write mem
reload noconfirm
copy tftp: disk0:
Address or name of remote host []? <TFTP Server IP>
Source filename []? ASA804-k8.bin
Destination filename [ASA804-k8.bin]? <Hit Enter>
this should copy the bin to the asa. Then do the same thing for the asdm-615.bin
After the files are copied run these commands.
conf t
boot system disk0:/asa804-k8.bin
boot system disk0:/asa802-k8.bin
asdm image disk0:/asdm-615.bin
write mem
reload noconfirm
ASKER
This is correct. The image is gone. Everything is gone in fact. Images, license information, config. They have all dissappeared. after doing the upgrade. We copied the new software image to the units, and verified that it copied correctly. Then ran a job later that night that ran the following commands, which resulted in the further following output:
Commands:
conf t
no boot system disk0:/asa802-k8.bin
boot system disk0:/asa804-k8.bin
boot system disk0:/asa802-k8.bin
asdm image disk0:/asdm-615.bin
write mem
reload noconfirm
Output:
conf t
MTI-FW-19(config)#
no boot system disk0:/asa802-k8.bin
MTI-FW-19(config)#
boot system disk0:/asa804-k8.bin
WARNING: BOOT variable added, but unable to find disk0:/asa804-k8.bin
MTI-FW-19(config)#
boot system disk0:/asa802-k8.bin
MTI-FW-19(config)#
asdm image disk0:/asdm-615.bin
Device Manager image set, but unable to find disk0:/asdm-615.bin
MTI-FW-19(config)#
write mem
Building configuration...
Cryptochecksum: 7dc91bd6 cb2d6e42 e6dcf5d4 77adb608
%Error writing disk0:/.private/startup-co
Error executing command
[FAILED]
MTI-FW-19(config)#
reload noconfirm
MTI-FW-19(config)#
Now when booting a device we simply get to "Launching BootLoader..." and the box hangs. I am able to boot into Romon and using the tftpdnld command I can boot to the 8.0.4 image off a tftp server. I then see the output I provided earlier. I can copy a config onto the device and write it to mem, and then copy the 8.0.4 image to flash. I run the same commands that you provided to set a boot image, but when the device reloads it still hangs at: "Launching BootLoader..."
Working with cisco tac I have tried formatting flash and fixing the file systems by using their directions:
##########################
1) formate the flash
2) Repair the filesystem
3) copy the old image 8.0.2 to flash and then set boot variable for IOS.
Now ,reload the device and check if it comes up fine.
commands are below,
format {disk0: | disk1: | flash:}
fsck [/no confirm]{disk0: | disk1: | flash:}
##########################
After doing this I copy the images down again, set the boot image etc... and reboot. But it still hangs at "Launching BootLoader..."
Commands:
conf t
no boot system disk0:/asa802-k8.bin
boot system disk0:/asa804-k8.bin
boot system disk0:/asa802-k8.bin
asdm image disk0:/asdm-615.bin
write mem
reload noconfirm
Output:
conf t
MTI-FW-19(config)#
no boot system disk0:/asa802-k8.bin
MTI-FW-19(config)#
boot system disk0:/asa804-k8.bin
WARNING: BOOT variable added, but unable to find disk0:/asa804-k8.bin
MTI-FW-19(config)#
boot system disk0:/asa802-k8.bin
MTI-FW-19(config)#
asdm image disk0:/asdm-615.bin
Device Manager image set, but unable to find disk0:/asdm-615.bin
MTI-FW-19(config)#
write mem
Building configuration...
Cryptochecksum: 7dc91bd6 cb2d6e42 e6dcf5d4 77adb608
%Error writing disk0:/.private/startup-co
Error executing command
[FAILED]
MTI-FW-19(config)#
reload noconfirm
MTI-FW-19(config)#
Now when booting a device we simply get to "Launching BootLoader..." and the box hangs. I am able to boot into Romon and using the tftpdnld command I can boot to the 8.0.4 image off a tftp server. I then see the output I provided earlier. I can copy a config onto the device and write it to mem, and then copy the 8.0.4 image to flash. I run the same commands that you provided to set a boot image, but when the device reloads it still hangs at: "Launching BootLoader..."
Working with cisco tac I have tried formatting flash and fixing the file systems by using their directions:
##########################
1) formate the flash
2) Repair the filesystem
3) copy the old image 8.0.2 to flash and then set boot variable for IOS.
Now ,reload the device and check if it comes up fine.
commands are below,
format {disk0: | disk1: | flash:}
fsck [/no confirm]{disk0: | disk1: | flash:}
##########################
After doing this I copy the images down again, set the boot image etc... and reboot. But it still hangs at "Launching BootLoader..."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.