Failover error on a ASA5515-X

Eric Carel
Eric Carel used Ask the Experts™
on
Recently, we received the following error on our primary ASA5515-X which caused the unit to failover to the secondary ASA (same model) -  "%ASA−1−104001: (Secondary) Switching to ACTIVE − Service card in other unit failed"

The interesting thing here is that we have NO IPS purchased or configured in either model. There is however AVC (Application visibility and control) and WSE - Web Security Essentials (URL Filtering) on both, but never been setup or used. The ASAs have been running for about 2 years without issue.

We were able to fail back to the primary without making any changes. Thoughts?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
You may be experiencing the issue listed in this known bug for the ASA's. -> https://tools.cisco.com/quickview/bug/CSCun48868

The text of the error may be left over from the older ASA's that had add on modules for IPS/IDS.  Perhaps Cisco did not change the test message to reflect that the security module is now integrated.
Maybe the card is bad or not set properly causing the failover? Try resetting it. Does it have the latest firmware?
Just realized it is integrated as per eeRoot.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial