The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
These topics will help you troubleshoot AUS:
If the device is not shown in the device summary, it was not added correctly to the Security Manager inventory. The method for adding devices using Security Manager is explained in Updating Configuration Files.
After deploying a configuration as described in that topic, check the Security Manager deployment results to ensure deployment was successful. Also, check AUS event reports to ensure the device successfully contacted AUS and retrieved the configuration.
If deployment was successful and the device successfully downloaded the configuration, it should appear in the AUS device list.
If the device has never contacted AUS, it could be because:
For the device to contact AUS, do one or more of the following:
If the URL does not match the URL shown in the system information report, set the new AUS URL by entering the following.
Authentication errors can occur when the device tries to contact AUS. Authentication errors are visible in the event report (see Viewing the Event Report) or from the device console (if debug is enabled on the console).
To enable debug on the device console, log into the device, enter enable mode, and configure the following commands:
Authentication errors can result from using incorrect credentials:
To resolve the problem, do one or more of the following:
If you requested that a device immediately contact AUS for an auto update (see Requesting an Immediate Auto Update), but the device is not current, the cause could be one of the following:
To resolve the problem, do one or more of the following:
If you are trying to add a PDM, ASDM, ASA, or PIX software image file to AUS and are receiving error messages, the problem might be one of the following:
You can resolve the problem by doing one or more of the following:
Compare this checksum value with the value you received when the image was downloaded. If they are different, the image file is corrupted.
You can add only ASDM, PDM, ASA, and PIX software image files. To add configuration files, you must use Security Manager to configure the device and to deploy the configuration to AUS. For an explanation of the process, see Updating Configuration Files.
If you assigned an image file to a device but the device does not contain this file, the problem could be because:
To resolve the problem, do one or both of the following:
If the device has not contacted AUS to report that it is running an image file, see Why Has the Device Not Contacted AUS?.
A device can run only one ASA software image, PIX software image, ASDM file, or PDM file at a time, so you can assign only one file of each type to a device.
After you assign a new ASA or PIX software image to a device, a reboot is required. The reboot is automatic.
If a device continuously downloads a file, the device is having problems running the image. Check the event report (select Auto Update Server > Reports > Events) for errors. If there are errors, assign a new image file.
If buttons are grayed out on certain AUS screens, you do not have the correct privileges to perform those commands. See Appendix B, “User Roles and Permissions.”
It takes AUS a few minutes to restart after you reboot your machine. Do one of the following:
You can unassign the configuration file. For details, see Assigning and Unassigning Files to a Single Device. After unassigning the configuration file, correct and redeploy it using Security Manager.
If you have not installed Security Manager yet, or you simply want to check the connection between AUS and a device, you can add the device to AUS manually. For details, see Adding a Device Directly to AUS.
At the defined interval, the device contacts AUS. Verify that the device contacted AUS by reviewing the event report. See Viewing the Event Report.
After verifying that the connection between AUS and the device is correct, delete the device from AUS.
If the event failure summary report shows configuration errors, view the suspected configuration file to find the problem. See Viewing Configuration Files.
Use the line number in the configuration error to locate the fault in the configuration file.
You can check the following logs for information about errors:
Table A-1 displays common error messages, their probable causes, and possible solutions.
|
|
|
---|---|---|
Try to add the file to AUS again. If that does not work, restart AUS. |
||
The name of the file is either too long or too short, or does not follow the expected naming pattern. |
||
You added a file that is either corrupt or is not the correct file type. |
||
You cannot add the file to AUS; either the file is corrupted or you are trying to add a file type that is different from the file type specified in AUS. |
Download a new version of the image file and add the file to AUS. |
|
The device did not contact AUS; AUS does not know the IP address of the device. |
Wait until the device contacts the AUS and requests an auto update (see Requesting an Immediate Auto Update). |
|
AUS cannot authenticate your username/password credentials. Either your credentials are incorrect or your session timed out. |
||
Restart AUS. If the problem persists, contact Cisco technical support. |
||
Try to delete the file again. If you cannot delete the file, restart AUS. |
||
An error occurred during auto update. Enable or AAA credentials are incorrect, or the device does not allow HTTP access. |
Ensure that the device allows HTTP access for AUS; ensure that the AUS AAA and enable credentials are correct. See Adding a Device Directly to AUS. |
|
The temporary file used when you added the file cannot be deleted. The filename you specified contains invalid or illegal characters, or the file already exists in the storage area. |
Check the storage directory to verify that the file is not already there. Try the task again; if the problem persists, restart AUS and try to add the configuration file again. Check the log file for errors. |
|
AUS cannot perform an auto update. AUS does not know what credentials to use to communicate with the device because no enable password or AAA credentials were entered for the device. |
Modify the device entry with the correct credentials and try the task again. See Adding a Device Directly to AUS. |
|
An error occurred while the database password was being changed. The AUS db.prop file does not contain the correct username and password for the database, or you entered the password incorrectly. |
Verify that the AUS db.prop file contains the correct username and password for the database and enter your username and password again. |
|
Remove unneeded information from your hard drive or add a new hard drive. |
||
Try to add the device again. If you still cannot add the device to AUS, restart AUS. |
||
Try to add the file again. If you still cannot add the file to AUS, restart AUS. |
||
Use the existing entry, or delete the existing entry and retry the task. |
||
Verify that you entered the correct device ID and try the task again. |
||
The checksum of the file has changed since the file was added to the database. Either another user changed the file or your system is compromised. |
Make sure your machine is secure. Then delete the image file and add a new copy of the file to AUS. |
|
The assignments for the configuration file cannot be modified. |
||
The multicast address is not within the RFC multicast range (224.0.0.0-239.255.255.255). |
||
The day of the week on which you want a weekly auto update to occur was left blank. You did not select the days of the week for auto updates to occur. |
Select the day of the week on which weekly update must occur. |
|
Ensure that the update schedule type is configured properly. |
||
Schedule a configuration update first before you try to delete it. |
||
The update schedule configuration was unsuccessful. You already configured an update schedule type for the device. |