Guest

Cisco Intrusion Prevention System

Field Notice: FN - 62341- IDS/IPS - Sensor Software Versions 5.0(X) or 5.1(X) May Become Unresponsive on Daylight Savings Time Boundary Transition - Service Pack Update Required


Revised April 21, 2006

April 03, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

ASA - ASA-SSM-10=

ASA - ASA-SSM-20=

IDS - NM-CIDS-K9

4210 - IDS-4210-K9

4215 -

4235 -

4240 -

4250 -

4255 -

IDS - NM-CIDS-K9

IDSM2 -

Problem Description

Within 24 hours after a transition to or from summer time ( Daylight Savings Time), the sensor management channel may become unresponsive.

The MainApp process has stopped and has written a core file in the following directory: /usr/cids/idsRoot/log/mainApp/

Background

The conflicting timer constructs within the application code creating the failure. The timer modules are not customer visible.

The failure will occur at some point in the 24 hours before or after the transition to or from daylight savings time. The exact point in the 24 hour failure window depends on arbitrary alignment of the timers with respect each other.

Problem Symptoms

The sensor will not respond to application management channel requests.

Additionally, the sensor will reject CLI login attempts.

Note: The sensor continues to analyze network traffic corresponding to the last accepted configuration.

Workaround/Solution

There are two possible solutions listed below.

Solution 1 (Preventative): Upgrade the sensor to service pack 5.0(6) or 5.1(x).

Solution 2: (Reactive) If mainApp has aborted then reboot the sensor.

Rebooting the sensor:

  • Login using the service account.

  • Switch to root user account using the command su -.

  • Enter the service account password for root access.

  • As user root, execute reboot to reboot the sensor.

If you do not have a service account, then use the following methods:

  • If the sensor is an appliance, physically power the sensor off and back on.

  • If the sensor is an IDSM-2, NM-CIDS, ASA-SSM-10, or ASA-SSM-20, then you must login to the switch, router, or ASA to reboot or reset the module.

Customers are advised to upgrade the sensor to service pack 5.0(6) or 5.1(x) to prevent a future occurrence.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsa85330 (registered customers only)

MainApp - core during day when switchover to daylight savings happens

Revision History

Revision

Date

Comment

1.1

21-APR-2006

Revised Title and Added 5.1(x) to Workaround/Solution Section

1.0

03-APR-2006

Initial Public Release

NetPro Discussion Forums - Featured Conversations

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.