Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

ASA 8.x: Troubleshooting ASA Flash Errors

Document ID: 113266

Updated: Jan 31, 2012

   Print

Introduction

This document describes different possible errors that occur because of the Cisco ASA flash corruption and also points the possible solutions.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco ASA 5500 series with software version 8.0 and later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

Cisco ASA maintains its filesystem in an internal flash memory and stores all the files in flash memory. This is a memory card inserted into a slot in the ASA. The capacity of this depends on the ASA hardware model. Refer to the Technical Specifications section in Table 8 of Cisco ASA Data Sheet for more information. This memory is referred to as flash or disk0.

When additional flash memory is needed, you could use an external flash card. Except for the ASA 5505 model, all other ASA models in 5500 series have an external compact flash card slot on the rear end of the device, which can be accessed by the user easily without the need to open the device. This flash card is also used to save the configuration files and referred to as disk1.

If the flash filesystem is properly accessed by the device and works properly, the device indicates this with a Solid Green on the Flash LED on the front panel of the device.

The contents of this filesystem can be verified with any of these commands:

  • dir —Displays the contents of the current directory.

    Note: The default current directory is flash:/.

  • show flash: —Displays the contents of the internal flash memory.

  • show disk0 —Displays the contents of the internal flash memory.

  • show disk1 —Displays the contents of the external flash memory.

Mitigate Cisco ASA Flash Corruption Issues

When there are issues with the access of the flash filesystem, you can complete these steps that explain troubleshooting procedures.

Run the "fsck" utility

The term fsck is an acronym for filesystem check. This utility usually runs automatically at the start-up of the device and verifies for any anomalies within the filesystem in case of any abnormal events. It fixes the problem within the filesystem and save that as a recovery file. You can execute the fsck utility with the fsck flash: command.

The fsck utility repairs a corrupt filesystem. A successful fsck operation results in this output:

CiscoASA# fsck flash:

Checking the boot sector and partition table...

Checking FAT, Files and Directories...

Reclaiming unused space...

Updating FAT...

Destroying old disk cache...

Initializing disk0: cache, please wait......Done.

fsck of flash: complete

In case of any filesystem corruption issues, the fsck utility generates recovery files namely fsck00??.rec. If you can view a number of these recovery files on the flash, these may result because of an automated testing process where the ASA might be power cycled too often. In general, these files do not contain any vital data and can be safely deleted with the delete command. Example is shown:

CiscoASA# delete fsck0012.rec

Note: The FSCK utility runs automatically at startup, so you can see these recovery files even if you did not manually enter the fsck command.

There are certain instances where these recovery files can be seen on the flash of a freshly ordered Cisco ASA appliances. A snippet of show flash: is shown:

96     -rwx 32768       00:00:00 Jan 01 1980 FSCK0000.REC
97     -rwx 32768       00:00:00 Jan 01 1980 FSCK0001.REC
99     -rwx 32768       00:00:00 Jan 01 1980 FSCK0002.REC
100    -rwx 32768       00:00:00 Jan 01 1980 FSCK0003.REC

This is due to a manufacturing testing and this behavior is filed in Cisco bug ID CSCtf63643 (registered customers only) . These FSCK files dated as 1980 due to when they are created with file description initialized to ZERO by the FSCK utility. These files can be deleted and after a device reboot, these files do not appear again. If these files appear again, you are advised to run a format operation.

Format the Flash

If the flash filesystem stays unresponsive even after trying the fsck utility, you can format the flash to erase all the existing files and images. Flash system can be formatted with the format flash: command.

Note: Check on these actions before you perform the format utility:

  1. Copy the running configuration to the tftp-server with the copy run tftp command OR

    Copy the start-up configuration to the tftp-server with the copy start tftp command.

  2. Take a backup from the output of the show version command; as you need to use the activation key.

There is another similar command that performs the same job as format do. It is shown here:

CiscoASA# erase flash:

This command overwrites all files and erases the file system, which includes hidden system files, and then reinstalls the file system. On Cisco ASA 5500 series security appliances, the erase command destroys all user data on the disk with the 0xFF pattern. In contrast, the format command only resets the file system control structures. When the erase option is used, it deletes all the information related to the licensing. You need to fetch the activation keys in order to retain the licenses on Cisco ASA. Refer to Cisco Licensing Web Page (registered customers only) for more information and in order to request the activation key.

Note: You need to have valid Cisco user credentials in order to access this web page.

Replace the flash card manually

If none of the previous steps works, then you can try to remove the erroneous flash card manually and replace it with another working flash card. Refer to these documents for a detailed step-by-step procedure in order to perform this task:

Note: Before you try to manually replace the card, you are advised to contact the Cisco TAC for further troubleshooting. The device should be under valid Cisco contract in order to open a TAC service request.

Error Messages

In this section, a list of widely known error messages related to the flash filesystem corruption are shown.

File Allocation Table might be corrupted. Recommend running "fsck disk0:"

This error results when the show flash command is executed. It does not show any files in the output but this error message. This is a sample output of the command:

ASA#show disk0:
-#- --length-- -----date/time------ path

23273472 bytes available (39673856 bytes used)
File Allocation Table might be corrupted. Recommend running "fsck disk0:"

This behavior has been logged in Cisco bug ID CSCsl12010 (registered customers only) . When free memory is low (close to 0), show flash does not indicate any files and recommends to run FSCK operation. In this situation, wait for some time so that some memory becomes available by the running applications. Run the show flash command again and see if some memory is available. If the previous situation prevails, run the FSCK utility. At times, this error can also result when you try to save the configuration on the device.

Another bug, Cisco bug ID CSCsg16431 (registered customers only) , has been filed to address this behavior in the case of FWSM. This error results after an upgrade on the FWSM and can be resolved after you run the format utility.

%Error opening disk0:/ (No such device)

This error resulted when this command is issued:

ASA# dir all-filesystems
%Error opening disk0:/ (No such device)
%Error opening system:/ (No such device)
%Error opening cache:/ (No such device)

Invalid DOS media or no media in slot error

This error resulted when this command is issued:

ASA# fsck disk0:
Initializing disk0: cache, please wait...Failed (Invalid DOS media or no media in slot
error).

Internal error, inode table initialization for disk0: failed with error Invalid DOS media
or no media in slot
%Error checking disk0: (Invalid DOS media or no media in slot)
WARNING: Restoring security context mode failed.

Failed to initialize the Inode table

This error resulted when this command is issued:

ASA# show flash:
Initializing disk0: cache, please wait...Failed (Invalid DOS media or no media in slot
error).

%Error show flash: (Failed to initialize the Inode table)

ASA 8.3 reboots after installing memory upgrade and copying file

The ASA reboot just after the boot up process is completed and after the software version upgraded to 8.3. This behavior is observed and filed as Cisco bug ID CSCtg94369 (registered customers only) . In order to rectify this, remove the original existing memory after 2 GB memory upgrade to 8.3 version.

ERROR: flash datafile corrupt found

When you boot the Cisco ASA device, this error message can appear:

ERROR: flash datafile corrupt   found magic # 0x55aa55aa expected 0x1234567a

Error when wr mem command issued

This error appears when you try to save the configuration with the wr mem command:

%Error opening disk0:/.private/startup-config (Read-only file system)

Error executing command

In order to resolve this, perform a filesystem check so that the error can be removed. This command sequence is presented for your reference.

CiscoASA# wr mem
Building configuration...
Cryptochecksum: 2e24ca48 2496fe80 51a4ecbb 81a2dba5

%Error opening disk0:/.private/startup-config (Read-only file system)
Error executing command
[FAILED]
CiscoASA# fsck disk0

fsck of disk0: complete
CiscoASA#
pehac-a0-df01# fsck flash

fsck of flash: complete
CiscoASA# wr mem
Building configuration...
Cryptochecksum: 2e24ca48 2496fe80 51a4ecbb 81a2dba5

22851 bytes copied in 3.400 secs (7617 bytes/sec)
[OK]

Failed Sector Read Error

This error appears when the write mem command is executed.

%Error opening disk0:/.private/startup-config (Failed Sector Read) 
Error executing command [FAILED]

Format the flash drive in order to resolve this issue.

Useful FAQ

Can I hot-swap the flash drive? For example, is it possible to change the flash drive when Cisco ASA is powered ON and running?

It is always recommended that you turn off the Cisco ASA while you insert the flash drive. This disables all the running processes and allows the ASA to recognize the flash from the boot process.

Can I use third party flash drives on Cisco ASA?

Before you use any third party flash devices, you need to verify the compatibility with Cisco and verify if it is approved by Cisco. Cisco recommends to obtain the flash drives from a Cisco authorized seller so that it can be supported. Refer to Third Party Components - Cisco Policy for more information.

What do I do if I accidentally erase flash by mistake?

You need to complete the these steps.

  1. Save the running-configuration to the startup-configuration.

  2. Format the flash drive.

  3. Restore all the image files through a tftp transfer.

Does formatting the flash affect the running connections on Cisco ASA?

No. As long as you do not reset the box, it does not affect it because the information related to those connections reside in RAM.

Can I use external flash as internal flash?

Yes. You need to complete these steps.

  1. Copy the disk0 files to tftp.

  2. Copy them from tftp to disk1.

  3. Set the boot path accordingly.

    There is also another option. You can also copy the files directly from the internal memory to the external memory with the copy disk0 disk1 command.

Related Information

Updated: Jan 31, 2012
Document ID: 113266