[an error occurred while processing this directive]

Cisco Security Monitoring, Analysis and Response System

Troubleshooting the DOM Issue for CS-MARS 25R, 25, or 55 Running a Release Prior to 6.0.3

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

Troubleshooting the DOM Issue for CS-MARS 25R, 25, or 55 Running a Release Prior to 6.0.3

Problem Description

Does This Affect Me?

How To Resolve It for a Standalone Local Controller

How To Resolve It for a Managed Local Controller

Downloading and Burning a Recovery DVD

Re-Imaging a Local Controller

Restoring Archived Data after Re-Imaging a MARS Appliance

Updating the Appliance to the 6.0.3 Software

Licensing the Appliance Using the 6.0.3 Software

Product Documentation

Obtaining Documentation and Submitting a Service Request


Troubleshooting the DOM Issue for CS-MARS 25R, 25, or 55 Running a Release Prior to 6.0.3

Published: July 8, 2009
Revised: July 20, 2009, 78-19151-01

This document describes the procedures required to restore configuration and event data from a software release prior to 6.0.3 to a MARS 25R, 25, and 55 appliance that includes an updated Disk on Module (DOM) memory device.

Problem Description

The refurbished or new MARS 25R, 25, and 55 appliance you are receiving from Cisco Service may not be able to run software versions prior to Release 6.0.3. The symptom of this condition is that you cannot install the Cisco license key when attempting to run any Release between 5.3.2 and 6.0.2, thus preventing access to the GUI.

In June 2009, the DOM memory device in all CS-MARS 25R, 25, and 55 models was updated. This hardware change required a software change (CSCsx16387) to enable appliance licensing. The software and hardware changes coincided with MARS release 6.0.3.

Does This Affect Me?

This issue affects you if either of the following statements is true:

The MARS Appliance sent to Cisco Service was running a software release prior to 6.0.3 and you want to restore the configuration and/or event data it archived before being sent to Cisco Service. See How To Resolve It for a Standalone Local Controller.

The MARS Appliance sent to Cisco Service was managed by a Global Controller that is running a software release prior to 6.0.3 and you intend to return the serviced appliance to the managed Local Controller role. See How To Resolve It for a Managed Local Controller.

How To Resolve It for a Standalone Local Controller

The MARS Appliance that you received from Cisco Service is imaged with MARS release 6.0.3. To restore your data, you must first re-image the appliance to the version used to create the configuration and/or data archive. However, you will not be able to license the appliance at that time. Once the data is restored, you must then upgrade the MARS Appliance by applying each subsequent patch to return the appliance to 6.0.3 or later so that you can apply the Cisco license and unlock the web interface.

Summary Steps

1. Download the ISO image that matches the release used to create the configuration/data archive that you want to restore. See Downloading and Burning a Recovery DVD.

2. Re-image the MARS Appliance to the version used to created the archive. See Re-Imaging a Local Controller.

3. Restore the data. See Restoring Archived Data after Re-Imaging a MARS Appliance.

4. Download all upgrade images between the archive version up through 6.0.3. See Updating the Appliance to the 6.0.3 Software.

5. Upgrade the MARS Appliance to MARS release 6.0.3 using the command line interface (CLI). See Updating the Appliance to the 6.0.3 Software.

6. Apply the license to the serviced appliance. See Licensing the Appliance Using the 6.0.3 Software.

7. Log in and verify the data.

How To Resolve It for a Managed Local Controller

To restore a managed Local Controller, you must do more than just re-imaging with the old software image and upgrade it to 6.0.3. Once the data is restored, you must upgrade the managing Global Controller and all of its managed Local Controllers to 6.0.3.

Summary Steps

1. Download the ISO image that matches the release used to create the configuration/data archive that you want to restore. See Downloading and Burning a Recovery DVD.

2. Re-image the MARS Appliance to the version used to created the archive. See Re-Imaging a Local Controller.

3. Restore the data. See Restoring Archived Data after Re-Imaging a MARS Appliance.

4. Download all upgrade images between the archive version up through 6.0.3. See Updating the Appliance to the 6.0.3 Software.

5. Upgrade the Global Controller and all managed Local Controller, including the restored appliance, to MARS release 6.0.3. See Updating the Appliance to the 6.0.3 Software. For the restored appliance, you must perform all upgrades up to 6.0.3 using the pnupgrade at command line interface (CLI).

6. Apply the license to the serviced appliance. See Licensing the Appliance Using the 6.0.3 Software.

7. Log in to the Global Controller and add the serviced Local Controller. See "Adding Local Controllers."

8. Log in to the Local Controller and verify the data.

Downloading and Burning a Recovery DVD

If you do not have the MARS Appliance Recovery DVD-ROM that shipped with your MARS Appliance or you want to use a new image to expedite the post recovery upgrade process, you can download the current recovery image from the Cisco.com software download pages dedicated to MARS. You can access these pages at the following URL, assuming you have a valid Cisco.com account and that you have registered your SMARTnet contract number for your MARS Appliance.

Recovery images: http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars-recovery

After you download the ISO image, for example, csmars-6.0.1.iso, you must burn that file on to a DVD-ROM. The files are typically 1.42 GB or larger.

The following guidelines are defined:

Use DVD+R, DVD+RW, or DVD-R and the correct media for either of those standards.

Do not burn the DVD at a speed higher than 4X.

To make a bootable DVD, you must burn the *.iso file onto the DVD using the bootable ISO DVD format; just copying the file to DVD does not make it bootable. Do not copy the *.iso file to a DVD; instead, you must extract it onto the DVD using your burner software. Most DVD burner software has a burn image function that extracts the files and makes the DVD bootable.

Re-Imaging a Local Controller

Use the MARS Appliance Recovery DVD-ROM to re-image the Local Controller if necessary. This operation destroys all data and installs a new image. In addition to preparing the device and later restoring any archived date, you must also perform three time-consuming appliance recovery phases:

Image downloading from the CD (about 30 minutes)

Image installation after the download (about 90 minutes)

Basic system configuration (about 5 minutes)

Caution Performing this procedure destroys all data stored on the MARS Appliance.

To re-image your Local Controller, follow these steps:

Step 1 Connect your monitor to the MARS Appliance VGA port and your keyboard to the PS/2 keyboard port. (To view a diagram of the MARS Appliance VGA and serial ports, refer the backplane figure corresponding to your appliance model in the Cisco Security MARS Hardware Installation Guide.)

Step 2 Disconnect any connected network cables from the eth0 and eth1 ports.

Step 3 Put the Recovery DVD in the MARS Appliance DVD-ROM drive.

Step 4 Do one of the following:

Log in to the MARS Appliance as pnadmin and reboot the system using the reboot command

Power cycle the MARS Appliance

Result: The following message displays on the console: 

Please Choose A MARS Model To Install...

1. Distributed Mars - Local Controller

2. Distributed Mars - Global Controller

3. Mars Operating System Recovery

4. Quit

Step 5 Using the arrow keys, select 1. Distributed MARS — Local Controller at the Recover menu and press Enter.

Result: The image download to the appliance begins. This process takes approximately 15 minutes. After the image download is complete, the Recovery DVD is ejected and the following message appears on the console: 

Please remove the installation CD and press Reboot to finish the installation.

Step 6 Remove the Recovery DVD from the MARS Appliance.

Step 7 Press Enter to restart the MARS Appliance.

Result: The MARS Appliance reboots, performs some configurations, including building the Oracle database. The configurations that occur after the first reboot take a significant amount of time (between an hour and an hour and a half), during which there is no feedback; this is normal system behavior.

Step 8 Reconnect any network cables to the eth0 and eth1 ports.

Note After re-imaging the appliance, you must once again perform initial configuration of the MARS Appliance. You will not be able to provision the license skip this part of the process. For detailed instructions, see "Initial MARS Appliance Configuration."

You will be unable to license the appliance until you have completed the data reimport and upgraded the appliance to 6.0.3 as described in "Updating the Appliance to the 6.0.3 Software" and "Licensing the Appliance Using the 6.0.3 Software".

Step 9 After the initial configuration is complete, recover the previously archived data using the procedure in Restoring Archived Data after Re-Imaging a MARS Appliance.

Restoring Archived Data after Re-Imaging a MARS Appliance

When you restore a MARS Appliance using archived data, you are restoring the system to match the data and configuration settings found in the archive. The configuration data includes the operating system, MARS software, license key, user accounts, passwords, and device list in effect at the time the archive was performed.

Caution The version of MARS software running on the appliance to be restored must match the version recorded in the archive. For example, if the data archive is for version 4.1.4, you must reimage the MARS Appliance to version 4.1.4, not older or newer, before using the pnrestore command to recover the system configuration and events.

For additional information on how the archives are restored, see "Guidelines for Restoring."

Note If you choose to restore from your archived data, you must re-enter all devices on the Local Controller that are missing from the archive file. To restore existing cases, you must restore incident and session data. See pnrestore for more information on types of data and restore modes.

If you have archived your data and you have recovered your MARS Appliance as described in Re-Imaging a Local Controller, perform the following steps:

Step 1 When the recovery process is complete, restore the MARS Appliance from the last archived data by executing the following command: 

pnrestore -p <ArchiveServerIP>:/<archive_path>

Where ArchiveServerIP is the value specified in the Remote Host IP field and archive_path is the value specified in the Remote Path field in the settings found in the web interface at Admin > System Maintenance > Data Archiving. You must identify the archive server by IP address, separated by a :/ and then the pathname ArchiveServerIP:/archive_path.

Step 2 When the restore operation completes, you may need to delete, re-enter, and re-discover all the devices that are missing from the MARS archive file.

Updating the Appliance to the 6.0.3 Software

After you complete the data restore, you need to upgrade the appliance to the 6.0.3 software.

Note For the restored appliance, you must perform all upgrades up to 6.0.3 using the pnupgrade at command line interface (CLI).

For more information and procedures on updating the software, see"Checklist for Upgrade of Appliance Software." For details on using the CLI to perform an upgrade, see "Upgrade from the CLI" and "pnupgrade."

Licensing the Appliance Using the 6.0.3 Software

Your appliance comes with a Software License Claim Certificate, which you use to generate your license key using a web browser. Adding the license file is only performed using the web interface; there is no CLI support.

Note The license key that you apply to a Global Controller does not propagate to the monitored Local Controllers. Each MARS Appliance has a unique license key.

To provision the license on 6.0.3 software, follow these steps:

Step 1 Locate the Software License Claim Certificate document that came with your product.

Step 2 Following the instructions on the claim certificate, log on to the specified website, and obtain the license authorization key/file. The Product Authorization Key (PAK) number found on the Software License Claim Certificate is required for the registration process. After registering, retain the document for future reference.

Step 3 Once you have stored the file on your local computer, verify the file has a .lic extension. If not, rename the file to have that extension. MARS prevents you from uploading a file with a different extension.

Step 4 Open your web browser and enter one of the following URL syntaxes in the address bar:

https://<machine_name>/

https://<ip_address>/

where machine_name is the name of the appliance and ip_address is the address assigned to the interface to which you are attempting to connect (either eth0 or eth1).

You will be prompted to accept the security certificate before you can proceed. After you accept the certificate, the login page appears.

Note SSL only works with the Cisco Systems self-signed certificates.

Note You will be prompted to install the Adobe SVG control if not previously installed.

Step 5 When you see the login page, enter the system administrative account (pnadmin) and the password.

Step 6 Select Local from the Type list because pnadmin is the local system administrative account, and click Login.

The Local versus Global distinction refers to the type of account you are using to log in to this appliance. Typically, you log in using an account that is defined on the Local Controller, which corresponds to the Local option in the Type list. If you are logging in using an account that is defined on the Global Controller, select Global. When you chose to manage a Local Controller from a Global Controller, the administrative accounts defined for the Global Controller are pushed down to the Local Controller.

Note The first time you log in, expect performance to be a little slow due to first-time caching and compilation.

If the MARS license key is not configured, the License Key dialog prompts you to enter this key.

Step 7 Click the link that directs you to load the license key file on the System Maintenance > License Key, Upgrade, and Certificates  > Set License page.

You must load this key to activate the MARS Appliance before you can use it.

The License Information page displays.

I

Step 8 Click Browse under Upload License Files, select the.lic file on your local computer, and click Open.

The license key file is uploaded appears under List of License Files. The license key information field is populated based on the information found in the license file.

Step 9 To view the content of an uploaded license file, click the link of the license filename under the List of License Files.

Note You cannot edit the content of the license file from this page

Product Documentation

For the complete list of documents supporting this release, see the release-specific document roadmap:

Cisco Secure MARS Documentation Guide and Warranty

http://www.cisco.com/en/US/products/ps6241/products_documentation_roadmaps_list.html

Lists document set that supports the MARS release and summarizes contents of each document.

For general product information, see:

http://www.cisco.com/go/mars

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

This document is to be used in conjunction with the documents listed in the "Product Documentation" section.

CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© <year> Cisco Systems, Inc. All rights reserved.

[an error occurred while processing this directive]