Field Notice: FN74283 - Secure Workload – Upgrading From Any 3.9 Release to Release 3.10.1.1 May Fail - Software Upgrade Recommended
Available Languages
Notice
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Products Affected
| Affected Software Product | Affected Release | Affected Release Number | Comments |
|---|---|---|---|
| Tetration OS | 3 | 3.10.1.1 | Only version 3.10.1.1 is affected |
Defect Information
| Defect ID | Headline |
| CSCwo03982 | CSW Policy Enforcement starts failing a few weeks after upgrade to 3.10.1.1 |
| CSCwn62188 | Upgrade failure ORC-1014: Instance mongodb-1 deploy failed |
Problem Description
Upgrading Cisco Secure Workload Software from any 3.9 release (which includes Release 3.9.1.1 and all patch releases later than 3.9.1.1) to Release 3.10.1.1 may fail due to database configuration issues.
Also, upgrade policy store certificates are not automatically renewed for Cisco Secure Workload Release 3.10.1.1, which may cause issues with segmentation policy enforcement for this specific release (CSCwo03982).
Background
Upgrading Cisco Secure Workload Software from any 3.9 release (which includes Release 3.9.1.1 and all patch releases later than 3.9.1.1) to Release 3.10.1.1 may fail due to MongoDB index creation failure.
Problem Symptom
When an upgrade failure occurs, the following messages may be seen in the Cisco Secure Workload user interface log:
ORC-1014: Instance mongodb-x IP:x.x.x.x deploy failed
{\"operationTime\":{\"$timestamp\":{\"t\":1734488929,\"i\":3}},\"ok\":0,\"errmsg\":\"WiredTigerIndex::insert: key too large to index, failing 1024 { : null, : { _id: ObjectId(‘1234a5678b9c10d2e1f22gh’), name: \\\"Ethernet0\\\", vrf_id: xxx, mac_address: \\\"00:x0:x2:x1:x3:x4\\\”, ip: \\\”x.x.x.x\\\”, family_type: \\\"IPV4\\\", netmask: \\\"255.255.252.0\\\", pcap_opened: true, ip_hex: \\\"c0a858c2\\\", created_at: 1652988451, updated_at: 1652988451, interface_index: 4, tags: { user_AD-Role: \\\"genric\\\", user_: \\\"Fasle\\\", user_Location: \\\"Campus\\\", user_orchestrator_system/
Workaround/Solution
When upgrading Cisco Secure Workload Software from any 3.9 release to Release 3.10.1.1, customers should contact the Cisco Technical Assistance Center (TAC) for assistance with performing diagnostics and executing necessary signed scripts to ensure a successful upgrade to Release 3.10.1.1. Additionally, TAC can assist with applying patch version 3.10.2.11 to address the segmentation policy enforcement issue (CSCwo03982).
Revision History
| Version | Description | Section | Date |
| 1.0 | Initial Release | — | 2025-MAY-30 |
For More Information
For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:
Receive Email Notification About New Field Notices
To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)
This Document Applies to These Products
Unleash the Power of TAC's Virtual Assistance