Issue
When attempting to upgrade Cisco Secure Firewall Management Center (FMC) to version 7.6.4, the upgrade process fails during the readiness check with the this error message: "Platform architecture x86_64 is not supported". This error prevents the upgrade from proceeding. This article also presents an /ngfw directory workaround.
Environment
- Technology: Cisco Secure Firewall Firepower - 7.6
- Subtechnology: Cisco Secure Firewall - Management (FMC / cdFMC / FDM) - 7.6
- Software Version: FMC 7.6.2, attempted upgrade to 7.6.4
- Observed on platforms running x86_64 architecture
- Upgrade failures can correlate with the existence of an unexpected /ngfw directory on the FMC root file system
- Similar symptoms and workaround referenced in prior cases and Cisco Bug IDs
Resolution
These steps explain in detail how to identify and resolve the upgrade failure caused by the presence of an unexpected /ngfw directory, which triggers the platform architecture error during the upgrade readiness check.
Access the FMC CLI in Expert Mode
Log into the FMC CLI and enter expert mode to gain root privileges.
> expert
admin@device:~$ sudo su
Password:
root@device:/Volume/home/admin#
Navigate to the Root Directory and List Its Contents
Change directory to the root (/) and list all directories to check for the presence of the /ngfw folder.
root@device:/Volume/home/admin# cd /
root@device:/# ls -halts
Example output (note the presence of ngfw😞
total 101K
4.0K drwxrwxrwt 23 root root 4.0K Jan 9 06:51 tmp
1.0K drwxr-xr-x 6 root root 1.0K Jan 9 06:50 boot
...
4.0K drwxr-xr-x 3 root root 4.0K Dec 2 11:28 ngfw <======
...
Review the Upgrade Readiness Check Failure Logs
Inspect the readiness check logs for the specific error message indicating the unsupported platform architecture.
**************************** :FAILURE SCRIPT: ****************************
[260108 12:35:56:668]
SCRIPT NAME: 000_start/000_check_platform_support.sh
RECOVERY MESSAGE: Fatal error: Platform architecture x86_64 is not supported. Supported architecture(s) are i386.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Implement the Workaround: Rename the /ngfw Directory
To resolve the issue, rename the /ngfw directory (if it exists) to /ngfw.old. This prevents the upgrade scripts from misidentifying the platform architecture.
mv /ngfw /ngfw.old
Caution: Possible. The details mentioned here appears to contain procedures or commands that could cause significant impact if executed. Please ensure the preceding procedures or commands have been evaluated by an SME or Business Unit before executing or recommending.
Rerun the Upgrade Readiness Check
After renaming the directory, rerun the upgrade readiness check. In observed cases, the readiness check quickly passes without the previous error, allowing the FMC upgrade to proceed.
Additional notes from previous occurrences indicates that this kind of directory is created manually, by mistake. Check the bash history in the Troubleshoot file to confirm the incorrect creation of such a file and prevent any execution of similar commands in an FMC.
# cd command-outputs/
# cat 'echo == ROOT ==_ cat root-.bash_history_ echo ""_ for USER in `ls -Volume-home-`_ do echo == _{USER} == _ cat -Volume-home-_{USER}-.bash_history_ echo ""_ done.output' | grep -i ngfw
ngfw
pigtail all -outfile /ngfw/var/common/configuration_import.log <======
sudo cat /ngfw/var/log/messages | grep sftunnel
Once the workaround is applied, the upgrade from FMC 7.6.2.1 to 7.6.4 completes successfully.
Cause
The upgrade readiness check fails due to the presence of an unexpected /ngfw directory in the FMC root file system. The upgrade script incorrectly identifies the platform architecture as x86_64 (unsupported) instead of i386 (supported) when this directory exists. The root cause is tracked under Cisco Bug ID CSCws69999. Related defects have occurred in earlier versions, as referenced by Cisco Bug ID CSCvy95809.
Related Content
Feedback