Can't Manually Up2Date

Hello

I have an SG210 REV3 running UTM 9.700-5.  I have purchased a second SG210 REV3 that we would like to use as a slave in Hot Standby mode.

The second UTM is running 9.509.  My understanding is that the slave will need to be upgraded to the same FW as the master.

The second UTM has only the "base" license which means I can't use automatic Up2Date to install the latest firmware.

I have attempted to update the UTM manually, which I understand must be done one FW update at a time and sequentially.  In my case this means updating to 9.51 (this is the next FW on the FTP site).

I have uploaded the FW to the UTM which then recognises there is an update to install, and I then start the installation process.  The UTM restarts, but when I log in it is still 9.509.  In the Up2Date Log are the following messages:

 

auisys[7895]: You are currently running Version 9.509003, but Version 9.510004 is required for this up2date package

auisys[7895]: id="371J" severity="error" sys="system" sub="up2date" name="Fatal: Version conflict: required version: 9.510004 <=> current version: 9.509003" status="failed" action="install" package="sys"

 

The log for the whole update is attached to this post.  It does mention it is loading other Up2Date packages, but I haven't uploaded them.

 

Where am I going wrong?

Many thanks

  • Firmware Update Log.txt
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: Starting Up2Date Package Installer
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: No suitable packages of type <man9> found, skipping
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: No suitable packages of type <aws> found, skipping
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: No suitable packages of type <ohelp9> found, skipping
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: No suitable packages of type <cadata> found, skipping
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: No suitable packages of type <geoip> found, skipping
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: Install u2d packages <sys>
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: Starting installing up2date packages for type 'sys'
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: unpacking up2date package: /var/up2date/sys/u2d-sys-9.510004-510005.tgz.gpg
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: unpacking up2date package version: 9.510005
    2020:02:07-15:36:54 utm-b-2 auisys[7721]: Verifying up2date package signature
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: Unpacking installation instructions
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: parsing installation instructions
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: Showdesc ok.
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: [INFO-301] New Firmware Up2Date is ready for installation
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: unpacking up2date package: /var/up2date/sys/u2d-sys-9.510005-605001.tgz.gpg
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: unpacking up2date package version: 9.605001
    2020:02:07-15:36:55 utm-b-2 auisys[7721]: Verifying up2date package signature
    2020:02:07-15:36:59 utm-b-2 auisys[7721]: Unpacking installation instructions
    2020:02:07-15:37:02 utm-b-2 auisys[7721]: parsing installation instructions
    2020:02:07-15:37:02 utm-b-2 audld[6999]: Could not connect to Authentication Server us2.utmu2d.sophos.com (code=500 500 Can't connect to us2.utmu2d.sophos.com:443).
    2020:02:07-15:37:02 utm-b-2 auisys[7721]: Showdesc ok.
    2020:02:07-15:37:02 utm-b-2 auisys[7721]: [INFO-301] New Firmware Up2Date is ready for installation
    2020:02:07-15:37:02 utm-b-2 auisys[7721]: unpacking up2date package: /var/up2date/sys/u2d-sys-9.605001-700005.tgz.gpg
    2020:02:07-15:37:02 utm-b-2 auisys[7721]: unpacking up2date package version: 9.700005
    2020:02:07-15:37:02 utm-b-2 auisys[7721]: Verifying up2date package signature
    2020:02:07-15:37:04 utm-b-2 auisys[7721]: Unpacking installation instructions
    2020:02:07-15:37:05 utm-b-2 auisys[7721]: parsing installation instructions
    2020:02:07-15:37:05 utm-b-2 auisys[7721]: Showdesc ok.
    2020:02:07-15:37:05 utm-b-2 auisys[7721]: [INFO-301] New Firmware Up2Date is ready for installation
    2020:02:07-15:37:05 utm-b-2 auisys[7721]: unpacking up2date package: /var/up2date/sys/u2d-sys-9.700005-701006.tgz.gpg
    2020:02:07-15:37:05 utm-b-2 auisys[7721]: unpacking up2date package version: 9.701006
    2020:02:07-15:37:05 utm-b-2 auisys[7721]: Verifying up2date package signature
    2020:02:07-15:37:08 utm-b-2 auisys[7721]: Unpacking installation instructions
    2020:02:07-15:37:09 utm-b-2 auisys[7721]: parsing installation instructions
    2020:02:07-15:37:09 utm-b-2 auisys[7721]: Showdesc ok.
    2020:02:07-15:37:09 utm-b-2 auisys[7721]: [INFO-301] New Firmware Up2Date is ready for installation
    2020:02:07-15:37:30 utm-b-2 auisys[7721]: Doing HA sync
    2020:02:07-15:37:30 utm-b-2 auisys[7721]: calling: </usr/local/bin/up2date_sync.sh>
    2020:02:07-15:37:30 utm-b-2 auisys[7721]: id="3720" severity="info" sys="system" sub="up2date" name="Successfully triggered up2date sync" status="success" action="sync"
    2020:02:07-15:37:30 utm-b-2 auisys[7721]: Up2Date Package Installer finished, exiting
    2020:02:07-15:37:30 utm-b-2 auisys[7721]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
    2020:02:07-15:37:42 utm-b-2 audld[6999]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2020:02:07-15:37:45 utm-b-2 auisys[7895]: running on HA master system or cluster node
    2020:02:07-15:37:45 utm-b-2 auisys[7895]: waiting for db_verify to return (30 seconds max)
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: removing '/var/up2date/aws-install'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: removing '/var/up2date/cadata-install'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: removing '/var/up2date/geoip-install'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: removing '/var/up2date/man9-install'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: removing '/var/up2date/ohelp9-install'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: removing '/var/up2date/sys-install'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: Starting Up2Date Package Installer
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: version of package '/var/up2date/sys/u2d-sys-9.700005-701006.tgz.gpg' doesn't fit, skipping
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: version of package '/var/up2date/sys/u2d-sys-9.510005-605001.tgz.gpg' doesn't fit, skipping
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: version of package '/var/up2date/sys/u2d-sys-9.605001-700005.tgz.gpg' doesn't fit, skipping
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: Install u2d packages <sys>
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: Starting installing up2date packages for type 'sys'
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: Installing up2date package: /var/up2date/sys/u2d-sys-9.510004-510005.tgz.gpg
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: Verifying up2date package signature
    2020:02:07-15:37:46 utm-b-2 auisys[7895]: Unpacking installation instructions
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: parsing installation instructions
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: >=========================================================================
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: You are currently running Version 9.509003, but Version 9.510004 is required for this up2date package.
    2020:02:07-15:37:47 utm-b-2 auisys[7895]:
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 1. Modules::Logging::msg:46() /</sbin/auisys.plx>Modules/Logging.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 2. Modules::Auisys::Installer::Systemstep::install:149() /</sbin/auisys.plx>Modules/Auisys/Installer/Systemstep.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 3. Modules::Auisys::Up2DatePackages::install:143() /</sbin/auisys.plx>Modules/Auisys/Up2DatePackages.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 4. Modules::Auisys::QueueIterator::process_qfiles:81() /</sbin/auisys.plx>Modules/Auisys/QueueIterator.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 5. main::main:298() auisys.pl
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 6. main::top-level:35() auisys.pl
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: |=========================================================================
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: id="371J" severity="error" sys="system" sub="up2date" name="Fatal: Version conflict: required version: 9.510004 <=> current version: 9.509003" status="failed" action="install" package="sys"
    2020:02:07-15:37:47 utm-b-2 auisys[7895]:
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 1. Modules::Logging::alf:100() /</sbin/auisys.plx>Modules/Logging.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 2. Modules::Auisys::Installer::Systemstep::install:152() /</sbin/auisys.plx>Modules/Auisys/Installer/Systemstep.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 3. Modules::Auisys::Up2DatePackages::install:143() /</sbin/auisys.plx>Modules/Auisys/Up2DatePackages.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 4. Modules::Auisys::QueueIterator::process_qfiles:81() /</sbin/auisys.plx>Modules/Auisys/QueueIterator.pm
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 5. main::main:298() auisys.pl
    2020:02:07-15:37:47 utm-b-2 auisys[7895]: 6. main::top-level:35() auisys.pl
    2020:02:07-15:38:08 utm-b-2 auisys[7895]: <=========================================================================
    2020:02:07-15:38:08 utm-b-2 auisys[7895]: Up2Date Package Installer finished, exiting
    2020:02:07-15:38:08 utm-b-2 auisys[7895]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
    2020:02:07-15:38:08 utm-b-2 auisys[7895]: Initiating reboot
    2020:02:07-15:38:22 utm-b-2 audld[6999]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2020:02:07-15:38:22 utm-b-2 audld[6999]: >=========================================================================
    2020:02:07-15:38:22 utm-b-2 audld[6999]: All 4 Authentication Servers failed
    2020:02:07-15:38:22 utm-b-2 audld[6999]:
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 4. main::main:174() audld.pl
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 5. main::top-level:40() audld.pl
    2020:02:07-15:38:22 utm-b-2 audld[6999]: [CRIT-310] Up2Date prefetch failed
    2020:02:07-15:38:22 utm-b-2 audld[6999]: |=========================================================================
    2020:02:07-15:38:22 utm-b-2 audld[6999]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2020:02:07-15:38:22 utm-b-2 audld[6999]:
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 3. main::main:174() audld.pl
    2020:02:07-15:38:22 utm-b-2 audld[6999]: 4. main::top-level:40() audld.pl

  • In reply to gr33ny:

    You try to install u2d-sys-9.510004-510005

    This package updates from 9.510004 to 9.510005 and don't work with your 9.509003

    you need u2d-sys-9.509003-510005.tgz.gpg first

    u2d-sys-9.510005-605001.tgz.gpg   next

    u2d-sys-9.605001-700005.tgz.gpg   next

    u2d-sys-9.700005-701006.tgz.gpg   next

    all steps between these releases you don't need to install.

    ... But after factory-reset and minimal install of your new device you should have a 30 day demo period. here you can use auto-updates without additional license.

     

     

  • Dirk put you on the right track.  Here's what I give to my clients in a similar situation.

    1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
    2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
    3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
       a. Enable Hot-Standby
       b. Select eth3 as the Sync NIC
       c. Configure it as Node_1
       d. Enter an encryption key (I've never found a need to remember it)
       e. Select 'Enable automatic configuration of new devices'
       f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
    4. Cable eth3 to eth3 on the new device.
    5. Cable all of the other NICs exactly as they are on the original UTM.
    6. Power up the new device and wait for the good news. Wink

    Cheers - Bob