6

I was performing maintenance on a standby Cisco ASA 5508-X firewall that is part of a failover cluster. Upon reload, I noticed that the cluster status remained failed long after the unit should have recovered.

I had datacenter staff connect a serial console and received the following in reboot loop:

Attempt autoboot: "boot disk0:"
media drive disk0: not present
boot: cannot determine first file name on device "disk0:"
autoboot: All boot attempts have failed.

enter image description here

This is definitely new to me, as I was used to a low failure rate on the old ASA 5505 and 5510 firewalls.

This unit is a failover device and doesn't have a current SmartNet. However, what's the best way to recover from this type of failure? Services are not impacted at the moment, but I couldn't find any straightforward procedures to follow.

ewwhite
  • 194,921
  • 91
  • 434
  • 799

2 Answers2

6

The boot flash (disk0) on that is an internal eUSB. I don't have a 5508-X handy to see if it can be swapped out easily or if it was soldered in. You might be able to get away with using a USB thumb drive connected to one of the external ports and adjusting boot variables accordingly.

You should be able to format the drive on the primary box and copy the software image (nb - it's just FAT32). This will get you to where you should be able to convince the bad box to boot, at which point you can restore the configuration and drop back into the standby role.

rnxrx
  • 8,103
  • 3
  • 20
  • 30
  • Yes, an external USB flash drive should be visible as "disk1". See http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5508xguide/b_install_guide_5508/b_install_guide_5508_chapter_0100.html#concept_C4B6427E77D54C7B9DE2961C6D4109B9 and http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113266-asa-flash-error-ts.html – hertitu Dec 19 '16 at 09:09
  • Soldered in... ugh. I'm trying the external USB approach now. – ewwhite Dec 21 '16 at 05:35
  • No luck on external USB. I was able to get the firewall booted via a tftp image, but it's unable to recognize disk0: or the external disk1:. – ewwhite Dec 21 '16 at 06:07
  • 1
    Your issue may not be a bad disk but rather a bad controller altogether. You may want to either involve TAC or consider putting a spare small SSD in the drive slot on the back... kind of hail-Mary territory, though. – rnxrx Dec 21 '16 at 11:04
  • I think it's a controller issue. I can't get Cisco support though, due to their slow processing of my smartnet – ewwhite Dec 23 '16 at 19:11
1

Internal and External Flash Storage The ASA contains one internal USB flash drive, and a standard USB Type A port that you can use to attach an external device. The USB port can provide output power of 5 volts, up to a maximum of 500 mA (5 USB power units).

Internal USB Device An embedded eUSB device is used as the internal flash; it is identified as disk0.

External USB Drive (Optional) You can use the external Type A USB port to attach a data-storage device. The external USB drive identifier is disk1. When the ASA is powered on, a connected USB drive is mounted as disk1 and is available for you to use. Additionally, the file-system commands that are available to disk0 are also available to disk1, including copy, format, delete, mkdir, pwd, cd, and so on.

If you insert a USB drive with more than one partition, only the first partition is mounted.

FAT-32 File System The ASA only supports FAT-32-formatted file systems for the internal eUSB and external USB drives. If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails, and you receive an error message. You can enter the command format disk1: to format the partition to FAT-32 and mount the partition to disk1 again; however, data might be lost.

Rtaccon
  • 11
  • 1
  • http://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5508xguide/b_install_guide_5508/b_install_guide_5508_chapter_0100.html – Rtaccon Dec 22 '16 at 08:30