Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 11951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Operation failed. Please upgrade IPS and application signatures to latest version for this restore

Emjay

Got a RMA replacement of XG750.  Trying to restore from previous device to the new device but the restore keeps failing (Operation failed. Please upgrade IPS and application signatures to latest version for this restore). All update patterns are up to date and even higher than the device the backup came from.  Been trying for the last 5 hours keep getting same error, 

 

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Kindly assist with the command syntax to check

  • 0 in reply to LuCar Toni

    Hi Please see below logs

     

    XG750_RL02_SFOS 17.5.9 MR-9# cd /log                                            
    XG750_RL02_SFOS 17.5.9 MR-9# tail -f /log/ips.log                               
    [Feb 10 10:14:13 :12174]:DNS ATP log differentia.ru threat: C2/Generic-A        
    [Feb 10 10:14:13 :12174]:Logging garner_atp: ATP Threat :Uri : <differentia.ru> 
    Threat name: <C2/Generic-A>                                                     
    [Feb 10 10:14:13 :12184]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:13 :12184]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:13 :12174]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:13 :12174]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:13 :12174]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:13 :12174]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:15 :12184]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:15 :12184]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:17 :12182]:DNS ATP log differentia.ru threat: C2/Generic-A        
    [Feb 10 10:14:17 :12182]:Logging garner_atp: ATP Threat :Uri : <differentia.ru> 
    Threat name: <C2/Generic-A>                                                     
    [Feb 10 10:14:17 :12182]:DNS ATP log DIFFERENTIA.RU threat: C2/Generic-A        
    [Feb 10 10:14:17 :12182]:Logging garner_atp: ATP Threat :Uri : <DIFFERENTIA.RU> 
    Threat name: <C2/Generic-A>                                                     
    [Feb 10 10:14:17 :12186]:HTTP ATP log differentia.ru threat: C2/Generic-A       
    [Feb 10 10:14:17 :12186]:Logging garner_atp: ATP Threat :Uri : <differentia.ru> 
    Threat name: <C2/Generic-A>                                                     
    [Feb 10 10:14:18 :12178]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:18 :12178]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:18 :12172]:HTTP ATP log differentia.ru threat: C2/Generic-A       
    [Feb 10 10:14:18 :12172]:Logging garner_atp: ATP Threat :Uri : <differentia.ru> 
    Threat name: <C2/Generic-A>                                                     
    [Feb 10 10:14:18 :12176]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:18 :12176]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:19 :12174]:DNS ATP log gvaq70s7he.ru threat: C2/Generic-A         
    [Feb 10 10:14:19 :12174]:Logging garner_atp: ATP Threat :Uri : <gvaq70s7he.ru> T
    hreat name: <C2/Generic-A>                                                      
    [Feb 10 10:14:19 :12176]:DNS ATP log gvaq70s7he.ru threat: C2/Generic-A         
    [Feb 10 10:14:19 :12176]:Logging garner_atp: ATP Threat :Uri : <gvaq70s7he.ru> T
    hreat name: <C2/Generic-A>                                                      
    [Feb 10 10:14:19 :12180]:DNS ATP log gvaq70s7he.ru threat: C2/Generic-A         
    [Feb 10 10:14:19 :12180]:Logging garner_atp: ATP Threat :Uri : <gvaq70s7he.ru> T
    hreat name: <C2/Generic-A>                                                      
    [Feb 10 10:14:21 :12176]:HTTP ATP log 1337.abcvg.info threat: C2/Generic-A      
    [Feb 10 10:14:21 :12176]:Logging garner_atp: ATP Threat :Uri : <1337.abcvg.info>
     Threat name: <C2/Generic-A>                                                    
    [Feb 10 10:14:21 :12174]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:21 :12174]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:22 :12184]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:22 :12184]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:23 :12180]:DNS ATP log gvaq70s7he.ru threat: C2/Generic-A         
    [Feb 10 10:14:23 :12180]:Logging garner_atp: ATP Threat :Uri : <gvaq70s7he.ru> T
    hreat name: <C2/Generic-A>                                                      
    [Feb 10 10:14:23 :12180]:DNS ATP log GVAQ70S7HE.RU threat: C2/Generic-A         
    [Feb 10 10:14:23 :12180]:Logging garner_atp: ATP Threat :Uri : <GVAQ70S7HE.RU> T
    hreat name: <C2/Generic-A>                                                      
    [Feb 10 10:14:23 :12172]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:23 :12172]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:26 :12184]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:26 :12184]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:26 :12186]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:26 :12186]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:28 :12180]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:28 :12180]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:30 :12174]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:30 :12174]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:32 :12184]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:32 :12184]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:32 :12186]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:33 :12186]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:33 :12174]:DNS ATP log data6.satysservs.com threat: C2/Generic-A  
    [Feb 10 10:14:33 :12174]:Logging garner_atp: ATP Threat :Uri : <data6.satysservs
    .com> Threat name: <C2/Generic-A>                                               
    [Feb 10 10:14:33 :12180]:DNS ATP log data6.satysservs.com threat: C2/Generic-A  
    [Feb 10 10:14:33 :12180]:Logging garner_atp: ATP Threat :Uri : <data6.satysservs
    .com> Threat name: <C2/Generic-A>                                               
    [Feb 10 10:14:33 :12182]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:33 :12182]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:34 :12186]:DNS ATP log data6.satysservs.com threat: C2/Generic-A  
    [Feb 10 10:14:34 :12186]:Logging garner_atp: ATP Threat :Uri : <data6.satysservs
    .com> Threat name: <C2/Generic-A>                                               
    [Feb 10 10:14:37 :12176]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:37 :12176]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:37 :12174]:DNS ATP log cnm.oiwcvbnc2e.stream threat: C2/Generic-A 
    [Feb 10 10:14:37 :12174]:Logging garner_atp: ATP Threat :Uri : <cnm.oiwcvbnc2e.s
    tream> Threat name: <C2/Generic-A>                                              
    [Feb 10 10:14:38 :12184]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:38 :12184]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
    rg> Threat name: <C2/Generic-A>                                                 
    [Feb 10 10:14:38 :12178]:DNS ATP log superyou.zapto.org threat: C2/Generic-A    
    [Feb 10 10:14:38 :12178]:Logging garner_atp: ATP Threat :Uri : <superyou.zapto.o
  • 0 in reply to Emjay

    Hi  

    Please login to advanced shell execute below given command.

     cd /log

    tail -f applog.log

    Please try to upload backup and capture the logs and please share the output

  • 0 in reply to Keyur

    Hi, 

     

    Please see output 

     

    XG750_RL02_SFOS 17.5.9 MR-9# cd /log                                            
    XG750_RL02_SFOS 17.5.9 MR-9# tail -f applog.log                                 
    Graph[0]= loadavg , time[0]= weekly , Substrs[0]=NA                             
    Feb 10 10:35:45                                                                 
    ->input_string=loadavg,weekly,NA                                                
    Feb 10 10:36:19 manage_fqdn_ipset: Request for Subsystem ID: 946 of Type: 1 and 
    Action: add.                                                                    
    Feb 10 10:36:19 Type: FQDN HOST IPSET entry add/updated Successfully.           
    Feb 10 10:37:21 Maintenance Flag Set To Restore SystemFeb 10 10:37:21 ips_cat re
    store validation  ips_cat_corp_ver 0 bk_ips_cat_corp_ver is 1                   
    Feb 10 10:37:21 Failed to get tblconfiguration queryFeb 10 10:37:58 manage_fqdn_
    ipset: Request for Subsystem ID: 945 of Type: 1 and Action: add.                
    Feb 10 10:37:58 Type: FQDN HOST IPSET entry add/updated Successfully.           
    Feb 10 10:38:53 Maintenance Flag Set To Restore SystemFeb 10 10:38:54 ips_cat re
    store validation  ips_cat_corp_ver 0 bk_ips_cat_corp_ver is 1                   
    Feb 10 10:38:54 Failed to get tblconfiguration query       
  • 0 in reply to Emjay

    Hi  

    Thank you for the log, I would request you to please try below steps

    Keep the advanced shell open and execute the command 

    tail -f applog.log

    Keep the window open and then from GUI start uploading backup and check if more lines getting printed on the CLI

  • 0 in reply to Keyur 
                                                                                    
    Feb 10 10:52:38 Maintenance Flag Set To Restore SystemFeb 10 10:52:39 ips_cat re
    store validation  ips_cat_corp_ver 0 bk_ips_cat_corp_ver is 1                   
    Feb 10 10:52:39 Failed to get tblconfiguration queryFeb 10 10:53:00 Maintenance 
    Flag Set To Restore SystemFeb 10 10:53:00 ips_cat restore validation  ips_cat_co
    rp_ver 0 bk_ips_cat_corp_ver is 1                                               
    Feb 10 10:53:00 Failed to get tblconfiguration query         




    That is all I get as an outout with every attempt to restore backup
  • 0 in reply to Emjay

    Hi Emjay,

    please run the following command from the advanced shell:

    psql -U nobody -d corporate -c "select * from tblconfiguration"

    and post the output.

    If no output is return, I suggest to reset XG to factory default or reinstall the HW ISO on the appliance.

    Regards

  • 0 in reply to lferrara

     

    NO output.

     

    XG750_RL02_SFOS 17.5.9 MR-9# psql -U nobody -d corporate -c "select * from tblco
    nfiguration                                                                     
        



  • 0 in reply to Emjay

    You missed “ at the end