Description | This article describes upgrade failure for FortiEDR. |
Scope | |
Solution |
Overview A device is not upgrading to the latest version.
Procedure
Note. In a multi-tenant environment, upgrading devices is recommended to be done from the Hoster View.
1) In the Console, go to the Inventory tab. Search for the device name in the search bar and confirm the Collector Group the device belongs to.
2) After confirming the Collector Group the device belongs to and verifying the version is not showing the latest upgrade, go to the Administration Tab. Under Licensing, select the Update Collectors button at the bottom of the screen.
3) The Update Collectors screen will show the Collector Groups and what version they have been set to upgrade to. Confirm the Collector Group of the device is set to the expected upgrade version.
4) Now that it is confirmed the correct Collector Group was set to upgrade to the correct version, a simple restart may actually resolve the upgrade issue. Try restarting the device.
After the device has completed the restart, wait for a few minutes to let the device to retrieve the upgrade package from the Central Manager and to conduct the upgrade and confirm if the new version is running. If not, proceed to Step 5 to continue troubleshooting and obtain logs.
5. Return to the Inventory tab and locate the device again. From the Inventory tab, select the checkbox next to the device and then select Export -> Collector Logs to collect the logs. If this is successful, skip step 6 and move to step 7.
This will not work if the device is Disconnected. See step 5 if this is the case.
6) If the device is Disconnected, obtain the FortiEDR logs from the device itself:
- Note: XP logs will be at \Documents and Settings\All Users\Application Data
In the logs that were exported from the system, you will find installer_<version>.log. To do a local analysis, you can use Ctrl+F to find “value 3” in this log file.
Look a few lines above that to find where the upgrade failure occurred. Please open a support ticket in FortiCare for Support Assistance.
For more advanced local troubleshooting, try upgrading the device locally. If that does not work, uninstall the version on the local device and do a clean install of the new version. If that fails create a support ticket.
When prompted, enter the Uninstall/Registration PWD, run the correct version 32/64 bit on the affected machine at least 2 times with reboot, and then install the new Collector.
If the Collector fails to install at this point, run Procmon alongside the install to further troubleshoot and also get the installer logs using /l*vx log.txt parameter. Save the Procmon log as a PML file and create a FortiCare Support Ticket.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.