|
First of all, it is important to be able to diagnose the issue. Based on the command:
diagnose deb config-error-log read
ffdb_map_flash_read: ret=-2, Error: open map tmp file error
init_do_ffdb_map: ret=-6, Error: shared memory error <- Points to a problem with installation of the database due to memory.
The reason for this issue is a very likely error with the device not being able to hold the database. This usually happens on smaller devices.
To fix this issue, clear the current internet service using the commands below:
diagnose internet-service clear /data2/ffdb_app
diagnose internet-service clear /data2/ffdb_map
diagnose internet-service clear /data2/ffdb_map_res
With these commands, the ISDB database is supposed to be clear. After that, issue the following command:
execute update-now
The command to check the current ISDB is below (see the paragraph with 'Internet-service Full Database', which will help to identify whether the ISDB was installed successfully):
diagnose autoupdate versions
Another common issue for an upgrade from major version 7.0 to 7.2 is as per the KB article (getting-error-ffdb-app-map-process), with output:
ffdb_map_flash_read: ret=-5, Error: version error
ffdb_map version mismatch, the Internet Service Database will automatically update
For this issue, the fix is as per the lines above, with 'execute update-now'.
However, it can be the case that there is still an issue. The next step it would do a manual update of the ISDB as per the KB article below: Technical Tip: Manual Update of Internet Service Database (ISDB) Package
Once again, the command to check the current ISDB is below (see the paragraph with 'Internet-service Full Database', which will help to verify whether the ISDB is installed successfully):
diagnose autoupdate versions
The other options would be to change the database; the options are given below: Technical Tip: Configuring and checking the Internet Service database version installed and running ...
Upon the change of the database, the following options are given:
A:
- diagnose internet-service clear
- Change the type of database (to mini or on-demand).
- execute update-now
or B:
- Change the type of database (to mini or on-demand).
- reboot
- execute update-now
Check for any duplicate entries in the ISDN database by running the following command:
diagnose internet-service-name check-duplicate
The last step to take, if none of the above solutions work, is to perform a clean installation of the device. This would format the disk and start from scratch, for which a backup is needed. The procedure is given below:
Format: Technical Tip: Formatting and loading FortiGate firmware image using TFTP
Restore: Configuration backups and restoration - FortiGate 6.4.5 administration guide
If none of these steps work, open a ticket with TAC support and provide the data from the following debug:
get system status
diagnose autoupdate versions
diagnose debug application update -1
diagnose debug console timestamp
diagnose debug enable
execute update-now
|
