Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DirtyBlueshirt
New Contributor II

FortiManager 5.2.6 upgrade - Post Upgrade Config Update stuck at 76%

Hi,

 

We just applied the 5.2.6 FortiManager upgrade. We're coming from 5.2.4. After the upgrade, the login page shows the usual "The system is unavailable due to configuration update. Device logs are not accepted at this time." and the progress bar is stuck at 75% for the past 10 minutes or so. Is this expected? I haven't had an update take this long before.

 

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
16 REPLIES 16
scao_FTNT
Staff
Staff

what is the console output?

 

Thanks

 

Simon

DirtyBlueshirt

scao_FTNT wrote:

what is the console output?

 

Thanks

 

Simon

I don't have access to that at the moment, the device is in our UK datacenter.

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
scao_FTNT

in 5.2.6, there has some code added for upgrade check and fix for the db issue if any during upgrade, but the detailed info only printed on console during upgrade

 

if you still see the issue and GUI stopped there, you may need to open a ticket and provide your 5.2.4 db, send me the ticket ID and I will follow up your ticket

 

Thanks

 

Simon

 

 

DirtyBlueshirt

scao_FTNT wrote:

in 5.2.6, there has some code added for upgrade check and fix for the db issue if any during upgrade, but the detailed info only printed on console during upgrade

 

if you still see the issue and GUI stopped there, you may need to open a ticket and provide your 5.2.4 db, send me the ticket ID and I will follow up your ticket

 

Thanks

 

Simon

 

 

That code must be REALLY slow to run or we had a LOT of errors to fix. After 10 hours, the progress bar is now sitting at 100%, though not complete enough to log in. We will let it sit overnight and update if it clears. Might be worth noting this type of event could happen, if it was in the upgrade guide, I don't recall it being called out very noticeably.

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
DirtyBlueshirt

The FortiManager completed the tasks finally and is back up and running normally. Definitely need to warn people it could take over 16 hours to do an upgrade.

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
DirtyBlueshirt

Ok, now a new problem (could be what caused the upgrade issues?) Somehow now we have an object in "Rating Overrides" called "Access Granted" with a category of "Allow". Every device uses the Allow category, and now I can't delete this object, or the allow category. Any clue? It's now failing every device policy install because the URL has invalid syntax (of course).

 

 

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
scao_FTNT

what is the FGT version? can you show me the failed install log?

 

thanks

 

Simon

DirtyBlueshirt

scao_FTNT wrote:

what is the FGT version? can you show me the failed install log?

 

thanks

 

Simon

FortiGate versions range from 5.0.9 to 5.0.13. I've found a workaround by setting up a new ADOM and am re-importing everything. Not like IT people have weekends or anything 

 

I'll get the log here in a moment...

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
DirtyBlueshirt

Here's the syntax around that particular error:

 

GB1EXTSMAFGT1000_001 (VPN-VDOM) $  config webfilter ftgd-local-rating
GB1EXTSMAFGT1000_001 (ftgd-local-rating) $ edit "Access Granted"
node_check_object fail! for url Access Granted

value parse error before 'Access Granted'
Command fail. Return code -257
GB1EXTSMAFGT1000_001 (ftgd-local-rating) $ set rating "142"
GB1EXTSMAFGT1000_001 (ftgd-local-rating) $ next
GB1EXTSMAFGT1000_001 (ftgd-local-rating) $ end
GB1EXTSMAFGT1000_001 (VPN-VDOM) $ end

 

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
Labels
Top Kudoed Authors