Guest

Preview Tool

Cisco Bug: CSCvs06043 - TunnelClient for CSM_CCMservice on ngfwManager not reading ACK sent from CSM_CCM service on FMC

Last Modified

Sep 29, 2020

Products (11)

  • Sourcefire Defense Center
  • Cisco Firepower Management Center 4600
  • Cisco Firepower Management Center 2500
  • Cisco NGIPS Virtual Appliance
  • Cisco Firepower Management Center 4500
  • Cisco Firepower Management Center 1000
  • Cisco Firepower Management Center 4000
  • Cisco Firepower Management Center 1600
  • Cisco Firepower Management Center 2600
  • Cisco Firepower Management Center Virtual Appliance
View all products in Bug Search Tool Login Required

Known Affected Releases

6.2.3 6.3.0 6.4.0 6.4.0.10 6.5.0 6.6.0

Description (partial)

Symptom:
Policy deployment failure with the error "unable to retrieve running configuration"

Conditions:
The tunnelClient is having issues in communication. The following logs are seen:

Oct 30 06:23:39 ccm[20081] pool-7-thread-1: WARN com.cisco.ccm.ConfigCommunicationManager- Tunnel connection error for 8eb98dd0-da68-11e7-ae22-2443d77ea668
java.io.IOException: sftunnel restarted
at com.cisco.sftunnel.TunnelClient._connect(TunnelClient.java:186)
at com.cisco.sftunnel.TunnelClient.connect(TunnelClient.java:155)
at com.cisco.ccm.ConfigCommunicationManager$ManagerData.connectTunnel(ConfigCommunicationManager.java:1472)
at com.cisco.ccm.ConfigCommunicationManager$ManagerData.sendMessage(ConfigCommunicationManager.java:1540)
at com.cisco.ccm.ConfigCommunicationManager$MessageWorkUnit.run(ConfigCommunicationManager.java:440)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- Connecting to peer: 8eb98dd0-da68-11e7-ae22-2443d77ea668, tunnel client connected on service 9009
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- [peer 8eb98dd0-da68-11e7-ae22-2443d77ea668] [svc 9009] [session 0] send: [header service=8197 length=2] [data 2 bytes] sent at 0
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: INFO com.cisco.sftunnel.TunnelClient- Remaining bytes to be transferred : 0
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: INFO com.cisco.sftunnel.TunnelClient- Remaining bytes to be transferred : 0
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- [peer 8eb98dd0-da68-11e7-ae22-2443d77ea668] [svc 9009] [session 0] connection established
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- [peer 8eb98dd0-da68-11e7-ae22-2443d77ea668] [svc 9009] [session 0] generating new session id...
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- [peer 8eb98dd0-da68-11e7-ae22-2443d77ea668] [svc 9009] [session 458589520] i'm the session master
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- [peer 8eb98dd0-da68-11e7-ae22-2443d77ea668] [svc 9009] [session 458589520] sending session message with id 458589520
Oct 30 06:23:39 ccm[20081] pool-5-thread-2: DEBUG com.cisco.sftunnel.TunnelClient- [peer 8eb98dd0-da68-11e7-ae22-2443d77ea668] [svc 9009] [session 458589520] send: [header service=9009 length=8][inner header 00 03 1B 55 85 50 00 00] (session 458589520 type SESSION) [data 0 bytes] sent at 0
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.