SRX

Upgrade SRX345 from 15.1X49-D190.2 to 18.2R3.4 fails with the following errors:

 

request system software add /var/tmp/junos-srxsme-18.2R3.4.tgz no-copy unlink

NOTICE: Validating configuration against junos-srxsme-18.2R3.4.tgz.

NOTICE: Use the 'no-validate' option to skip this if desired.

Formatting alternate root (/dev/da0s1a)...

/dev/da0s1a: 2510.1MB (5140780 sectors) block size 16384, fragment size 2048

        using 14 cylinder groups of 183.62MB, 11752 blks, 23552 inodes.

super-block backups (for fsck -b #) at:

32, 376096, 752160, 1128224, 1504288, 1880352, 2256416, 2632480, 3008544,

3384608, 3760672, 4136736, 4512800, 4888864

Checking compatibility with configuration

Initializing...

Verified manifest signed by PackageProductionEc_2019 method ECDSA256+SHA256

Using junos-18.2R3.4 from /altroot/cf/packages/install-tmp/junos-18.2R3.4

Copying package ...

veriexec: cannot update veriexec for /cf/var/validate/c/junos/var/jailetc/php_mod.ini: No such file or directory

veriexec: cannot update veriexec for /cf/var/validate/c/junos/var/jailetc/mime.types: No such file or directory

veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/libpsu.so.3: Too many links

veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/libyaml.so.3: Too many links

veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/libext_db.so.3: Too many links

veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/telemetry/na-mqttd/na-mqtt.conf: No such file or directory

Verified manifest signed by PackageProductionEc_2019 method ECDSA256+SHA256

Hardware Database regeneration succeeded

Validating against /config/juniper.conf.gz

Network security daemon: <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">

Network security daemon: <source-daemon>nsd</source-daemon>

Network security daemon: <message>certificate 'device': certificate does not exist .</message>

Network security daemon: </xnm:error>

mgd: error: configuration check-out failed

Validation failed

Validating against /config/rescue.conf.gz

Network security daemon: <xnm:error xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">

Network security daemon: <source-daemon>nsd</source-daemon>

Network security daemon: <message>certificate 'device': certificate does not exist .</message>

Network security daemon: </xnm:error>

mgd: error: configuration check-out failed

Validation failed

ERROR: Configuration validation failed with /altroot/cf/packages/install-tmp/junos-18.2R3.4

 

Any ideas how to make this work?

Try the following commands:

 

request system configuration rescue save
request system software add no-copy no-validate /var/tmp/junos-srxsme-18.2R3.4.tgz

 

Do not use "unlink" on SRX platform, it is only supported on M, T and MX platforms.

Thanks! Worked like a charm...

I am Trying to update SRX550M and getting the following:

Current OS:

show version
Hostname: lan-fw1
Model: srx550m
Junos: 15.1X49-D170.4
JUNOS Software Release [15.1X49-D170.4]

request system software validate /var/tmp/junos-srxsme-18.2R3-S2.9.tgz
Checking compatibility with configuration
Initializing...
Verified manifest signed by PackageProductionEc_2019 method ECDSA256+SHA256
Using /var/tmp/junos-srxsme-18.2R3-S2.9.tgz
Checking junos requirements on /
Available space: 2222236 require: 365914
Saving boot file package in /var/sw/pkg/junos-boot-srxsme-18.2R3-S2.9.tgz
veriexec: cannot update veriexec for /cf/var/validate/c/junos/var/jailetc/php_mod.ini: No such file or directory
veriexec: cannot update veriexec for /cf/var/validate/c/junos/var/jailetc/mime.types: No such file or directory
veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/libpsu.so.3: Too many links
veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/libyaml.so.3: Too many links
veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/libext_db.so.3: Too many links
veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/telemetry/na-mqttd/na-mqtt.conf: No such file or directory
Verified manifest signed by PackageProductionEc_2019 method ECDSA256+SHA256
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
mgd: error: Allocating memory for action maps 'no-ssh-rsa' failed
Abort trap (core dumped)
Validation failed
Validating against /config/rescue.conf.gz
Network security daemon: <xnm:warning xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
Network security daemon: <source-daemon>nsd</source-daemon>
Network security daemon: <message>You have changed iso flow mode.
Network security daemon: You have to reboot the system for your change to take effect.
Network security daemon: If you have deployed a cluster, be sure to reboot all nodes.</message>
Network security daemon: </xnm:warning>
UTM Daemon: <xnm:warning xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
UTM Daemon: <source-daemon>utmd</source-daemon>
UTM Daemon: <message>Anti-spam feature needs AS type configuration:
UTM Daemon: "set security utm default-configuration anti-spam type ..."
UTM Daemon: </message>
UTM Daemon: </xnm:warning>
mgd: commit complete
Validation succeeded
ERROR: Configuration validation failed with /var/tmp/junos-srxsme-18.2R3-S2.9.tgz

Hi,

Looks like there is some configuration which is missing in the device which is causing the validation to fail.
UTM Daemon: <MESSAGE>Anti-spam feature needs AS type configuration:
UTM Daemon: "set security utm default-configuration anti-spam type ..."
Please add the anti-spam type in the configuration and then try again and update us.

While doing the validation, device is checking for the Anti-spam type and since it is not able to find it, validation is failing.
Look forward for your response.




Thanks and Regards,
Guru Prasad



Juniper Business Use Only</MESSAGE>

Hello.

 

The command to set the anti-spam type does not exist prior to JunOS 18. Any advice on how to proceed other than telling the system to not validate the package?

 

Model: srx345-dual-ac
Junos: 15.1X49-D160.2
JUNOS Software Release [15.1X49-D160.2]

 

user@FW2# set security utm ?
Possible completions:
> application-proxy Application proxy settings
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> custom-objects Custom-objects settings
> feature-profile Feature-profile settings
> ipc IPC settings
> traceoptions Trace options for utm
> utm-policy Configure profile
[edit]

However it is present on the following

 

Model: srx345-dual-ac
Junos: 18.2R3-S2.9
JUNOS Software Release [18.2R3-S2.9]

 

user@FW9# set security utm default-configuration anti-spam type anti-spam-none ?
Possible completions:
<[Enter]> Execute this command
address-blacklist Anti-spam blacklist
address-whitelist Anti-spam whitelist
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> sbl SBL settings
> traceoptions Trace options for anti-spam feature

Thank you

Hi,

 

Thanks for the response.

 

I cant see the config you have provided.

set security utm ?
Possible completions:
> application-proxy Application proxy settings
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> custom-objects Custom-objects settings
> feature-profile Feature-profile settings
> ipc IPC settings
> traceoptions Trace options for utm
> utm-policy Configure profile

 

this is the current config i have 
feature-profile {
anti-virus {
type sophos-engine;
}
anti-spam {
sbl;
}
}
utm-policy ticl-lan-policy {
anti-virus {
http-profile junos-sophos-av-defaults;
ftp {
upload-profile junos-sophos-av-defaults;
download-profile junos-sophos-av-defaults;
}
smtp-profile junos-sophos-av-defaults;
pop3-profile junos-sophos-av-defaults;
imap-profile junos-sophos-av-defaults;
}
anti-spam {
smtp-profile junos-as-defaults;
}
}