Troubleshooting Advanced Threat Protection's update process

book

Article ID: 169918

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When you update Advanced Threat Protection (ATP) to a new version, the upgrade seems to hang.


Cause


Environment

Advanced Threat Protection architecture (either virtual machine or appliance)

Resolution

To check the status of the update

Run the following command, at the command line interface (CLI), to check the status of the update:

update status

 

Repairing a failed update

If the update failed, clear the failed update, and manually download and install the update.

To clean up and download the update:

  1. In the CLI, run the following command:
    update clean_all
     
  2. Once that command completes, run the following command to download and cache the install package:
    update download
    Note: If you connect to the CLI with PuTTY, do not close the session during this process.

If the update download fails or does not complete in a reasonable time, you can dump the packets from the network interface to help determine why the download is slow or stopped. A 15-minute packet dump should provide sufficient data. You can use the following command to create the packet dump:

tcpdump -s 0 -q -C 20 -w eth0.pcap -i eth0 -Z root

After about 15 minutes, press CTRL+C to stop the packet capture. The packet capture file appears in the directory from which you ran the command, and has the name "eth0.pcap".

 

To install the cached package

  1. If the download completes successfully, install the package with the following command:
    update install
    Note: The install command prompts for a reboot when it completes:
     
  2. After the reboot, allow sufficient time for the processes to load. If the message "Under construction" appears when you attempt to connect, the startup is not complete. After all processes are started, you can log in to the console.

 

If update install is hung or failed, run the following command, as the Support account, to verify that the update processes are running:

ps -elf | grep update | grep -v grep

If there are no update processes running, run the following command, and then restart the package installation:

update clean_lock