This is just a quick blog post for those that might have FDM issues after upgrading your FTD software.

I have recently updated my Firepower appliance from 6.5.0 to One of the reasons to update is not only that 6.5.0 is a .0 release, but also that I noticed some failed rule-update deployments that set snort to block all traffic.

Unfortunately, after upgrading, FDM reported an error that it could not be launched with an application failure error. The suggested action was to remove the manager, add a new local manager and begin from scratch. This is the error: “The Firepower Device Manager application cannot be opened. Please try again”

While googling for a possible caveat of this behavior on, I came across a caveat in 6.2.3 that has the same behavior. 

That caveat has supported me in fixing my solution. What I did was executing the following commands:


> expert
NOTICE - Shell access will be deprecated in future releases
         and will be replaced with a separate expert mode CLI.
admin@na-grm-ftd01:~$ sudo su -
root@my-ftd01:httpd# cd /ngfw/var/cisco/ngfwWebUi/
root@my-ftd01:ngfwWebUi# ls -a
.   .bootstrap-failed  clifile    deploy                      ha_pkg  lina_cli_sqlite_stores   pjb_output  sslCiphers  variables.ftd_onbox
..  bin                clisyncer  ftd_onbox_6.5.0.2_previous  libs  sru         tomcat      version

root@my-ftd01:ngfwWebUi# rm .bootstrap-failed 
root@my-ftd01:pmtool disablebyid tomcat
root@my-ftd01:pmtool enablebyid tomcat

Basically, you go into expert mode, find the tomcat directory used for FDM and then remove a status file and try to restart it.

With me, this worked and helped me get back access to FDM. Should you run into issues with FDM after an upgrade, this “hack” might help you.

Disclaimer: You are entering expert mode of FTD, it means you can DESTROY your FTD configuration and box. Be aware of what you are doing and make sure you have a backup. 

Share This