We have an older FMC4500 that orignally topped out at 6.6.7.1. I checked a few times after 7.0 was released but it wasn’t listed as avialable for the 4500 until recently.
Fast forward until a few weeks ago we were troubleshooting an issue with a rule for detecting an ASyncRAT certficiate. It would only fire on HTTP/HTTPS ports, but not on the port that the C&C Server was listening on. We went back and forth with both our IR team and Cisco TAC, but still haven’t gotten to the bottom of it. Curiously it did work as expected in the lab, where everything is on 7.2 and Snort3. So I figured I’d upgrade the FMC to 7.0 as a last resort, though our sensors cannot go that high. And immediately after the upgrade, I attempted to deploy and was greeted with the following error reported by 6/8 of my devices.
“Deployment failed due to configuration error Feb 15 22:36:30 Mismatch in number of entries between /etc/passwd and /etc/shadow . If problem persists after retrying, contact Cisco TAC.”
It was already 10pm at this point and I didn’t want to put in a ticket and wait for a callback, so I SSHed into the first device reporting this. It turns out it was as simple as the error is reporting, there is a mismatch between the number of entries in /etc/passwd and /etc/shadow. I don’t recall which file had the extra line or two, but deleting them cleared the problem and I was able to deploy. I have a theory how we got into this situation, but haven’t bothered digging into it since it was fixed so easily.
This error is clearly new in 7.0 as I’ve never seen it before and the issue was clearly there before the upgrade.