Agreed with you re: certificates. We definately had to reapply the certificate on the server post-upgrade, luckily the cert was still on the server, so reapplied it via the CLI commandline.
As always, make sure you have a backup done just before the patching (and make sure you have a copy of the backup located offline somewhere)
Original Message:
Sent: Jan 08, 2025 02:22 AM
From: Ognyan Sabev
Subject: Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha
Hello , i have same issue with IGC from upgrating from 8.3.02.to 8.3.0.3. I opened tac case . The Solution was to disable manually the IGC on the group and enable it .Some setting with that was gone like certificates on Aps but after reapply the certs everything work now . I am afraid even to start to upgrade to 8.3.0.4 to not face the same issue because in my enviroment i have 80 groups 2500 Aps and all of the user Ap1x certificated which with that bug Cert disappear and you have to reapply it ......
Original Message:
Sent: Jan 07, 2025 05:52 AM
From: pnobels
Subject: Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha
Hi,
As a side-note... does not always appear to happen. Did the same upgrade and did not have mentioned behaviour. Had another issue though with igc not starting, which was worked around by deleting 'unused' groups in the config before the upgrade (there must have been some settings in one of those which prevented igc from starting after the upgrade)...
Kind regards,
Peter Nobels | System Manager
Original Message:
Sent: 1/7/2025 5:41:00 AM
From: max.eaves
Subject: Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha
January 2025
To everyone who is planning to upgrade from Airwave 8.3.0.2 or 8.3.0.3 to 8.3.0.4 as advised by the CVSS issued in December, there is a potential for a sting in the tail.
We have an on-prem Airwave - and did the upgrade over the Christmas holidays. We discovered that the upgrade process has a problem with it that might show the upgrade as being successful, but will fail the upgrade process.
Current theory seems to be that for some reason, the upgrade script from 8.3.0.2 to 8.3.0.4 deletes the /usr/local/airwave/bin directory during its post installation scripts or processes. This is less than optimal as it stops most of the services from running properly. Unhelpfully the logs state that the upgrade has successfully been completed, but it hasn't.
We engaged TAC immediately they engaged with us, I think they had seen this issue before because they asked us to download the 8.3.0.2 ISO file and mount it, so we could go into the system, chroot and try and remake the amp installation.
From their notes (I've sanitised it slightly):
- After 8.3.0.4 upgrade, CLI would not able to login with 'ampadmin' user
- Downloaded the 8.3.0.2 ISO and mounted to the Server
- Changed the boot option from UEFI to BIOS
- Went on Linux rescue mode and changed the password. However, still we couldn't able to login with ampadmin user
- Went on Linux rescue mode and created a user 'newrootuser' under /etc/passwd
newrootuser:x:1002:0:root:/root:/bin/bash
- Recompiled the server but It got failed
- Tried to enable amp but it shows an error 'Permission denied'
- Noticed the files are missing under 'cd /usr/local/airwave/bin/' directory
- Unable to enable amp as it does not have sudo user permission
- Went on Linux rescue and added the below line under /etc/sudoers file
newrootuser ALL=(ALL) ALL
- Unmounted the ISO and login with 'newrootuser' user
- Recompiled the server using command # make
- Ensured it completed and enabled AMP and ensured all the services are running
- Confirmed we were able to login CLI with ampadmi user.