Wireless Access

 View Only
  • 1.  Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha

    Posted 8 days ago

    January 2025

    To everyone who is planning to upgrade from Airwave 8.3.0.2 or 8.3.0.3 to 8.3.0.4 as advised by the CVSS issued in December, there is a potential for a sting in the tail.

    We have an on-prem Airwave - and did the upgrade over the Christmas holidays.  We discovered that the upgrade process has a problem with it that might show the upgrade as being successful, but will fail the upgrade process. 

    Current theory seems to be that for some reason, the upgrade script from 8.3.0.2 to 8.3.0.4 deletes the /usr/local/airwave/bin directory during its post installation scripts or processes.  This is less than optimal as it stops most of the services from running properly.  Unhelpfully the logs state that the upgrade has successfully been completed, but it hasn't.

    We engaged TAC immediately they engaged with us, I think they had seen this issue before because they asked us to download the 8.3.0.2 ISO file and mount it, so we could go into the system, chroot and try and remake the amp installation.

    From their notes (I've sanitised it slightly):

    • After 8.3.0.4 upgrade, CLI would not able to login with 'ampadmin' user
    • Downloaded the 8.3.0.2 ISO and mounted to the Server
    • Changed the boot option from UEFI to BIOS
    • Went on Linux rescue mode and changed the password. However, still we couldn't able to login with ampadmin user
    • Went on Linux rescue mode and created a user 'newrootuser' under /etc/passwd

    newrootuser:x:1002:0:root:/root:/bin/bash

    • Recompiled the server but It got failed
    • Tried to enable amp but it shows an error 'Permission denied'
    • Noticed the files are missing under 'cd /usr/local/airwave/bin/' directory
    • Unable to enable amp as it does not have sudo user permission
    • Went on Linux rescue and added the below line under /etc/sudoers file

    newrootuser    ALL=(ALL)       ALL

    • Unmounted the ISO and login with 'newrootuser' user
    • Recompiled the server using command # make
    • Ensured it completed and enabled AMP and ensured all the services are running
    • Confirmed we were able to login CLI with ampadmi user.



  • 2.  RE: Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha

    Posted 8 days ago
    Hi,

    As a side-note...  does not always appear to happen.  Did the same upgrade and did not have mentioned behaviour.  Had another issue though with igc not starting, which was worked around by deleting 'unused' groups in the config before the upgrade (there must have been some settings in one of those which prevented igc from starting after the upgrade)...

    Kind regards,

    Peter Nobels | System Manager







  • 3.  RE: Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha

    Posted 7 days ago

    Hello , i have same issue with IGC from upgrating from 8.3.02.to 8.3.0.3. I opened tac case . The Solution was to disable manually the IGC on the group  and enable it .Some setting with that was gone like certificates on Aps but after reapply the certs everything work now . I am afraid even to start to upgrade to 8.3.0.4 to not face the same issue because in my enviroment i have 80 groups 2500 Aps and all of the user Ap1x certificated which with that bug Cert disappear and you have to reapply it ......




  • 4.  RE: Airwave CVSS patch - December - Airwve 8.3.0.2 to 8.3.0.4 gotcha

    Posted 7 days ago

    Agreed with you re: certificates.  We definately had to reapply the certificate on the server post-upgrade, luckily the cert was still on the server, so reapplied it via the CLI commandline.

    As always, make sure you have a backup done just before the patching (and make sure you have a copy of the backup located offline somewhere)