Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] IDP signature database download fails with "Failed to copy result file to backup RE" error

0

0

Article ID: KB28976 KB Last Updated: 29 Aug 2018Version: 3.0
Summary:

This document explains a possible issue where users are unable to download the IDP signature database and the following error is seen:

root> request security idp security-package download status
node0:
--------------------------------------------------------------------------
Done;Failed to copy result file to backup RE, errno: 1

It also gives the solution to resolve this issue.

 

Symptoms:

The following error is seen when trying to download the IDP signature database:

root> request security idp security-package download full-update
node0:
--------------------------------------------------------------------------
Will be processed in async mode. Check the status using the status checking CLI

root> request security idp security-package download status
node0:
--------------------------------------------------------------------------
Done;Failed to copy result file to backup RE, errno: 1

 

Cause:

By default, the IDP database is stored on the device in a directory with the following path: /var/db/idpd/sec-download/.

To view, enter the following commands from shell mode:

root% cd /var/db/idpd/                               <<< Changes the current directory to /var/db/idpd/
root% ls                                             <<< Lists the files in the current directory
_compilemmap  bins   nsm-download   sec-repository
_mmap         db     sec-download   sets

root% ls /var/db/idpd/            <<< If the concerned directories are somehow deleted, the ls command will not display any files.
root%

When this directory is deleted, the device will not find the directory at this location when it tries to download the IDP signature database again and the download will fail.

 

Possible Reasons for Deleting IDP Files

In many cases, IDP signature database files are deleted (intentionally or mistakenly) from the device. However, for IDP to run properly, the database must be downloaded again.

For example:

  • There may be a need to copy a Junos OS image to the device and there may not be enough space available even after storage cleanup. In this case, the IDP signature database is deleted from the device to increase available storage.

  • Another possible scenario may be when the IDP database is deleted due to CF corruption or if the database itself is corrupted.

Note: It is not advisable to delete the IDP database. This should be considered only in extreme cases. However, this article focuses on scenarios where it is absolutely necessary to delete the database or it has been accidentally deleted.

 

Solution:

To resolve the issue, reboot the device. The relevant directories are automatically re-created at the same path at reboot.

root> request system reboot
Reboot the system ? [yes,no] (no) yes

After the reboot, check again and verify that all the directories have been re-created with the same name at the same path:

root% ls /var/db/idpd/
_compilemmap   bins   idp-config.db   sec-download    sets
_mmap          db     nsm-download    sec-repository

Note: It is recommended to schedule a down time to reboot the device to avoid or prevent any outage.

Verification

Now download or install the security package again.

root> request security idp security-package download full-update
node0:
--------------------------------------------------------------------------
Will be processed in async mode. Check the status using the status checking CLI

root> request security idp security-package download status
node0:
--------------------------------------------------------------------------
Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi).

 

Modification History:

2018-08-28: Article reorganized and checked for accuracy with review dates modified

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search