Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] IDP security-package update fails with error: “Failed in opening security database”

0

0

Article ID: KB29468 KB Last Updated: 15 Oct 2014Version: 1.0
Summary:

This article details a procedure for troubleshooting and resolving IDP security-package update issues.

Symptoms:

The IDP security-package update fails with the error below when the IDP database or some files are corrupted:

Failed in opening security database

Cause:

The corruption can occur because the SRX is booting up from a backup image, a power failure, or some other issue.

Solution:

Does the output of the command below not show the IDP attack DB version?

> show security idp security-package-version
Error; Failed in opening security database

Does a Commit fail with the IDP configuration activated, resulting in a similar error?

Failed in opening database /var/db/idpd/db/secdb_01.db :
Invalid format or unexpected end of file

Does the security package download succeed, only to have the security package installation halt after AI installation (with the error below)?

> request security idp security-package install
Error; Failed in opening security database

Does the device show any of the above symptoms?

If the answer to this question  is "yes," the IDP DB is probably corrupted. If that is the case, perform the steps below to fix the problem:

  1. Deactivate IDP configuration, if active:

  2. # deactivate security idp
    # commit

  3. From the shell prompt, navigate to the directory /var/db/idpd/db/ and list the files present there:

  4. % cd /var/db/idpd/db/
    % ls -l

    This should show the files secdb_01.db, secdb_02.db, and so on.

  5. Among the files listed, the IDP consults the file secdb_01.db when looking up the security-package version. Move this file to a temporary location:

  6. % mv secdb_01.db /var/tmp/

  7. Check the security-package-version, which should now show as N/A:

  8. > show security idp security-package-version

    Attack database version:N/A(N/A)
    Detector version :12.6.160140626
    Policy template version :N/A

  9. Download (full-update) and install the security-package on the device:

  10. > request security idp security-package download full-update
    > request security idp security-package install

  11. Confirm that the IDP includes the latest attack DB:

  12. > show security idp security-package-version

  13. Activate the IDP configuration, followed by a commit.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search