Can’t write mem on ASA

27 Mar

Posted by Joe as Firewalls

frustrated Today while working on a config of a new ASA5510 I ran into a very strange error that I wanted to share with you.

I was configured the ASA as usual. When I was finished, I issued the standard "write mem" and saw the most bizarre error message...

asa# wr mem

Building configuration…

Cryptochecksum: 85ef8693 914a94f3 03a5bb9e 823bb285

%Error opening disk0:/.private/startup-config (Read-only file system)
Error executing command [FAILED]

I was speachless. What the heck does that mean? I could see the startup-config file on the firewall. I could do a "sh run" and see my running config. But I could not copy my running config to startup.

I tried a reboot but that only wiped out my config completely. I had to start over from scratch.

The solution was actually very simple.

Cisco has a built in file check utility to fix problems just like this. Many folks who are familiar with unix systems also know the file system check or fsck utility.

To fix this problem, from the command prompt run fsck...

asa# fsck disk0:

This of course assume that disck0: is your flash.

If this is successful you should see the following output:
asa# fsck of disk0: complete

You should now be able to save your config

asa# wr mem

Building configuration…

Cryptochecksum: 85ef8693 914a94f3 03a5bb9e 823bb285

80911 bytes copied in 4.60 secs (20227 bytes/sec) [OK]

If this still fails you need to contact Cisco TAc and get a replacement flash card

Here is the complete transaction in its entirety:

asa#copy run start

Source filename [running-config]?
Cryptochecksum: e958a84f 73198ab5 585c5a9f 9d39e3a8

%Error opening disk0:/.private/startup-config (Read-only file system)

asa# fsck disk0:
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Reclaimed 7 unused clusters (28672 bytes) in 2 chains.
Performing changes.
/dev/hda1: 76 files, 14623/15368 clusters

fsck of disk0: complete
asa# wr mem
Building configuration...
Cryptochecksum: b558388d cddfa287 d63f9b9a 10041e77

11870 bytes copied in 3.360 secs (3956 bytes/sec)
[OK]
asa#

I hope this helps you out as much as it did for me. I was tearing my hair out trying to figure out what was going on.

Until next time

FREAK!

No related posts.

4 Responses

niko
August 25th, 2009 at 8:30 am
1
It works perfectly! Thank you very much.
Naveen
September 25th, 2009 at 1:50 am
2
Super..I was having this issue and ur write up nailed it..
By any chance is there any expalnation of the issue and its soln??
I was haivng this issue only wen both the FWs were in failover mode.
If the standby went down, I could wr mem on pri..
Now I am able to do wen both are up…
Ben
January 13th, 2010 at 9:24 am
3
We just had the same issue on our standby ASA 5520. The primary one was fine, but the failover standby ASA gave the exact message you saw. I actually first noticed there was a problem when trying to upgrade to the latest ASA and ASDM versions.
Doing it via TFTP gave read-only errors, or no message at all but a failed copy, and doing it via ASDM just reported ‘error code 400′ which was fairly meaningless.
Running that fsck has fixed it, so glad to have found this post, thanks.
Joe
January 13th, 2010 at 11:00 am
4
Thanks Ben, Glad it helped! Take care