Dual Booting Windows 8 with Windows 7

KB ID 0000653

Problem

In the next couple of months Windows 8 will go RTM. For those of you with Technet, MSDNor Open Value subscriptions you can already get your hands on it. For anyone not wanting to take the ‘plunge’ and reinstall your OS, you can simply ‘Dual Boot’. Then you can get used to Windows 8 in your own good time. If you suddenly find you need Windows 7 simplify reboot and it will still be there.

Solution

Create a Partition for Windows 8

1. From within Windows 7 > Start > Right Click ‘Computer’ > Manage.

2. Launch Disk Management.

3. This machine has one large C: (System Drive). I’m going to ‘Shrink’ the volume that’s on it to free up room for a Windows 8 Partition, but first I’m going to rename it so we know what it is > Right click > Properties.

4. Call it ‘Windows 7’ > Apply > OK.

5. Now Right click > Shrink Volume.

6. Pick the amount to shrink the volume by, Note: Windows 8 needs 20 GB (Minimum) > Shrink.

7. Once complete, right click the newly created ‘free space’ > New Simple Volume.

8. Accept all the defaults and name the volume ‘Windows 8’.

9. Now we have a partition to install to.

Install Windows 8

10. Note: To install from DVD the computer MUST be set to boot from CD/DVD before it’s hard drive. This is set in the computers BIOS, how this is done varies from model to model.

11. Boot the machine and when prompted press any key to boot from DVD. Select your language options > Next.

12. Enter your Windows 8 unlock code > Next.

13. Accept the EULA > Next.

14. Select CUSTOM.

15. Now you can see why I named the partitions, select Windows 8 > Next.

16. Ignore this for now and let Windows 8 install.

17. It will run setup then reboot.

18. At this point Windows 8 will be the OS that boots by default, you will probably want it to be Windows 7 so select “Change defaults or choose other options”

19. Choose the default operating system.

Note: The ‘Change the timer’ Setting changes the seconds countdown shown at boot, as illustrated in step 27 below.

20. Set it to Windows 7 > Back.

21. Now Select Windows 8 to boot into that OS.

22. Run through the ‘Personalise’ steps.

23. I don’t want to login with a Microsoft account so I’m selecting “Sign in without a Microsoft account” > Next.

24. Local account.

25. Create an account to login with > Finish.

26. There’s Windows 8!

27. When you reboot you can now choose which OS you want to use.

Note: The seconds counter below is set to the default of 30 seconds.

28. If you select nothing Windows 7 will boot by default.

Related Articles, References, Credits, or External Links

Windows 8 Shortcuts

Windows 8 -“Windows cannot read the <ProductKey> setting from the unattend answer file.”

 

PIX 506E and 501 Firewall Image and PDM Upgrade

KB ID 0000065 

Problem

Note: PIX 515E and above, can still be upgraded to version 8.0(4) click here for details

Some people will wonder why I’m bothering to write this up, but the truth is, there are LOADS of older PIX firewalls out there in the wild, and all the PIX 501’s and 506E’s that are being retired from corporate use are being bought on ebay, or being put on IT departments test benches. This page deals with PIX version 6 if you are upgrading to version 7 or above,then you need to be on a PIX 515E (or a 525/535) and DO NOT follow these instructions, CLICK HERE. The “Smaller” PIX firewalls (501 and 506E) can only be upgraded to version 6.3(5) and the PDM can only be upgraded to 3.0(4).

Pre-Requisites

1. Before you do anything you will need a TFTP server and have it set up accordingly, for instructions CLICK HERE.

2. I suggest you backup your firewall configuration also, for instructions CLICK HERE.

3. You need to be able to get the Image and PDM versions from Cisco, you will need a valid support contract to be eligible for updates.

4. You will need a CCO Login to the Cisco Site (this is free to set up.

Solution

1. First things first; lets download the software you need CLICK HERE

2. Log in with your CCO username and password

Remember a CCO login is free of charge and simple to set up but to download software you need a valid Cisco contract or SmartNet.

3. For this example I’m upgrading a PIX 501 so I’m going to need a system image and a PDM file.

4. Download the files above and put then in your TFTP server root directory, then start your TFTP Server.

5. Log into your PIX firewall via the console cable, Telnet, or SSH, then enter enable mode, supply the firewall with the enable password. [box]

User Access Verification

Password:
Type help or '?' for a list of available commands.

Pix> enable

Password: ********

Pix#

[/box]

6. Now you need to copy in the new system file you do this with a “Copy tftp flash” command NOTE you can use copy tftp flash:image but it defaults to that anyway 🙂

[box]Pix# copy tftp flash[/box]

7. You will need to give it the IP address of your TFTP server and the name of the image file to copy over.

[box]

Address or name of remote host [0.0.0.0]? 10.254.254.51
Source file name [cdisk]? pix635.bin
copying tftp://10.254.254.51/pix635.bin to flash:image

[/box]

8. You will be asked to confirm, do so by typing yes and pressing enter, the file will then upload and the old image file will be erased from the firewalls memory.

[box]

[yes|no|again]? yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!
Received 2101248 bytes
Erasing current image
Writing 1978424 bytes of image
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Image installed
Pix#

[/box]

9. The quickest way to load the new image into memory is to restart the firewall do this with a reload command, then press enter to confirm.

[box]

Pix# reload
Proceed with reload? [confirm]

[/box]

10 After the firewall has restarted log in, enter enable mode and issue a “show version” command, and you will see the new version displayed.

[box]

User Access Verification

Type help or '?' for a list of available commands. 
Pix> enable
Password: ******** 
Pix# show version

Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(2)

{{{rest of output omitted}}}}

[/box]

Upgrade Procedure Step 2 PDM Image

1. The procedure for upgrading the PDM is almost identical, again have the new PDM image on your TFTP server’s root directory, and the TFTP server running. Log into your PIX firewall via the console cable, Telnet or SSH, then enter enable mode, and then supply the firewall with the enable password.

[box]

User Access Verification
Password:
Type help or '?' for a list of available commands.
Pix> enable
Password: ********
Pix#

[/box]

2. This time the command is copy tftp flash:pdm

[box]Pix# copy tftp flash:pdm[/box]

3. You will need to give it the IP address of your TFTP server and the name of the file to copy over.

[box]

Address or name of remote host [0.0.0.0]? 10.254.254.51
Source file name [cdisk]? pdm-304.bin
copying tftp://10.254.254.51/pdm-304.bin to flash:pdm

[/box]

4. You will be asked to confirm, do so by typing yes and pressing enter, the file will then upload and the old pdm file will be erased from the firewalls memory.

[box]

[yes|no|again]? yes
Erasing current PDM file
Writing new PDM file
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
PDM file installed.
Pix#

[/box]

5. Unlike an Image file a PDM upgrade does not require a reboot you can check its worked straight away by issuing a show version command.

[box]

Pix# show version 
Cisco PIX Firewall Version 6.3(5) Cisco PIX Device Manager Version 3.0(4)

{{{rest of output omitted}}}}
[/box]

6. View of both files being copied out from your TFTP Server.

7. All done! – Time for a coffee – just make sure everything is up and working.

Related Articles, References, Credits, or External Links

NA

Update Cisco ASA – Directly from Cisco (via ASDM)

KB ID 0000636 

Problem

Warning:

Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERYIMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA – Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH

Its been a while since I wrote how to update the ASA by command line, and how to update the ASA from the ASDM. Now you can update the ASA directly from Cisco, providing you have a valid cisco CCO account.

Solution

1. Connect to the the ASDM on the ASA > Tools > Check for ASA/ASDM Updates.

2. Supply your Cisco CCO account information.

3. Next.

4. Decide if you want to update the OS of the ASA or the ASDM, or both.

5. Next.

6. The software will download. (The OS is downloading here), Note: it will get downloaded to the machine that the ASDM is running on first.

7. Then the ASDM software will download.

8. You may find that there is not enough room in flash memory, if so you will see this error. (if it does not error skip to step 11).

9. If you are stuck for room you can delete some items from your flash memory > Tools > File Management.

10. Here you can see I’m deleting and old version of the ASDM. Note you could delete the live version of the ASDM and Operating system if you had no choice (THOUGH DONT REBOOT THE FIREWALL until the new ones have uploaded, or you will be loading the files in in ROMMON mode!)

11. Once all the files have been downloaded to your location, they will be uploaded to the firewalls flash memory.

12. Next.

13. Finish.

Note: What happens now is the following commands are issued in the background automatically; (Note the versions numbers may be different in your case).

[box]

asdm image disk0:/asdm-649.bin
no boot system disk0:/asa843-k8.bin
boot system disk0:/asa844-1-k8.bin
boot system disk0:/asa843-k8.bin

[/box]

14. After the firewall reboots, it should come back up with the new OS and ASDM version.

Related Articles, References, Credits, or External Links

Cisco ASA5500 Update System and ASDM (From CLI)

Cisco ASA5500 Update System and ASDM (From ASDM)

Cisco ASA 5500 Active/Standby – Zero Downtime Upgrade

KB ID 0000733

Problem

You have two ASA firewalls deployed in Active/Standby failover configuration, and need to upgrade either the operating system or the ASDM. As you already have a high availability solution you do not want any downtime.

Before we start, we need to make sure we know the difference between primary, secondary, active and standby.

From the rear (Active=Green, Standby=Amber)

The Primary and Secondary firewalls are physical firewalls, the primary will always be the primary, and the secondary will always be the secondary. (Unless you manually change the configuration to force things otherwise!).

The Active firewall will be the firewall that’s passing traffic and in operation, and the Standby firewall is sat waiting to take over, each physical firewall can be either active or standby.

Solution

To get updates from Cisco you need to have a valid support agreement for your firewalls and a Cisco CCO account to log in with. (download link)

In this example, I’m going to upgrade both the firewalls from 8.4(5) to 9.1(1), and the ASDM from version 7.1(1) to 7.1(1)-52. When we start, the primary firewall is the active firewall.

In the past I’ve upgraded from 8.2(5) to 8.4(5), and (here) 8.4(5) to 9.1(1). I’ve never had a problem HOWEVER, DO NOT ATTEMPT an upgrade until you have a good backup of the config.

Backup and Restore a Cisco Firewall

1. First you need to upload the software to the flash memory on BOTH firewalls, you can either connect to the ASA via command line and TFTP them there, or connect to the ASDM and upload them from your PC/Laptop. If you have an AnyConnect XML profile take a backup of that also (I’ve seen them disappear).

Install and Use a TFTP Server

Upload via Command Line

[box]

UPLOAD THE OPERATING SYSTEM

Petes-ASA> enable
Password:*********  
Petes-ASA#copy tftp flash 

Address or name of remote host []? 10.0.0.127

Source filename []? asa911-k8.bin

Destination filename [disk0]? asa911-k8.bin

Accessing tftp://10.1.0.127/asa911-k8.bin.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
Writing file disk0:asa911-k8.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!! 

<<<<Removed lots for the sake of Space>>>> 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

27260928 bytes copied in 49.250 secs (556345 bytes/sec)

UPLOAD THE ASDM SOFTWARE

Petes-ASA#copy tftp flash 

Address or name of remote host []? 10.0.0.127

Source filename []? asdm-711-52.bin

Destination filename [disk0]? asdm-711-52.bin

Accessing tftp://10.1.0.127/asdm-711-52.bin.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>> 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
Writing file disk0:asdm-711-52.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!! 

<<<<Removed lots for the sake of Space>>>> 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 

17790720 bytes copied in 32.200 secs (555960 bytes/sec)

[/box] Upload via ASDM Connect to the ASDM > Tools > File Management > File Transfer > Between Local PC and Flash > Navigate to the file(s) on your local machine > Upload.

REMEMBER TO DO THIS FOR BOTH FIREWALLS! Note: You can copy the file to the standby firewall’s flash memory, from the primary firewall, using the following syntax (though I usually just swap the console cable over!).

[box]

Petes-ASA(config)# failover exec mate copy tftp://10.0.0.115/asa911-k8.bin disk0:/asa911-k8.bin

[/box]

2. On the Primary Active Firewall, set the new OS as the default, below I check to see what file the ASA will boot from, then I change it to the new one, finally I remove the link to the old file. You don’t need to carry out the last step, but I like to leave things tidy.

[box]

Petes-ASA# show running-config boot system
boot system disk0:/asa845-k8.bin
Petes-ASA# configure terminal
Petes-ASA(config)# boot system disk0:/asa911-k8.bin
Petes-ASA(config)# no boot system disk0:/asa845-k8.bin
Petes-ASA# show running-config boot system
boot system disk0:/asa911-k8.bin

[/box]

3. If you are also upgrading the ASDM, you need to set the new one as the default image.

[box]

Petes-ASA(config)# asdm image disk0:/asdm-711-52.bin
Petes-ASA(config)# show run asdm image
asdm image disk0:/asdm-711-52.bin
no asdm history enable

[/box]

4. Save the changes.

[box]

Petes-ASA(config)# write mem 

Building configuration...

Cryptochecksum: e150e036 036082e0 6d054a3d 1c7fd9fa

16257 bytes copied in 3.350 secs (5419 bytes/sec) [OK]

[/box]

5. Whilst still on the primary active firewall, you need to reboot the secondary standby firewall with the following command:

[box]

Petes-ASA(config)# failover reload-standby
YOU MAY SEE A WARNING LIKE THE FOLLOWING - THIS IS OK

************WARNING****WARNING****WARNING******************************** 
Mate version 9.1(1) is not identical with ours 8.4(5) 
************WARNING****WARNING****WARNING******************************** 
Beginning configuration replication: Sending to mate. End Configuration Replication to mate
Petes-ASA(config)#

[/box]

6. This may take a little while, remember it has to reboot, and depending on the version you are upgrading to, may need to change some of the config i.e. in this case of upgrading pasr 8.3 (and newer) all the NAT rules need to be changed. You can check to see if it’s back online by issuing a ‘show failover command (whilst still on the primary firewall). You will know when the secondary firewall is up and ready as you will see ‘Secondary – Standby Ready’.

Note: If you can see the status lights on the standby firewall watch for them to be green,green,amber,green,off (ASA5510).

Warning: Due to the limitations of HTML, your output will be formatted a little differently, you will see the output displayed like this, but the text is the same.

[box]

Petes-ASA(config)# show failover

Failover On Failover unit Primary Failover LAN Interface: 
failover Management0/0 (up) 
Unit Poll frequency 1 seconds, 
holdtime 3 seconds 
Interface Poll frequency 3 seconds, 
holdtime 15 seconds 
Interface Policy 1 
Monitored Interfaces 3 of 110 maximum 
Version: Ours 8.4(5), Mate 9.1(1) 
Last Failover at: 13:25:54 GMT/BST Dec 6 2012 
This host: Primary - Active Active time: 350 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.4(5)) status (Up Sys) 
Interface outside (123.123.123.123): Normal (Monitored) 
Interface inside (10.0.0.254): Normal (Monitored) 
Interface backup (234.234.234.235): Normal (Monitored) 
slot 1: ASA-SSM-10 hw/sw rev (1.0/CSC SSM 6.2.1599.0) status (Up/Up) 
Logging port IP: 10.0.0.252/24 CSC SSM, 6.2.1599.0, Up 
Other host: Secondary - Standby Ready <<<<<< Here we go! 
Active time: 326 (sec) slot 0: ASA5510 hw/sw rev (2.0/9.1(1)) status (Up Sys) 
Interface outside (123.123.123.124): Normal (Monitored) 
Interface inside (10.0.0.249): Normal (Monitored) 
Interface backup (234.234.234.234): Normal (Monitored) 
slot 1: ASA-SSM-10 hw/sw rev (1.0/CSC SSM 6.3.1172.0) status (Up/Up)

Logging port IP: 10.0.0.248/24
CSC SSM, 6.3.1172.0, Up
Stateful Failover Logical Update Statistics 
Link : failover Management0/0 (up) 
Stateful Obj xmit xerr rcv rerr 
General 1709 0 491 49 
sys cmd 58 0 58 0 
up time 0 0 0 0 
RPC services 0 0 0 0 
TCP conn 896 0 244 48 
UDP conn 280 0 45 1 
ARP tbl 474 0 141 0 
Xlate_Timeout 0 0 0 0 
IPv6 ND tbl 0 0 0 0 
VPN IKEv1 SA 0 0 1 0 
VPN IKEv1 P2 1 0 1 0 
VPN IKEv2 SA 0 0 0 0 
VPN IKEv2 P2 0 0 0 0 
VPN CTCP upd 0 0 0 0 
VPN SDI upd 0 0 0 0 
VPN DHCP upd 0 0 0 0 
SIP Session 0 0 0 0 
Route Session 0 0 0 0

User-Identity 0 0 1 0
Logical Update Queue Information Cur Max Total Recv Q: 0 24 2101 Xmit Q: 0 1 2311
Petes-ASA(config)#

[/box]

7. Now you need to force a failover to the secondary firewall, (again do this on the primary active firewall).

[box]

Petes-ASA(config)# no failover active
Petes-ASA(config)#
Switching to Standby

[/box]

8. Now reboot the primary firewall and that should boot to its new operating system.

[box]

Petes-ASA(config)# reload
Proceed with reload? [confirm] {Enter}
[/box]

9. Once complete, log back in and you can make the primary firewall active once more.

[box]

Petes-ASA>

Detected an Active mate Beginning configuration replication from mate.

Petes-ASA> 

End configuration replication from mate. 
Petes-ASA> en 
Password:********* 
Petes-ASA# configure terminal 
**** WARNING **** Configuration Replication is NOT performed from Standby unit to Active unit. Configurations are no longer synchronized. 

Petes-ASA(config)# failover active  

Switching to Active

[/box]

Related Articles, References, Credits, or External Links

Deploy Cisco ASA 55xx in Active / Standby Failover

Cisco ASA5500 Update System and ASDM (From CLI)