Category: System service problem
Context: Initial configuration deployment
The FMOS initial configuration deployment process was unsuccessful. The machine is not correctly configured.
The FMOS initial configuration deployment process is responsible for configuring FMOS, the Security Intelligence Platform software suite, and third-party software on all machines running FMOS. This process uses Ansible to apply a configuration policy, which ensures that the configuration is correct for all managed software. This process runs automatically when an FMOS machine is booted for the first time, and each time the machine reboots following a system update.
This error message appears when the initial configuration deployment process encountered an error and was unable to properly configure the system.
Until FMOS configuration policy is applied, some functionality of the system may not be fully usable. This could include operating system services or SIP applications. The problem that caused the initial deployment to fail needs to be resolved so that the configuration policy can apply successfully.
The most common cause for initial deployment errors is a problem with the FMOS System Configuration File. There may be a syntax error or invalid data in the file that FMOS cannot handle automatically. The fmos config --edit command, which was used to modify the System Configuration File in FMOS 9.1 and earlier, did not fully validate the structure and content of the file. As a result, the System Configuration File could get into an invalid state fairly easily. These issues are not automatically corrected when upgrading to later versions, but the fmos config put and fmos config edit commands, available from FMOS 9.2, do provide additional validation to prevent future corruption.
To identify the specific cause of the initial deployment error, check the appropriate log file.
- FMOS 9.6 and later
- FMOS 9.5 and earlier
After identifying the root cause of the deployment error, take the necessary steps to address it. For example, if the problem is caused by an invalid entry in the System Configuration File, use the appropriate fmos config command to update the file and correct the issue. After the root cause has been addressed, use the fmos config apply (or fmos redeploy prior to FMOS 9.4). Once the configuration policy has been applied, reboot the machine to clear the warning from FMOS health results.
Even after the FMOS configuration policy has applied successfully, the Deployment Failed health check error will persist until the machine has been rebooted.