Screen OS

Hi folks,

I upgraded ScreenOS 6.3.0r17.0 to 6.3.0r19.0.

However, the device still has "6.3.0r17.0".

So, I figured out that I should upgrade imagekey and Bootloader first.

The issue appeared at this time...!

********Invalid DSA signature

********Bogus image - not authenticated

[More specifically below..]

Juniper Networks ISG Series BootROM V1.1.1 (Checksum: 88D32336)
Copyright (c) 1997-2008 Juniper Networks, Inc.

Total physical memory: 1024MB
Test - Pass
Initialization........ Done

Hit key 'X' and 'A' sequentially to update OS Loader....

Loading OS Loader from on-board flash memory... +++
Done!

********Invalid DSA signature

********Bogus image - not authenticated

Serial Number [0133122008000291]: READ ONLY
BOM Version [E07]: READ ONLY
Self MAC Address [0022-83a3-cb80]: READ ONLY
OS Loader File Name [imagekey.cer]: imagekey.cer
Self IP Address [192.168.1.1]: 192.168.1.1
TFTP IP Address [192.168.1.250]: 192.168.1.250
Ip Address Mask [255]: 255.255.255.0
Default Gateway IP [0]: 192.168.1.250

Loading file "imagekey.cer"...
r!r!r!r!r!r!r!r!r

The point is red sentence I indicated.

No matter how I typed it Load1000v103.d(you know, it is Bootloader), imagekey.cer(I was definitely new imagekey)

and I also tried to downgrade "6.3.0r17.0" version.

I tried all I know idea, but occansionally this was failed.

I am very worried about it. actually I must be handing out it to my customer;

Plus, what is the meaning of "r!r!r!r!r!r!r!r!r!r!r!r!"???

I hope anyone of you have any suggestion what I can try now.

Regards,

Hello,

Both bootloader & OS are signed by image key.

So what you can do is:

1) Delete the image key:

delete crypto auth-key

2) Upgrade the bootloader

3) Upgrade the OS

4) Install the image key.

Regards,

Rushi

Thank you for reply rtilak.

Like you told, actually I can't enter CLI mode..

That is, I can't type "delete crypto auth-key"..

What can I do...

Hello,

Can you use following link to downgrade the OS?

http://kb.juniper.net/InfoCenter/index?page=content&id=KB5519&actp=search

Note:- While device boots up, you have to take action as per the KB when following message appears.

Hit any key to run loader

Regards,

Rushi

Sure, I followed following link.

but as I wrote down..

Juniper Networks ISG Series BootROM V1.1.1 (Checksum: 88D32336)
Copyright (c) 1997-2008 Juniper Networks, Inc.

Total physical memory: 1024MB
Test - Pass
Initialization........ Done

Hit key 'X' and 'A' sequentially to update OS Loader....

Loading OS Loader from on-board flash memory... +++
Done!

********Invalid DSA signature

********Bogus image - not authenticated

Serial Number [0133122008000291]: READ ONLY
BOM Version [E07]: READ ONLY
Self MAC Address [0022-83a3-cb80]: READ ONLY
OS Loader File Name [imagekey.cer]: imagekey.cer
Self IP Address [192.168.1.1]: 192.168.1.1
TFTP IP Address [192.168.1.250]: 192.168.1.250
Ip Address Mask [255]: 255.255.255.0
Default Gateway IP [0]: 192.168.1.250

Loading file "imagekey.cer"...
r!r!r!r!r!r!r!r!r

As you can see the loading text, 

when appearing this sentence ; Hit key 'X' and 'A' sequentially to update OS Loader.... , I hit key 'X' or 'A' , both of them..

Maybe I think it should be repaired previously status.!

It is absurd if it is not fixed...ㅠ_ㅠ

Regards,

Similar issue, Cannot bind image.cer file as cannot enter CLI mode.

did you find any solution? please post here.

********Invalid DSA signature

********Bogus image - not authenticated

When in this mode the kb article referenced above is pretty much the only option.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB5519

you hit the enter key during this prompt

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader < Press the 'Enter' key at this point

Then follow the steps in kb from there.  You do need a TFTP server on your laptop and this connected to the device with the files for the process installed