PDA

View Full Version : New 4600 - upgrade to R75.20 failed



iku899
2011-12-22, 13:12
Hello,
I have tried to upgrade brand new appliance 4600 from R75.10 to R75.20. There is no web upgrade package, only the file at "https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=12696". I tried to install it "patch add name_of_patch".
It looked promising:
- it checked md5sum
- it made image
- it upgraded OS
- during upgrading checkpoint product it failed and firewall returned to original state

Because I tried it on firewall in clean status it looks for me that there is a problem somewhere in the upgrade file. Bellow is the end of the file CPupgrade.elg. Is it possible that the problem is in the line where it says "cannot locate UnixInstallScript"?

Does anybody made upgrade to R75.2 successfully at new 2012 appliance (4600)?

Thank You
Ivan

========


Check Point SecurePlatform Splat package upgrade
------------------------------------------------------------

> Upgrading spwm_splat files
copying 4000 appliances images
> Setting file permissions
> Registering cpCOM components
> Registering CPWM Handlers
WARNING: SharedLibLoad(libCPRequestFactory.so): called from statically-linked code!

Please wait while rpm completes...

> (Upgrade) Unregistering CPWM Handlers according to old package
WARNING: SharedLibLoad(libCPRequestFactory.so): called from statically-linked code!
> (Upgrade) Unregistering cpCOM components according to old package

Please wait while rpm completes...

Info:CPsecplPtchMod:'install_rpms' function: spwm_splat-1-983000005.i386.rpm was successfully installed
Info: CPsecplPtchMod:'shell_cmd': Executing <rm -rf /sysimg/CPrpm>
Info: CPsecplPtchMod:'upgrade' function: Making directory /sysimg/CPwrapper
Info: CPsecplPtchMod:'shell_cmd': Executing <rm -rf /sysimg/CPwrapper>
Info: CPsecplPtchMod:'shell_cmd': Executing <mkdir -p /var/log/CPwrapper>
Info: CPsecplPtchMod:'shell_cmd': Executing <ln -s /var/log/CPwrapper/ /sysimg/CPwrapper>
Info:CPsecplPtchMod:'get_key_value' function: Request Key:SP Return Value:R75.20
Info: CPsecplPtchMod:'shell_cmd': Executing <cp -rf /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/wrappers/ /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/linux/ /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/UnixInstallScript /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/IntUnixInstallScript .>
cp: cannot stat `/sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/wrappers/': No such file or directory
cp: cannot stat `/sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/UnixInstallScript': No such file or directory
cp: cannot stat `/sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/IntUnixInstallScript': No such file or directory
Info: CPsecplPtchMod:'shell_cmd': Execution Failed.
Note: CPsecplPtchMod:'upgrade' function: Did not copied all wrapper files into CPwrapper. This is a normal behavior during Provider upgrade
Info: CPsecplPtchMod:'upgrade': Updating boot menu ..
Running /sbin/grub-menu-update 'SecurePlatform R75.20' '/dev/mapper/vg_splat-lv_current' fcd > /tmp/grub.conf
Info: CPsecplPtchMod:'shell_cmd': Executing <mv /tmp/grub.conf /boot/grub/>
Info: CPsecplPtchMod:'upgrade': DONE.
Info: CPsecplPtchMod:'upgrade': Local installation detected: Calling CP wrapper ..
Info: CPsecplPtchMod:'upgrade': Seting wrapper status <export LD_LIBRARY_PATH=/lib; . /opt/CPshared/5.0/tmp/.CPprofile.sh ; cpprod_util CPPROD_SetValue "Check Point Product Suite" "WRAPPER_EXIT_STATUS" 1 1 1>
Error:CPsecplPtchMod:'upgrade':Cannot locate UnixInstallScript file
Info: CPsecplPtchMod:'cleanall' function: Current dir is: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz
Info: CPsecplPtchMod:'shell_cmd': Executing <cp -f /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/image.wrapper /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/>
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/CPsecplPtchMod has been removed.
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/CPsecplPtchMod.exe has been removed.
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/installme.sh has been removed.
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/stam.tgz has been removed.
Info: CPsecplPtchMod:'shell_cmd': Executing <rm -rf /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts/*>
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/scripts has been removed.
Info: CPsecplPtchMod:'shell_cmd': Executing <rm -rf /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/RPMS/*>
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/RPMS has been removed.
Info: CPsecplPtchMod:'shell_cmd': Executing <rm -rf /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/SU/*>
Info:CPsecplPtchMod:'cleanup' function: /sysimg/CPpatches/splatform_upg_flow_toxotai_cd.gz/SU has been removed.
Info: CPsecplPtchMod:'shell_cmd': Executing <rm -rf /var/log/cdrom/*>
Error:CPsecplPtchMod:'cleanup' function: cannot delete /var/log/cdrom:No such file or directory

auroranl
2011-12-28, 03:44
Hi,

I hit the same bump with a new cluster of 12400 appliances. Turned out I had to hook them to a Smartcenter first and push the licenses. Only then could I run the upgrade succesfully. It used to just give you a warning, maybe the tightened the requirements of having a valid license and support.

Also note the seperate appliances.C file that you can install on your Smartcenter so you can select the new applaiance range in the firewall object itself.

Good luck,
auroranl

serlud
2011-12-28, 04:20
Hi,

I hit the same bump with a new cluster of 12400 appliances. Turned out I had to hook them to a Smartcenter first and push the licenses. Only then could I run the upgrade succesfully. It used to just give you a warning, maybe the tightened the requirements of having a valid license and support.

Also note the seperate appliances.C file that you can install on your Smartcenter so you can select the new applaiance range in the firewall object itself.

Good luck,
auroranl

Yes, it seems to be a lic problem, you have to install normal one (not trial) : (R75.20 Upgrade package for Check Point 2200 and 4000 Appliances)
Instructions:
NOTE* upgrade can not be applied using the 15 days trial license

PhoneBoy
2011-12-28, 18:54
Actually you can upgrade to R75.20 with an eval license, just not the built-in 15-day eval. This also applies for upgrading to any release after R75 GA.

iku899
2011-12-29, 09:09
The upgrade I tried was with ordinary license and contract. I will wait for R75.30 if it helps. Still don't know what can be wrong in brand new appliance.

I would really appreciate if there is anybody who upgrade 4600 to R75.20 succesfully.

Best regards
Ivan

PhoneBoy
2011-12-29, 13:51
I know I recently upgraded a 21400 using WebUI and the package on User Center. I assume it would work the same way on the 4600.

In any case, it turns out one cannot upgrade past R75 GA using the built-in plug-and-play license without first establishing SIC. This is now documented in sk66302 (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk66302&js_peid=P-114a7bc3b09-10006&partition=General&product=2012) and is planned to be addressed post R75.30.

iku899
2011-12-29, 14:46
I know I recently upgraded a 21400 using WebUI and the package on User Center. I assume it would work the same way on the 4600.


There is a difference. As far as I know you cannot upgrade 4600 through webui.

iku899
2012-01-25, 03:08
It's solved finally. If you download upgrade package with chrome browser the file has extension ".gz" instead ".tgz". The checksum is the same in both cases. I renamed the file to proper name and I was able to do normal upgrade through webui.

jonta
2012-02-14, 16:11
It's solved finally. If you download upgrade package with chrome browser the file has extension ".gz" instead ".tgz". The checksum is the same in both cases. I renamed the file to proper name and I was able to do normal upgrade through webui.

Thanks! I was looking everywhere why this did not work. The filename of the upgrade file seemed a bit odd aswell. But now when you mentioned it i noticed that it said .tgz on the download page but the file i got down with chrome was .gz.
Too bad i did not find this earlier, i just did a factory default on it again and the box is at work where i was planning to start over again tomorrow.

Flixis
2012-02-27, 16:33
"patch add /full/path/to/file" did not work.
Using the web update, the system would take the patch, during bootup... fail and revert.
I *think* the system keeps a summary of the device, and if post patch summary doesn't match, it reverts.
Here is my process that has worked consistently (14 fails (in a row), 4 successes (in a row)...so far):

Interrupt the boot process to load the R75.10 factory default image.
Configure networking and license the device.
Setup Checkpoint ("sysconfig" distributed/stand alone, etc)
upload the patch, do not "Start Upgrade"
reboot !!!!! <-- important!!!!
relogin
"Start Upgrade"
Confirm MD5
Wait for reboot, and close the browser and all tabs (the version label is cached)
restart browser and relogin.

I have not tested Smart Update..yet.