CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: After R80.10 upgrade, IA blade seems nonfunctional

  1. #1
    Join Date
    2013-05-06
    Posts
    24
    Rep Power
    0

    Default After R80.10 upgrade, IA blade seems nonfunctional

    Hey all,

    I recently upgraded an environment to R80.10. No issues during the upgrade and traffic seems to be passing normally. However, I observed in the logs that we are no longer getting identities. In SmartConsole, I regularly see the warning that one or more DCs has lost connection to the gateways and "adlog a dc" shows them going up and down in terms on connection. However even when connected I get 0 events. I thought to try reconfiguring it, but when running through the IA wizard on the gateway object, I get "Smart Dashboard could not connect to <domain controller IP address> - The domain name was not found on the domain controller." However, as far as I can see the DC matches the active directory domain configured in the IA.

    test_ad_connectivity returns the following output"
    Status (SUCCESS_LDAP)
    err_msg ("ADLOG_ERROR_INTERNAL;LDAP_SUCCESS")
    ldap_status: (LDAP_SUCCESS)
    wmi_status (ADLOG_ERROR_INTERNAL)
    Last edited by jcstefansson; 2018-02-01 at 09:25.

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,622
    Rep Power
    9

    Default Re: After R80.10 upgrade, IA blade seems nonfunctional

    Quote Originally Posted by jcstefansson View Post
    Hey all,

    I recently upgraded an environment to R80.10. No issues during the upgrade and traffic seems to be passing normally. However, I observed in the logs that we are no longer getting identities. In SmartConsole, I regularly see the warning that one or more DCs has lost connection to the gateways and "adlog a dc" shows them going up and down in terms on connection. However even when connected I get 0 events. I thought to try reconfiguring it, but when running through the IA wizard on the gateway object, I get "Smart Dashboard could not connect to <domain controller IP address> - The domain name was not found on the domain controller." However, as far as I can see the DC matches the active directory domain configured in the IA.

    test_ad_connectivity returns the following output"
    Status (SUCCESS_LDAP)
    err_msg ("ADLOG_ERROR_INTERNAL;LDAP_SUCCESS")
    ldap_status: (LDAP_SUCCESS)
    wmi_status (ADLOG_ERROR_INTERNAL)
    I
    Hmm looks like maybe wmi failed but maybe LDAP worked? Have you tried taking a packet capture to see if that shows something interesting?

    Maybe debugging pepd / prod (always forget which one. Thinking pep) would be helpful as well

    Oh what about event viewer on the dc in question?

  3. #3
    Join Date
    2013-05-06
    Posts
    24
    Rep Power
    0

    Default Re: After R80.10 upgrade, IA blade seems nonfunctional

    After examination, we determined that WMI had broken on the DC's and that was the problem. We replaced it with IDC and that worked.

Similar Threads

  1. IPS Blade Crashes Since R71 Upgrade
    By kaydo in forum IPS Blade (Formerly SmartDefense)
    Replies: 11
    Last Post: 2011-12-06, 11:00
  2. Connectra R66 to Mobile Access Blade upgrade.
    By angelofsa in forum Mobile Access Blade (Formerly Connectra)
    Replies: 0
    Last Post: 2011-04-10, 17:26
  3. IPS blade in R7x
    By banduraj in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2011-01-12, 17:51
  4. Record in Blade Price for DLP Blade $12000 ~ $12.500 SG401 Container
    By serlud in forum Data Loss Prevention Blade (DLP))
    Replies: 6
    Last Post: 2010-04-20, 19:00
  5. Mixing blade/non blade licensing?
    By ChadB in forum Licensing
    Replies: 2
    Last Post: 2010-04-06, 11:36

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •