CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Page 1 of 2 12 LastLast
Results 1 to 20 of 25

Thread: unable to connect to server

  1. #1
    Join Date
    2014-11-23
    Posts
    33
    Rep Power
    0

    Default unable to connect to server

    I wonder if anyone could help me

    I have recently tried to upgrade a primary management server from R77.20 to GAIA 88.10
    The upgrade went OK and I imported the database using "migrate import" with no errors.
    However if I try to open smart console R88.10 I get the message "unable to connect to server"
    I have run the following commands:

    [Expert@FWMANAGE01:0]# cd $MDS_FWDIR
    [Expert@FWMANAGE01:0]# cd scripts
    [Expert@FWMANAGE01:0]# ./cpm_status.sh
    Check Point Security Management Server is during initialization

    [Expert@FWMANAGE01:0]# ./server_status.sh Checking server status. Please wait...
    Enabling local sic. Setting cp.ssl_local.certificate.check=local
    Server is up - but not ready to receive connections (fwm might be down or busy) [Expert@FWMANAGE01:0]#

    (I'm also not able to use clish, but this may be an unrelated issue - I get the message CLINFR0479 You can't start interactive session from another interactive session)

    many thanks

  2. #2
    Join Date
    2014-11-23
    Posts
    33
    Rep Power
    0

    Default Re: unable to connect to server

    just to add I get the following error when I do "fw debug fwm on"

    [Expert@FWMANAGE01:0]# [Expert@FWMANAGE01:0]# fw debug fwm on
    bash: [Expert@FWMANAGE01:0]#: command not found
    [Expert@FWMANAGE01:0]# Cannot signal process fwm (17282), make sure the process is running.: No such process

  3. #3
    Join Date
    2017-11-01
    Posts
    37
    Rep Power
    0

    Default Re: unable to connect to server

    Have you downloaded and installed latest Jumbo HF? along with any other relevant recommended downloads for your server?

    This has prevented me logging in before

  4. #4
    Join Date
    2014-11-23
    Posts
    33
    Rep Power
    0

    Default Re: unable to connect to server

    thanks for your reply. Yes I've downloaded them but no luck unfortunately

  5. #5
    Join Date
    2006-09-26
    Posts
    3,154
    Rep Power
    16

    Default Re: unable to connect to server

    Quote Originally Posted by PeterSmith78 View Post
    thanks for your reply. Yes I've downloaded them but no luck unfortunately
    Is it related to the certificate expiration that was well documented with checkpoint?

  6. #6
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: unable to connect to server

    Quote Originally Posted by cciesec2006 View Post
    Is it related to the certificate expiration that was well documented with checkpoint?
    That only effected new installs of R77 after jan 24 2018 from reading SK22612.

  7. #7
    Join Date
    2014-11-23
    Posts
    33
    Rep Power
    0

    Default Re: unable to connect to server

    Thanks for replies

    I've run cpca_client lscert and there are a couple of hundred expired certificates for users (which are all obsolete). I did to a search for SK22612 but can't seem to find it.
    I would have though that the R88.10 pre-upgrade verifier should have picked up if expired certificates were an issue but perhaps it doesn't check for these...

  8. #8
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: unable to connect to server

    I have the same issue after upgrading from R77.30. My problem is described here: sk119732 and sk115599, but I don't have an access to read solution.
    Anybody can help?
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  9. #9
    Join Date
    2006-09-26
    Posts
    3,154
    Rep Power
    16

    Default Re: unable to connect to server

    Quote Originally Posted by PeterSmith78 View Post
    Thanks for replies

    I've run cpca_client lscert and there are a couple of hundred expired certificates for users (which are all obsolete). I did to a search for SK22612 but can't seem to find it.
    I would have though that the R88.10 pre-upgrade verifier should have picked up if expired certificates were an issue but perhaps it doesn't check for these...
    It is checkpoint, do you expect more?

    I am still having issues with upgrading from Provider-1 R77.30 to R80.10 and after a few months, I simply gave up :-(

  10. #10
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: unable to connect to server

    Quote Originally Posted by Serge17 View Post
    I have the same issue after upgrading from R77.30. My problem is described here: sk119732 and sk115599, but I don't have an access to read solution.
    Anybody can help?
    Anybody installed R80.10 on CP 4200 firewall such as firewall and management server?
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  11. #11
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    250
    Rep Power
    12

    Default Re: unable to connect to server

    This is maybe a silly question, but did you go through the web UI setup wizard (or equivalent) before running the 'migrate import'?

    What does 'cpwd_admin list' return?
    Zimmie

  12. #12
    Join Date
    2017-10-17
    Posts
    1
    Rep Power
    0

    Default Re: unable to connect to server

    Hi Peter,

    My name is Eran and I'm a manager in the R&D of CheckPoint, responsible for the core of the Management Server.
    First, I would like to say that I'm sorry for the issue you're experiencing and I will do whatever I can to assist you and others who run into the same issue.

    The possible explanations for such login issue could be either:
    1. CPM is down.
    2. CPM is up but didn't really load properly.
    3. CPM is up but FWM is down.
    4. CPM and FWM are both up but for some reason fail to handle the login request properly.


    According to the server_status.sh script, it seems the CPM process is up but still login fails, so we eliminate #1.
    To be able to proceed with some tips or guidelines, I would appreciate it if you could say whether your machine is a SmartCenter or a Multi Domain Server.

    Thanks,
    Eran

  13. #13
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: unable to connect to server

    Quote Originally Posted by Serge17 View Post
    Anybody installed R80.10 on CP 4200 firewall such as firewall and management server?
    The 4200 appliance does not support StandAlone deployment at all.
    https://supportcenter.checkpoint.com...=&fileid=54509
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  14. #14
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: unable to connect to server

    Quote Originally Posted by Serge17 View Post
    The 4200 appliance does not support StandAlone deployment at all.
    https://supportcenter.checkpoint.com...=&fileid=54509
    Yeah so upgrade the ram to 8 gig.
    </shifteyes>

  15. #15
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: unable to connect to server

    Quote Originally Posted by jflemingeds View Post
    Yeah so upgrade the ram to 8 gig.
    </shifteyes>
    I can't check Management server in initial configuration. So think that upgrade RAM will not help...
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  16. #16
    Join Date
    2006-09-26
    Posts
    3,154
    Rep Power
    16

    Default Re: unable to connect to server

    Quote Originally Posted by Serge17 View Post
    I can't check Management server in initial configuration. So think that upgrade RAM will not help...
    What do you mean you can't in initial configuration? You should be able to have access to the CLI even in the initial configuration right?

    In expert mode: cat /proc/meminfo

    [Expert@CP-NG:0]# fw ver
    This is Check Point's software version R80.10 - Build 027
    [Expert@CP-NG:0]# cat /proc/meminfo
    MemTotal: 12153532 kB
    RawMemTotal: 0 kB
    MemFree: 5608396 kB
    Buffers: 290028 kB
    Cached: 2358536 kB
    SwapCached: 0 kB
    Active: 3211004 kB
    Inactive: 1261464 kB
    HighTotal: 0 kB
    HighFree: 0 kB
    LowTotal: 12153532 kB
    LowFree: 5608396 kB
    SwapTotal: 26764280 kB
    SwapFree: 26764280 kB
    Dirty: 3036 kB
    Writeback: 0 kB
    AnonPages: 1821768 kB
    Mapped: 157788 kB
    Slab: 423788 kB
    PageTables: 9052 kB
    NFS_Unstable: 0 kB
    Bounce: 0 kB
    CommitLimit: 32841044 kB
    Committed_AS: 3638664 kB
    VmallocTotal: 34359738367 kB
    VmallocUsed: 1636012 kB
    VmallocChunk: 34358056483 kB
    HugePages_Total: 0
    HugePages_Free: 0
    HugePages_Rsvd: 0
    Hugepagesize: 2048 kB
    [Expert@CP-NG:0]#

  17. #17
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: unable to connect to server

    Quote Originally Posted by cciesec2006 View Post
    What do you mean you can't in initial configuration? You should be able to have access to the CLI even in the initial configuration right?

    In expert mode: cat /proc/meminfo

    [Expert@CP-NG:0]# fw ver
    This is Check Point's software version R80.10 - Build 027
    [Expert@CP-NG:0]# cat /proc/meminfo
    MemTotal: 12153532 kB
    RawMemTotal: 0 kB
    MemFree: 5608396 kB
    Buffers: 290028 kB
    Cached: 2358536 kB
    SwapCached: 0 kB
    Active: 3211004 kB
    Inactive: 1261464 kB
    HighTotal: 0 kB
    HighFree: 0 kB
    LowTotal: 12153532 kB
    LowFree: 5608396 kB
    SwapTotal: 26764280 kB
    SwapFree: 26764280 kB
    Dirty: 3036 kB
    Writeback: 0 kB
    AnonPages: 1821768 kB
    Mapped: 157788 kB
    Slab: 423788 kB
    PageTables: 9052 kB
    NFS_Unstable: 0 kB
    Bounce: 0 kB
    CommitLimit: 32841044 kB
    Committed_AS: 3638664 kB
    VmallocTotal: 34359738367 kB
    VmallocUsed: 1636012 kB
    VmallocChunk: 34358056483 kB
    HugePages_Total: 0
    HugePages_Free: 0
    HugePages_Rsvd: 0
    Hugepagesize: 2048 kB
    [Expert@CP-NG:0]#

    I can't check it here (tried IE and Chrome):
    Click image for larger version. 

Name:	cp-mgmt.jpg 
Views:	66 
Size:	44.0 KB 
ID:	1373

    [Expert@cp-krm:0]# fw ver
    This is Check Point's software version R80.10 - Build 423
    [Expert@cp-krm:0]# cat /proc/meminfo
    MemTotal: 4068948 kB
    RawMemTotal: 5242880 kB
    MemFree: 3538040 kB
    Buffers: 23076 kB
    Cached: 421668 kB
    SwapCached: 0 kB
    Active: 132016 kB
    Inactive: 369436 kB
    HighTotal: 2349632 kB
    HighFree: 1860188 kB
    LowTotal: 1719316 kB
    LowFree: 1677852 kB
    SwapTotal: 10514532 kB
    SwapFree: 10514532 kB
    Dirty: 324 kB
    Writeback: 16 kB
    AnonPages: 56744 kB
    Mapped: 56008 kB
    Slab: 14356 kB
    PageTables: 2788 kB
    NFS_Unstable: 0 kB
    Bounce: 4 kB
    CommitLimit: 12549004 kB
    Committed_AS: 459792 kB
    VmallocTotal: 247800 kB
    VmallocUsed: 10048 kB
    VmallocChunk: 236000 kB
    HugePages_Total: 0
    HugePages_Free: 0
    HugePages_Rsvd: 0
    Hugepagesize: 2048 kB
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  18. #18
    Join Date
    2006-09-26
    Posts
    3,154
    Rep Power
    16

    Default Re: unable to connect to server

    Quote Originally Posted by Serge17 View Post
    I can't check it here (tried IE and Chrome):
    Click image for larger version. 

Name:	cp-mgmt.jpg 
Views:	66 
Size:	44.0 KB 
ID:	1373

    [Expert@cp-krm:0]# fw ver
    This is Check Point's software version R80.10 - Build 423
    [Expert@cp-krm:0]# cat /proc/meminfo
    MemTotal: 4068948 kB
    RawMemTotal: 5242880 kB
    MemFree: 3538040 kB

    so the box only has 4GB of RAM. According to the SK, you need at least 8GB RAM:

    Notes:

    The 4200 appliance does not support StandAlone deployment at all.
    These appliance models do not support a Standalone deployment with their default RAM (4GB):
    4400, 4600, 4800, 12200, 12400.
    Upgrade these models to at least 8 GB RAM to support a Standalone deployment.
    The Smart-1 25B, 205, 210, 405, 410 appliances can run Security Management OR Log Server OR SmartEvent.

  19. #19
    Join Date
    2017-07-07
    Posts
    21
    Rep Power
    0

    Default Re: unable to connect to server

    Quote Originally Posted by cciesec2006 View Post
    so the box only has 4GB of RAM. According to the SK, you need at least 8GB RAM:

    Notes:

    The 4200 appliance does not support StandAlone deployment at all.
    These appliance models do not support a Standalone deployment with their default RAM (4GB):
    4400, 4600, 4800, 12200, 12400.
    Upgrade these models to at least 8 GB RAM to support a Standalone deployment.
    The Smart-1 25B, 205, 210, 405, 410 appliances can run Security Management OR Log Server OR SmartEvent.
    pgrade these models to at least 8 GB RAM to support a Standalone deployment.
    This doesn't apply to 4200 (The 4200 appliance does not support StandAlone deployment at all.)

    Thanks!
    Check Point CCSA/CCSE/CCSE+
    Cisco CCNP/CCSP

  20. #20
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: unable to connect to server

    Quote Originally Posted by Serge17 View Post
    pgrade these models to at least 8 GB RAM to support a Standalone deployment.
    This doesn't apply to 4200 (The 4200 appliance does not support StandAlone deployment at all.)

    Thanks!
    Well.. there is supported.. and then there is possible...

    I'm assuming this for a lab box since a 4200 is a pretty sad box for a mgmt server.

    crack the box open (oh noes!), look at the chipset to see what max ram it an really supports and do what you need. If you want to make it a pure mgmt config do a fresh install, don't complete the wizard then look at config_system script and try making it mgmt only server. Might not work.. but then again that is a shell script so take at look at what its doing and figure it out.

    While your at it put a hard drive in. Maybe even a SSD? Its just a intel box with intel nics in it. Should be possible. Supported? Nopers..

Page 1 of 2 12 LastLast

Similar Threads

  1. Smart Console 'Unable the connect server'
    By abdomin25 in forum R80
    Replies: 6
    Last Post: 2017-10-27, 11:10
  2. Unable to connect to policy server
    By tofke in forum SecureClient/SecuRemote
    Replies: 2
    Last Post: 2009-07-09, 10:54
  3. Replies: 8
    Last Post: 2008-05-19, 11:06
  4. SmartView Reporter server unable to connect to SmartCenter server
    By pop_alex in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 0
    Last Post: 2006-08-31, 00:58
  5. Unable to connect through MS ISA2004 server
    By rubber_chicken in forum SNX - SSL Network Extender
    Replies: 5
    Last Post: 2006-06-22, 21:20

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •