cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Best way to handle locked session (locked but not available on session panel)

Hi,

When I work with R80 API, some time I face an issue of the session getting locked.

In some cases, the locked session will not be available in session panel.

I found a script to discard session from sk113955 mentioned here:

takeover 

I modified this script to discard locked session by changing script query to "where not state='PUBLISHED", But not working for me.

What are the best ways to handle such situation (locked session but not available on session panel)

16 Replies
Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

 

Robert.

Re: Best way to handle locked session (locked but not available on session panel)

Hi Robert Decker,

I tried discard_session script from mentioned link. It shows session discarded but the object is still locked.

Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

Hi Ekta,

Please select the locked object on the objects pane, and you will get locking information for that object - 

Maybe this will give you some clue...

Robert.

0 Kudos

Re: Best way to handle locked session (locked but not available on session panel)

Hi,

It shows "locked for editing by admin". I am using admin credentials to discard session via script.

And I am sure this object has been created by web_api. Is there something I am doing wrong? 

0 Kudos
Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

In the link I gave you above, are you implementing the solution from Melissa Kjendle, or the one from Python SDK?

For your case, Melissa's proposal is better...

0 Kudos

Re: Best way to handle locked session (locked but not available on session panel)

Hi,

Melissa's solution returns empty table and object is still locked.

 

0 Kudos
Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

Ok, I'll ask someone from management server team to assist.

Robert.

0 Kudos
Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

Your case requires in-depth investigation of your database.

Please open a support request for this.

Robert.

0 Kudos
Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

Ekta, just a final attempt, try running this bash script on the management server - 

#!/bin/bash
mgmt_cli login -r true > id.txt; current_sid=$(mgmt_cli show session -s id.txt -f json | $CPDIR/jq/jq .uid); for sid in $(mgmt_cli -s id.txt show sessions details-level full -f json | $CPDIR/jq/jq '.objects[] | select ( .["application"] | contains ("WEB_API")) | .uid' | grep -v ${current_sid}); do mgmt_cli discard uid ${sid} -s id.txt ; done; mgmt_cli logout -s id.txt

Robert.

0 Kudos

Re: Best way to handle locked session (locked but not available on session panel)

Hi Robert,

No luck with this also. above command show "ok" as output but object is still locked. I think the best way is to open a ticket

0 Kudos
Employee++
Employee++

Re: Best way to handle locked session (locked but not available on session panel)

Ok, go for it.

Our TAC has the tools to assist in such scenarios.

Robert.

0 Kudos

Re: Best way to handle locked session (locked but not available on session panel)

Hi Ekta, 

any chance you can show a print-screen of the Sessions view under Manage & Settings? I want to see which admins have active sessions and how many objects each of them has locked.

Edit: just saw your screenshot. The best way would be through opening a ticket so that Check Point Support will be able to solve this for the benefit of all our users.

Hieu_le
Ivory

Re: Best way to handle locked session (locked but not available on session panel)

Hi Ekta Siwani,

You can share the way to resolve this problem. I have same problem with you.

Thanks.

0 Kudos

Re: Best way to handle locked session (locked but not available on session panel)

Hi Hieu Le,

My reason for session getting locked was different so none of this solution worked.

I was treating "publish" as synchronous call, instead of asynchronous call. If you are doing same mistake, all you have to do is:

1. after making publish api call, get the task id 

2. use task id to check the status of publish task using show-task api

3. If "show-task" api returns "succeeded", go to next step of your task else wait.

You need to treat "publish" in same way we treat "install-policy" api call, and your session will not get locked.

Let me know if you need detail about this.

0 Kudos
Hieu_le
Ivory

Re: Best way to handle locked session (locked but not available on session panel)

Thanks Ekta Siwani

In my case, i have 2 network group: IP_Blacklist and IP_Blacklist_1. 

Today :Jan 23,2019, but these groups blocked from Jan 18,2019 .

And I viewed in View Sessions, but there is not session to block,change

I also tried to use: psql_client cpm postgres -c "select objid,applicationname,username,creator,state,numberoflocks,numberofoperations,creationtime,lastmodifytime from worksession ;" and discard them but still blocked.

0 Kudos

Re: Best way to handle locked session (locked but not available on session panel)

Hi,

To unlock the session, if you have tried all the solution mentioned above in thread, you should open TAC case. Even i was not able to unlock the session by myself. TAC should be able to help you.

To avoid this in future, please  modify the way you are handling "publish" api.

0 Kudos