Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ekta_Siwani1
Contributor

Best way to handle locked session (locked but not available on session panel)

Hi,

When I work with R80 API, some time I face an issue of the session getting locked.

In some cases, the locked session will not be available in session panel.

I found a script to discard session from sk113955 mentioned here:

takeover 

I modified this script to discard locked session by changing script query to "where not state='PUBLISHED", But not working for me.

What are the best ways to handle such situation (locked session but not available on session panel)

17 Replies
Robert_Decker
Advisor

Ekta_Siwani1
Contributor

Hi Robert Decker,

I tried discard_session script from mentioned link. It shows session discarded but the object is still locked.

Robert_Decker
Advisor

Hi Ekta,

Please select the locked object on the objects pane, and you will get locking information for that object - 

Maybe this will give you some clue...

Robert.

0 Kudos
Ekta_Siwani1
Contributor

Hi,

It shows "locked for editing by admin". I am using admin credentials to discard session via script.

And I am sure this object has been created by web_api. Is there something I am doing wrong? 

0 Kudos
Robert_Decker
Advisor

In the link I gave you above, are you implementing the solution from Melissa Kjendle, or the one from Python SDK?

For your case, Melissa's proposal is better...

0 Kudos
Ekta_Siwani1
Contributor

Hi,

Melissa's solution returns empty table and object is still locked.

 

0 Kudos
Robert_Decker
Advisor

Ok, I'll ask someone from management server team to assist.

Robert.

0 Kudos
Robert_Decker
Advisor

Your case requires in-depth investigation of your database.

Please open a support request for this.

Robert.

0 Kudos
Robert_Decker
Advisor

Ekta, just a final attempt, try running this bash script on the management server - 

#!/bin/bash
mgmt_cli login -r true > id.txt; current_sid=$(mgmt_cli show session -s id.txt -f json | $CPDIR/jq/jq .uid); for sid in $(mgmt_cli -s id.txt show sessions details-level full -f json | $CPDIR/jq/jq '.objects[] | select ( .["application"] | contains ("WEB_API")) | .uid' | grep -v ${current_sid}); do mgmt_cli discard uid ${sid} -s id.txt ; done; mgmt_cli logout -s id.txt

Robert.

(1)
Ekta_Siwani1
Contributor

Hi Robert,

No luck with this also. above command show "ok" as output but object is still locked. I think the best way is to open a ticket

0 Kudos
Robert_Decker
Advisor

Ok, go for it.

Our TAC has the tools to assist in such scenarios.

Robert.

0 Kudos
Josman23
Explorer

It works for me.

Thank you Robert_Decker

SmartConsole R80.40
API v1.6

0 Kudos
Tomer_Sole
Mentor
Mentor

Hi Ekta, 

any chance you can show a print-screen of the Sessions view under Manage & Settings? I want to see which admins have active sessions and how many objects each of them has locked.

Edit: just saw your screenshot. The best way would be through opening a ticket so that Check Point Support will be able to solve this for the benefit of all our users.

Hieu_le
Explorer

Hi Ekta Siwani,

You can share the way to resolve this problem. I have same problem with you.

Thanks.

0 Kudos
Ekta_Siwani1
Contributor

Hi Hieu Le,

My reason for session getting locked was different so none of this solution worked.

I was treating "publish" as synchronous call, instead of asynchronous call. If you are doing same mistake, all you have to do is:

1. after making publish api call, get the task id 

2. use task id to check the status of publish task using show-task api

3. If "show-task" api returns "succeeded", go to next step of your task else wait.

You need to treat "publish" in same way we treat "install-policy" api call, and your session will not get locked.

Let me know if you need detail about this.

Hieu_le
Explorer

Thanks Ekta Siwani

In my case, i have 2 network group: IP_Blacklist and IP_Blacklist_1. 

Today :Jan 23,2019, but these groups blocked from Jan 18,2019 .

And I viewed in View Sessions, but there is not session to block,change

I also tried to use: psql_client cpm postgres -c "select objid,applicationname,username,creator,state,numberoflocks,numberofoperations,creationtime,lastmodifytime from worksession ;" and discard them but still blocked.

0 Kudos
Ekta_Siwani1
Contributor

Hi,

To unlock the session, if you have tried all the solution mentioned above in thread, you should open TAC case. Even i was not able to unlock the session by myself. TAC should be able to help you.

To avoid this in future, please  modify the way you are handling "publish" api.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events