This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ekta_Siwani1
Contributor
‎2018-03-25 11:43 PM

Best way to handle locked session (locked but not available on session panel)

Hi,

When I work with R80 API, some time I face an issue of the session getting locked.

In some cases, the locked session will not be available in session panel.

I found a script to discard session from sk113955 mentioned here:

takeover 

I modified this script to discard locked session by changing script query to "where not state='PUBLISHED", But not working for me.

What are the best ways to handle such situation (locked session but not available on session panel)

17 Replies
Ekta_Siwani1
Contributor
‎2018-03-26 04:56 AM
In response to Robert_Decker

Hi Robert Decker,

I tried discard_session script from mentioned link. It shows session discarded but the object is still locked.

Robert_Decker
Advisor
‎2018-03-26 05:10 AM
In response to Ekta_Siwani1

Hi Ekta,

Please select the locked object on the objects pane, and you will get locking information for that object - 

Maybe this will give you some clue...

Robert.

0 Kudos
Ekta_Siwani1
Contributor
‎2018-03-26 05:25 AM
In response to Robert_Decker

Hi,

It shows "locked for editing by admin". I am using admin credentials to discard session via script.

And I am sure this object has been created by web_api. Is there something I am doing wrong? 

0 Kudos
Robert_Decker
Advisor
‎2018-03-26 05:32 AM
In response to Ekta_Siwani1

In the link I gave you above, are you implementing the solution from Melissa Kjendle, or the one from Python SDK?

For your case, Melissa's proposal is better...

0 Kudos
Ekta_Siwani1
Contributor
‎2018-03-26 12:13 PM
In response to Robert_Decker

Hi,

Melissa's solution returns empty table and object is still locked.

 

0 Kudos
Robert_Decker
Advisor
‎2018-03-26 02:37 PM
In response to Ekta_Siwani1

Ok, I'll ask someone from management server team to assist.

Robert.

0 Kudos
Robert_Decker
Advisor
‎2018-03-27 01:51 AM
In response to Ekta_Siwani1

Your case requires in-depth investigation of your database.

Please open a support request for this.

Robert.

0 Kudos
Robert_Decker
Advisor
‎2018-03-27 05:25 AM
In response to Ekta_Siwani1

Ekta, just a final attempt, try running this bash script on the management server - 

#!/bin/bashmgmt_cli login -r true > id.txt; current_sid=$(mgmt_cli show session -s id.txt -f json | $CPDIR/jq/jq .uid); for sid in $(mgmt_cli -s id.txt show sessions details-level full -f json | $CPDIR/jq/jq '.objects[] | select ( .["application"] | contains ("WEB_API")) | .uid' | grep -v ${current_sid}); do mgmt_cli discard uid ${sid} -s id.txt ; done; mgmt_cli logout -s id.txt‍‍

Robert.

Ekta_Siwani1
Contributor
‎2018-03-27 11:34 PM
In response to Robert_Decker

Hi Robert,

No luck with this also. above command show "ok" as output but object is still locked. I think the best way is to open a ticket

0 Kudos
Robert_Decker
Advisor
‎2018-03-28 06:15 AM
In response to Ekta_Siwani1

Ok, go for it.

Our TAC has the tools to assist in such scenarios.

Robert.

0 Kudos
Josman23
Explorer
‎2023-04-22 09:27 PM
In response to Robert_Decker

It works for me.

Thank you Robert_Decker

SmartConsole R80.40
API v1.6

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-03-27 04:13 AM
In response to Ekta_Siwani1

Hi Ekta, 

any chance you can show a print-screen of the Sessions view under Manage & Settings? I want to see which admins have active sessions and how many objects each of them has locked.

Edit: just saw your screenshot. The best way would be through opening a ticket so that Check Point Support will be able to solve this for the benefit of all our users.

Hieu_le
Explorer
‎2019-01-22 05:04 PM

Hi Ekta Siwani,

You can share the way to resolve this problem. I have same problem with you.

Thanks.

0 Kudos
Ekta_Siwani1
Contributor
‎2019-01-23 12:01 AM
In response to Hieu_le

Hi Hieu Le,

My reason for session getting locked was different so none of this solution worked.

I was treating "publish" as synchronous call, instead of asynchronous call. If you are doing same mistake, all you have to do is:

1. after making publish api call, get the task id 

2. use task id to check the status of publish task using show-task api

3. If "show-task" api returns "succeeded", go to next step of your task else wait.

You need to treat "publish" in same way we treat "install-policy" api call, and your session will not get locked.

Let me know if you need detail about this.

Hieu_le
Explorer
‎2019-01-23 03:34 AM

Thanks Ekta Siwani

In my case, i have 2 network group: IP_Blacklist and IP_Blacklist_1. 

Today :Jan 23,2019, but these groups blocked from Jan 18,2019 .

And I viewed in View Sessions, but there is not session to block,change

I also tried to use: psql_client cpm postgres -c "select objid,applicationname,username,creator,state,numberoflocks,numberofoperations,creationtime,lastmodifytime from worksession ;" and discard them but still blocked.

0 Kudos
Ekta_Siwani1
Contributor
‎2019-01-23 03:58 AM
In response to Hieu_le

Hi,

To unlock the session, if you have tried all the solution mentioned above in thread, you should open TAC case. Even i was not able to unlock the session by myself. TAC should be able to help you.

To avoid this in future, please  modify the way you are handling "publish" api.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top