- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
On an MDS, just 1 CMA/Customer has a locked session causing an issue. It's a session that is not viewable from within the MDS Session OR the CMA Sessions, so not a case of just discarding it like normal.
1. This seemed to have happened when the customer/CMA reverted back to a previous installed policy.
I.e. They reverted back to a 2nd April 2020 Policy. The 2 objects we can see locked are Network Properties (eth1 and eth2) . This is causing a fairly big problem as those objects are locked, 2 things we're trying to are failing with errors - "Get Interfaces with/without Topology" or even manually add an interface in.
2. From the MDS, running a psql_client SEARCH command, the eth1 and eth2 objid's both show, and they both have the same lockingsessionid. So I've tried mgmt API command below to discard it:
[Expert@MDS:0]# mgmt_cli -s id.txt discard uid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
But we get error:
code: "generic_server_error"
message: "Management server failed to execute command"
Anyone able to advise of what we can try? Commands? Etc.
Because this is an MDS with a lot of customers, we can't simply reboot it.
Thank you in advance!
Hi Maik,
Accessibility: Require all granted
Automatic Start: Enabled
Processes:
API Started
CPM Started
FWM Started
APACHE Started
I will discuss with the team that deals with our MDS about if an API service restart could be tried.
Thanks!
Hi Phone Boy,
The MDS was rebooted (had planned work on it a few days after the issue) but no change.
I do have a ticket open with TAC now. They've got MDS backup and I believe they intend to replicate it
Thanks
Is there any chance your server is listening on a port other than 443? I believe I ran into this once on an SMS that had Endpoint management installed and the WebUI/API port was moved to 4434? In which case, I believe I just had to specify the port number as a parameter on the mgmt_cli command.
Oh well, was worth a shot! If only it could have been that easy 😤
Hi,
We have the same issue with R80.40 T77, Single MGMT, no MDS. Did you get a fix to solve this issue?
Thanks
Did you get a fix from their end ?
Hi,
I was receiving the same error message when I was doing "logout" via the python requests library.
{
"code" : "generic_server_error",
"message" : "Management server failed to execute command"
}
The order of my actions were: 1) login 2) create object 3)set-session 4) publish 5) logout
The problem as I mention was the logout (everything else was executed). I ended up of adding a little "pause" (time.sleep(5))after publish and the logout function worked perfectly fine. What I think happened is that the code is executing too fast while some of the actions like publish needs some time for digestion.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY