cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted
Vladimir
Pearl

Script $FWDIR/scripts/server_status.sh shows incorrect status

I was working on preparing a guide for one of my clients and decided to run this script for verification of the fwm after migrate export.

To my surprise, the results were:

[Expert@SMS8010:0]# date; $FWDIR/scripts/server_status.sh
Fri Feb 23 15:40:17 EST 2018
Checking server status. Please wait...
15:40:18,423 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:223 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local

Server is up - but not ready to receive connections (fwm might be down or busy)
[Expert@SMS8010:0]#

When I clearly able to connect to it using SmartConsole:

While script keeps showing:

[Expert@SMS8010:0]# date; $FWDIR/scripts/server_status.sh
Fri Feb 23 15:46:15 EST 2018
Checking server status. Please wait...
15:46:15,809 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:223 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local
Server is up - but not ready to receive connections (fwm might be down or busy)
[Expert@SMS8010:0]#

At the same time:

[Expert@SMS8010:0]# cpstat mg

Product Name: Check Point Security Management Server
Major version: 6
Minor version: 0
Build number: 991140009
Is started: 1
Active status: active
Status: OK


Connected clients
-------------------------------------------------------
|Client type |Administrator|Host |Database lock|
-------------------------------------------------------
|SmartConsole|admin |yvlprecision|false |
-------------------------------------------------------


[Expert@SMS8010:0]#

Tags (2)
7 Replies
Admin
Admin

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

I wasn't even aware of that script Smiley Happy

It looks like it's running some sort of Java program to determine reachability and it's returning a specific error code.

My initial thought would be to open a TAC ticket.

0 Kudos
Vladimir
Pearl

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

Since I've encountered it in my lab setup and it does not affect me that much, I am hesitant to devout much time to it.

If it is in your power to do so, can you may be kick it to R&D: I suspect that this issue may be related to the SmartConsole's monitoring issues that were described in quite a few other posts.

The symptoms included indications of the loss of SIC, while it was working, incorrect ClusterXL member status, etc.. 

0 Kudos
Admin
Admin

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

Possible all those issues are related.

0 Kudos

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

These issues aren't related. This script prints various info statuses. Just because a line that says "SIC was successful" appears right before the line which you encounter as a false-positive "not ready to receive connections", doesn't indicate correlation.

I would suggest using the much simpler $FWDIR/scripts/cpm_status.sh

Vladimir
Pearl

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

Thanks Tomer. I'll try the $FWDIR/scripts/cpm_status.sh, but can you tell me if anyone was able to shed the light on why the $FWDIR/scripts/server_status.sh was showing "not ready to accept connections?"

0 Kudos

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

What do you get from `cpwd_admin list` exactly?

0 Kudos
Vladimir
Pearl

Re: Script $FWDIR/scripts/server_status.sh shows incorrect status

[Expert@SMS8010:0]# date; $FWDIR/scripts/server_status.sh
Mon Mar 5 08:07:31 EST 2018
Checking server status. Please wait...
08:07:32,406 INFO com.checkpoint.management.cpm.Cpm.enableLocalSic:223 [main] - Enabling local sic. Setting cp.ssl_local.certificate.check=local
Server is up - but not ready to receive connections (fwm might be down or busy)
[Expert@SMS8010:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 3913 E 1 [11:57:05] 3/3/2018 N cpviewd
CPD 3925 E 1 [11:57:05] 3/3/2018 Y cpd
FWD 4009 E 1 [11:57:13] 3/3/2018 N fwd -n
FWM 4012 E 1 [11:57:13] 3/3/2018 N fwm
VSEC 4043 E 1 [11:57:14] 3/3/2018 N vsec_controller_start
SOLR 4260 E 1 [11:57:16] 3/3/2018 N java_solr /opt/CPrt-R80/conf/jetty.xml
RFL 4378 E 1 [11:57:18] 3/3/2018 N LogCore
CPM 4399 E 1 [11:57:18] 3/3/2018 N /opt/CPsuite-R80/fw1/scripts/cpm.sh -s
SMARTVIEW 4404 E 1 [11:57:18] 3/3/2018 N SmartView
INDEXER 4488 E 1 [11:57:19] 3/3/2018 N /opt/CPrt-R80/log_indexer/log_indexer
SMARTLOG_SERVER 4502 E 1 [11:57:19] 3/3/2018 N /opt/CPSmartLog-R80/smartlog_server
CPSEMD 14413 E 1 [12:03:34] 3/3/2018 Y cpsemd
CPSEAD 4774 E 1 [11:57:23] 3/3/2018 N cpsead
DASERVICE 4820 E 1 [11:57:23] 3/3/2018 N DAService_script
LPD 11106 E 1 [12:01:51] 3/3/2018 N lpd
CPSM 15582 E 1 [12:04:39] 3/3/2018 N cpstat_monitor
[Expert@SMS8010:0]#

0 Kudos