Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FireMage
Contributor
Jump to solution

R81.20 Take 70 - API readiness test failed

Hello everyone,

i know the take is not yet released. but all the positive reports have prompted me to install it anyway.
unfortunately this has not been a success so far. i get the same problem on 2 different vm's:

- the installation went without error and after the restart i could not find any error in the function in general

BUT

i then tried to log in via smart dashboard, which did not work.

Cause:
the api service has a problem

david.client.tobit.jpg

i have already tried several things and also searched the internet. unfortunately without success.

should i forget the whole thing for now and wait for the release or do you have an idea?

thanks
jeff

0 Kudos
1 Solution

Accepted Solutions
Natan_Chamilevs
Employee
Employee

Hi @the_rock,

Is Compliance blade enabled in these Management machines?

Unfortunately, we've found an issue in the latest released takes (R81.20 JHF take 70, R81.10 JHF take 152, R81 JHF take 99) where FWM might terminate unexpectedly repeatedly, which makes the Management Server unresponsive, when Compliance blade is enabled.

The reason for the issue is changes made in the scheduling mechanism of the full scan of the Compliance blade.

The workaround can be found sk182507, and we plan to release Jumbo HF takes in the upcoming week with a solution for this issue.

We are truly sorry for the inconvenience.

Natan

View solution in original post

0 Kudos
15 Replies
the_rock
Legend
Legend

I installed it on 5 lab devices and no issues, 2 of them mgmt servers. Can you run below command?

watch -d $FWDIR/scripts/./cpm_status.sh (ctrl+c to stop)

Andy

0 Kudos
FireMage
Contributor

hi andy,

looks good:

Check Point Security Management Server is running and ready

david.client.tobit.jpg

thx

jeff

0 Kudos
the_rock
Legend
Legend

I know sometimes api may take bit of time to show successful, so can you try again? If you are able to, we can do remote later to check.

Andy

0 Kudos
FireMage
Contributor

Yes, you are right. after approx. 6h the api service is successfull.

thx

jeff

0 Kudos
the_rock
Legend
Legend

That is NOT normal. Longest I saw take is 10 mins.

Andy

0 Kudos
the_rock
Legend
Legend

I find myself in same situation for the lab mgmt, so let me see what happens, I will NOT restore from backup again, which I know would work, as I did it yesterday, so will leave it as is for some time with api test showing failed and see what happens. 

Andy

0 Kudos
the_rock
Legend
Legend

I installed jumbo 70 on my lab mgmt again, booted at 9.10 am EST, so let me keep an eye on it and see if API ever starts up : - )

Andy

0 Kudos
the_rock
Legend
Legend

@FireMage 

I think based on my testing, I am fairly sure this is jumbo 70 issue and here is why I say that...check out steps I did:

-due to lab mgmt having to be shut down in eve-ng, when it came back, api could never start (or I did not wait long enough, not sure, though this NEVER happened before with any other jumbo)

-I decided to restore backup from July 4th, which worked fine and API started right away

-then (July 20th), I upgraded to jumbo 70 again and ran another backup

-rebooted, api did not start even in 1 hour

-restored the back up again from July 4th, no issues

-upgraded again to jumbo 70, rebooted, took some time around 3 hours for API to start

Andy

0 Kudos
fabionfsc
Contributor

Can you send the output from the command bellow?

cat $MDS_FWDIR/conf/cpmServerSettings.props

0 Kudos
Natan_Chamilevs
Employee
Employee

Hi @the_rock,

Is Compliance blade enabled in these Management machines?

Unfortunately, we've found an issue in the latest released takes (R81.20 JHF take 70, R81.10 JHF take 152, R81 JHF take 99) where FWM might terminate unexpectedly repeatedly, which makes the Management Server unresponsive, when Compliance blade is enabled.

The reason for the issue is changes made in the scheduling mechanism of the full scan of the Compliance blade.

The workaround can be found sk182507, and we plan to release Jumbo HF takes in the upcoming week with a solution for this issue.

We are truly sorry for the inconvenience.

Natan

0 Kudos
the_rock
Legend
Legend

Hey mate,

Dont be silly man, what inconvenience, its a lab, all good, haha : - )

Btw, in eve-ng, literally any vendor (CP, FGT, PAN, Trend Micro, Cisco, Aruba, Sophps and so on) takes 5 mins to spin up a lab, so no sweat.

Anywho, to answer your question, no compliance blade was enabled, I enabled it AFTER installing jumbo 70, but then again, issue was there WITH jumbo 70 and NO compliance blade on. I did see sk you mentioned, definitely matches.

For now, I got working backup and I did leave jhf 70 installed, so will wait for new one. 

Thanks again @Natan_Chamilevs 

Andy

0 Kudos
the_rock
Legend
Legend

@Natan_Chamilevs 

Quick update...I ended up installing jumbo 76 (I see just came out today) in my R81.20 labs (with single gw, cluster and dedicated SE server), no issues, API started right away...cheers 🙂

Andy

0 Kudos
FireMage
Contributor

Hello everyone,

thank you for your efforts and the investigations. i was away from the site over the weekend, so i can only get back to you now.

yes, the compliance blade is active on all systems.

thanks again to everyone involved. now i can probably install the update.

see you soon
jeff

the_rock
Legend
Legend

I can confirm Jeff its good, tested in my lab.

best,

Andy

0 Kudos
the_rock
Legend
Legend

As a matter of fact, since I wanted to test importing policy from customer's mgmt migrate server into my lab, I spun up brand new R81.20 mgmt, "slapped" jumbo 76 on it, rebooted, ran migrate server import, rebooted, api came up literally in 25 seconds.

Andy

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events