cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

cprid_util error

Jump to solution

Greetings,

My envornment:  MDS R80.20 Take 103 10.255.19.21 is running R80.10 Take 154 in a cluster where the cprid_util command executes properly.

After running mdsenv X.X.X.X for the correct CMA, I'm trying to execute a cprid_util command, but I get the following output.  I can't find any references to "status=3" which I assume is the error code.

[Expert@CheDC-MDS1:0]# cprid_util -server 10.255.19.21 -verbose -debug rexec -rcmd /bin/bash -c "df -h"
my_callback status=3 opq=0x3 run_stat=0 len = #0#
<<(NULL BUF)>>
info=
remote command status = 0
0
(NULL BUF)

Good output looks like this and note the status=0:

[Expert@CheDC-MDS1:0]# cprid_util -server 10.255.19.20 -verbose -debug rexec -rcmd /bin/bash -c "df -h"
my_callback status=0 opq=0x3 run_stat=0 len = #317#
<<Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
32G 6.3G 24G 22% /
/dev/sda1 289M 104M 171M 38% /boot
tmpfs 3.8G 0 3.8G 0% /dev/shm
/dev/mapper/vg_splat-lv_log
59G 16G 40G 28% /var/log
>>
info=(
:type (opsec_info)
:stderr_buflen (0)
:stderr_offset (0)
:stdout_buflen (317)
:stdout_offset (0)
:WIFSTOPPED (0)
:WSTOPSIG (0)
:WIFEXITED (1)
:WEXITSTATUS (0)
:WIFSIGNALED (0)
:WTERMSIG (0)
)

remote command status = 0
0
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
32G 6.3G 24G 22% /
/dev/sda1 289M 104M 171M 38% /boot
tmpfs 3.8G 0 3.8G 0% /dev/shm
/dev/mapper/vg_splat-lv_log
59G 16G 40G 28% /var/log

 

Does anyone know an sk that helps me figure out why the cprid_util fails?

Thanks my fellow Check Mates!

Luis

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: cprid_util error

Jump to solution

Greetings,

A reboot fixed the problem.

I checked SIC from both the CMA and from both gateways, and SIC was good.

A less intrusive way is to run the following which also fixed the problem.  Stop then start the CPRID process.

To Stop # $CPDIR/bin/cpridstop

To Start # $CPDIR/bin/cpridstart

 

I verified the above two commands fixed the problem on another gateway that was showing NULL BUF.

 

Regards,

Luis

View solution in original post

0 Kudos
5 Replies
Highlighted

Re: cprid_util error

Jump to solution

The only available sk is sk101047: How to manage Security Gateway using the "cprid_util" tool  - so i would involve TAC...

0 Kudos
Highlighted

Re: cprid_util error

Jump to solution

Thanks for the response G_W!

Luis

0 Kudos
Highlighted

Re: cprid_util error

Jump to solution
Does the .20 IP happen to be the backup member of the cluster?
Is the .21 the active member? If so, there are numerous items here about backup gateways and NAT (hiding behind VIP), problem could be in this specific area... Check log and maybe tcpdump on the primary to see if traffic is partially handled by the primary and dropped.
Regards, Maarten
0 Kudos
Highlighted

Re: cprid_util error

Jump to solution

Hi Maarten,

 

.20 is active with .21 standby.  I checked fwha_forw_packet_to_not_active is set to 1 via $FWDIR/boot/modules/fwkern.conf on both firewalls.  It's not what you described, but I thought it was worth mentioning.

tcpdump -vv -nni bond1 host CMA_IP on both firewalls shows similar traffic flows.  The only difference is the number of packets which makes sense since .20 responds with data.

I have another cluster with both members responding correctly to the cprid_util command.  The other cluster is running R80.10 Take 154 too.

I'm going to open a ticket with CP tech support.

I'll let you know what I find.

Thanks!

Luis

 

0 Kudos
Highlighted

Re: cprid_util error

Jump to solution

Greetings,

A reboot fixed the problem.

I checked SIC from both the CMA and from both gateways, and SIC was good.

A less intrusive way is to run the following which also fixed the problem.  Stop then start the CPRID process.

To Stop # $CPDIR/bin/cpridstop

To Start # $CPDIR/bin/cpridstart

 

I verified the above two commands fixed the problem on another gateway that was showing NULL BUF.

 

Regards,

Luis

View solution in original post

0 Kudos