- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: connection cannot be initiated, please make su...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot Connect with SmartConsole to R77.30 or Earlier Management
Why is it my newly installed checkpointR77.iso in vmware have errorr when connecting using R77 smartconsole in windows server2012 ? the server can ping and access the web UI of both gaia gateway FW and gaia management FW.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to summarize (and mark the answer correct), this is a known issue described in the following SK:
The TL;DR:
- On a fresh install of any Check Point version prior to R77.30 with JHF 143, the Internal CA is set with an expiration date 20 years in the future.
- If done after January 24th 2018, this will result in a date beyond the Unix epoch, which causes this issue.
Workarounds:
- Use a version unaffected by this issue (R77.30 with JHF 143 and above or R80.10).
- Get the relevant hotfix for an earlier release from the TAC
- Prior to starting the installation, backdate the system to a date prior to January 24th 2018.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Known issue for all fresh installs of R77.30 prior to Take 143 and lower after January 24th 2018.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ive tried option
1. Choose 'Certificate Authority' option
2. Press 'y' to initialize the CA
then after there is instruction to run pidof cpca, iver tried not in expert
mode its invalid command, then i tried in expert nothing happens still
cannot be intiated.
On Sun, Feb 11, 2018 at 6:37 AM, Dameon Welch Abernathy <
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The problem is that by default the CA sets the expiration date to 20 years in the future.
That date is beyond what can be stored by the Unix epoch, which is why you cannot reinitialize the CA.
Which means you either need to:
1. Get the appropriate hotfix from TAC
2. Use a version unaffected by this issue (R77.30 with JHF 143 and above or R80.10)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is a fresh install from the R77.30 iso in my vmware, with trial license...can i still be able to download the JHF to solve the problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to retrieve the latest Jumbo Hotfix from CPUSE prior to completing the First Time Wizard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have already configured default gateway, dns 4.2.2.2 and the firewall can ping the dns, is there anything i miss?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check to see if you can reach the cloud servers using sk83520
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is the output, what does it mean?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It would be helpful to see the output of all the commands, not just the last one (which looks successful).
The one previous to the one with Sigcheck looks like it might be interesting to check.
Or we can skip the troubleshooting and you can just download the offline version of the latest jumbo hotfix.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is there a way for me to download the horfix so that i can resolve this error, this is a fresh install GAIA R77.30... but the smartdashboard fail to connect..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anyone who has a support agreement in place should be able to download the file.
If you do and you're seeing this, please check with Account Services: Contact Support | Check Point Software
It also appears that we've now included the relevant fix in the R77.30 images available on UserCenter.
- Effective February 26th 2018, the fix for this issue is included in R77.30 Gaia and Windows images.
For more information see Check Point R77.30.
You may be able to obtain temporary authorization to download these files by working with your account team.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
so that means if i dont have access to that link(my account is not capable) i dont have chance to fix this issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately, most bugfixes and software releases are only available to those who are covered by an active Support agreement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to register that can download the hotfix, my customer has a licensed
device, how to know if he can avail to download?
On Mar 12, 2018 8:16 AM, "Dameon Welch Abernathy" <donotreply@checkpoint.com>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the customer has a support agreement, they can can add you as a contact for their User Center account.
This would allow you to download the file.
Account Services should be able to verify entitlement: Contact Support | Check Point Software
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
they are askin me how can they register, cuz he already made an account but
still cannot download anything. his accoun is just the same as me, how to
make an account is there a link where to key in the serial number or
whatsoever?
On Mar 13, 2018 9:54 PM, "Dameon Welch Abernathy" <donotreply@checkpoint.com>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Account Services can assist you with these issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you still can't get the hotfix for this, another option is to set the system date to something before 24th January 2018 prior to running the First Time Wizard.
This should allow the creation of the Internal CA to succeed and resolve the issue you are experiencing.
Afterwards, you can reset the system time to the current time.
However, I strongly recommend resolving your entitlement issues so you can download the proper hotfix for this and others you may need.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you i will try that one
On Mar 15, 2018 8:47 AM, "Dameon Welch Abernathy" <donotreply@checkpoint.com>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
after importing the file.TAR.gz this is what i receive
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like the file you are trying to load is somehow corrupt.
I recommend checking the file MD5/SHA1 hash to validate the file you are trying to load the correct file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally I was able to resolve my connection issue after a month of investigation.
Follow
-Fresh Install
-sk81200 Install License Via cli bbecause of no access to Smart Update
-sk92449 Upgrade Service Engine CPUSE
-sk106162 Install Jumbo
-sk122612 to generate a CA via cpconfig Make sure you reboot
Job done
Note you need a Checkpoint Account
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SmartUpdate doesn't require a license to operate.
It does, however, require there be a valid Internal CA, which you didn't have due to the bug described in this thread.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to summarize (and mark the answer correct), this is a known issue described in the following SK:
The TL;DR:
- On a fresh install of any Check Point version prior to R77.30 with JHF 143, the Internal CA is set with an expiration date 20 years in the future.
- If done after January 24th 2018, this will result in a date beyond the Unix epoch, which causes this issue.
Workarounds:
- Use a version unaffected by this issue (R77.30 with JHF 143 and above or R80.10).
- Get the relevant hotfix for an earlier release from the TAC
- Prior to starting the installation, backdate the system to a date prior to January 24th 2018.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content