- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Checkpoint R81.10 API not running, Also SmartConso...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint R81.10 API not running, Also SmartConsole showing "Serious problem and needs to Relaunch"
Hello Everyone,
We have installed Checkpoint version R81.10. We are having this issue where API is not running and also Smart Console is not starting up. It is asking us to relaunch even after restart the application,
FW1> api status
API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled
Processes:
Name State PID More Information
-------------------------------------------------
API Stopped 6256
CPM Started 6256 Check Point Security Management Server is running and ready
FWM Started 5842
APACHE Started 5233
Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443
Profile:
-------------------
Machine profile: Small Medium env resources profile
CPM heap size: 1280m
Apache port retrieved from: httpd-ssl.conf
--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------
API readiness test FAILED. The server is down and unable to receive connections!
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
-- When we try to start the API, we get below message,
FW1> api start
2021-Nov-26 12:15:08 - Starting API ...
2021-Nov-26 12:15:08 - WARNING: File mgmt_api_profile_settings.xml not found.
Could you please let me know what needs to updated to get the API running for R81.10 and also get access to Smart console. Your help will be of great use to me and will be appreciated.
Regards
Mahadevan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are the parameters of the server: RAM size, CPUs, HDD space?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Val,
Thanks for your response, I have attached my Configuration. Please check it and let me know if that is sufficient.
RAM - 11gb
CPU - 2
Storage - 200GB
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Management API is not running and you are not able to connect with SmartConsole (crashing during login) suggests something very basic is not working. I suggest also checking the following:
1| run cpwd_admin list to see the state of all Check Point services
2| Run ver to check the installed version
3| If possible run cpstop and cpstart to restart the services
4| If possible reboot the machine and check again.
As Valarie wrote the machine hardware (like diskspace and RAM) is also important.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for you response. I have run the commands which you have listed. But when I check for the api status, Both API and FWM have stopped now.
FW1> api status
API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled
Processes:
Name State PID More Information
-------------------------------------------------
API Stopped 12116
CPM Started 12116 Check Point Security Management Server is running and ready
FWM Stopped 0
APACHE Started 5013
Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443
Profile:
-------------------
Machine profile: Medium env resources profile
CPM heap size: 1280m
Apache port retrieved from: httpd-ssl.conf
--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------
API readiness test FAILED. The server is down and unable to receive connections!
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
Please let me know any changes to make. Thanks again for your response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also For cpwd_admin list, FWM is also stopped and unable to start it.
FW1> cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 11501 E 1 [09:29:23] 30/11/2021 N cpviewd
CPVIEWS 11506 E 1 [09:29:23] 30/11/2021 N cpview_services
SXL_STATD 11509 E 1 [09:29:23] 30/11/2021 N sxl_statd
CPD 11526 E 1 [09:29:23] 30/11/2021 Y cpd
MPDAEMON 11537 E 1 [09:29:24] 30/11/2021 N mpdaemon /opt/CPshrd-R81/log/mpdaemon.elg /opt/CPshrd-R81/conf/mpdaemon.conf
TP_CONF_SERVICE 11565 E 1 [09:29:24] 30/11/2021 N tp_conf_service --conf=tp_conf.json --log=error
CI_CLEANUP 11635 E 1 [09:29:27] 30/11/2021 N avi_del_tmp_files
CIHS 11638 E 1 [09:29:27] 30/11/2021 N ci_http_server -j -f /opt/CPsuite-R81/fw1/conf/cihs.conf
FWD 11654 E 1 [09:29:28] 30/11/2021 N fwd
FWM 0 T 0 [11:54:47] 30/11/2021 N fwm
STPR 11684 E 1 [09:29:28] 30/11/2021 N status_proxy
SPIKE_DETECTIVE 11713 E 1 [09:29:28] 30/11/2021 N spike_detective
CPM 12116 E 1 [09:29:30] 30/11/2021 N /opt/CPsuite-R81/fw1/scripts/cpm.sh -s
SOLR 15941 E 1 [09:30:41] 30/11/2021 N java_solr
RFL 15962 E 1 [09:30:41] 30/11/2021 N LogCore
SMARTVIEW 15987 E 1 [09:30:41] 30/11/2021 N SmartView
INDEXER 16067 E 1 [09:30:42] 30/11/2021 N /opt/CPrt-R81/log_indexer/log_indexer
SMARTLOG_SERVER 16094 E 1 [09:30:43] 30/11/2021 N /opt/CPSmartLog-R81/smartlog_server
REPMAN 16416 E 1 [09:30:48] 30/11/2021 N java_repository_manager
DASERVICE 16422 E 1 [09:30:48] 30/11/2021 N DAService_script
AUTOUPDATER 16438 E 1 [09:30:48] 30/11/2021 N AutoUpdaterService.sh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im 99.99% sure I know why this is failing. If you look at the output of api start, it shows disabled. Now, Im not sure what cli command is to start is automatically, since you cant open dashboard, but let me check and I will get back to you. In the meantime, can you run api start from command line and see what happens? Then, if it works, run $FWDIR/scripts/./cpm_status.sh and see what it says.
Should show you below if its working:
[Expert@R81.10_MGMT:0]# $FWDIR/scripts/./cpm_status.sh
Check Point Security Management Server is running and ready
[Expert@R81.10_MGMT:0]#
Below links might be helpful:
https://community.checkpoint.com/t5/API-CLI-Discussion/Enabling-web-api/td-p/32641
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thanks for your response,
I have checked for the command you listed,
[Expert@FW1:0]# $FWDIR/scripts/./cpm_status.sh
Check Point Security Management Server is running and ready
But when I check for the API status,
[Expert@FW1:0]# api status
API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled
Processes:
Name State PID More Information
-------------------------------------------------
API Stopped 12116
CPM Started 12116 Check Point Security Management Server is running and ready
FWM Stopped 0
APACHE Started 5013
Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443
Profile:
-------------------
Machine profile: Medium env resources profile
CPM heap size: 1280m
Apache port retrieved from: httpd-ssl.conf
--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------
API readiness test FAILED. The server is down and unable to receive connections!
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
Could you please let me know what to check and update in order to get API and FWM started.
Thanks again for your response. Kindly let me know the changes to make.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
SmartConsole should connect regardless of if the api is up or not.
Though the error you are seeing with SmartConsole would normally be related to insufficient resources or a corrupted install.
As far as the api not starting, please see sk168832.
The postgres query would be different for R81 and would require a SR to get sorted.
I find it interesting that automatic start is disabled.
From my lab it doesn't appear you can disable automatic start on R81.10:
This would make sense as the api server shares a pid with CPM starting in R81.
I tried replicating the issue in my lab but mgmt_api_profile_settings.xml is automatically recreated upon the process starting:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thanks for your response, File mgmt_api_profile_settings.xml not found.
I have downloaded the right file and for some reason above file is not present and it is showing as the cause for api and fwm not starting.
[Expert@FW1:0]# api status
API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled
Processes:
Name State PID More Information
-------------------------------------------------
API Stopped 12116
CPM Started 12116 Check Point Security Management Server is running and ready
FWM Stopped 0
APACHE Started 5013
Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443
Profile:
-------------------
Machine profile: Medium env resources profile
CPM heap size: 1280m
Apache port retrieved from: httpd-ssl.conf
--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------
API readiness test FAILED. The server is down and unable to receive connections!
Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'
Could you please let me know what is the changes to make. Your will response will of great help to me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have valid license ?
You can check it using command "cplic print"
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jozko,
Thanks for your response, I have tried the command got the below result,
cplic print
Host Expiration Features
======================================================================
Check Point product trial period will expire in 15 days.
Until then, you will be able to use the complete Check Point Product Suite.
Please obtain a permanent license from Check Point User Center at:
https://usercenter.checkpoint.com/pub/usercenter/get_started.html
======================================================================
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Omer,
Thanks for your response. While installing Checkpoint image, I have chosen the file in the IDE secondary master. I have posted an image below. Please check it.
Also I am getting the issue for File mgmt_api_profile_settings.xml not found while starting the API.
Both API and FWM are stopped. Not starting after cpstop and cpstart.
Could you please let me know the changes to make ?? Thanks again for your response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is not what Omer is asking. During the Gaia config process, you need to choose Primary:
For the full installation process, look here: https://community.checkpoint.com/t5/Check-Point-for-Beginners-2-0/Part-3-Installing-Security-Managem...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Val,
I apologize for replying with wrong information. Yeah During the Gaia config process, I have selected Primary. I did not change it to Secondary.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Omer,
Thanks for your response. I am having issue with mgmt_api_profile_settings.xml file . When I try to initiate api with command "api start", it shows not file not found.
I have also checked sk168832,
Could you please let me know where the file can be found as currently we do not have running server for same version.
I apologize if the issue is basic, we are stuck at this stage and unable to perform other actions to generate logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CPM 12116 E 1 [09:29:30] 30/11/2021 N /opt/CPsuite-R81/fw1/scripts/cpm.sh -s
Are you sure you installed R81.10?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Omer,
Thanks for your response. Sorry for the confusion,
I have checked for both versions and issue is occurring even in R81.10. Output for cpwd_admin list is from R81 but the issue -
mgmt_api_profile_settings.xml file not found while initiating api has been occuring in both versions. (R81.10 as well)
Could you please redirect me to download link for R81.10 where .xml file issue will not occur ?? Thanks again for response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you share the output of:
$CPDIR/bin/cpprod_util FwIsPrimary
And:
$CPDIR/bin/cpprod_util FwIsActiveManagement
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Omer,
Thanks for the commands, I have tried got the below output
[Expert@FW1:0]# $CPDIR/bin/cpprod_util FwIsPrimary
1
[Expert@FW1:0]# $CPDIR/bin/cpprod_util FwIsActiveManagement
1
Can you please let me know if this is the desired output ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mahadevan ,
Yes, this is the desired output.
I sent you an email with more details that I need.
Please also open a TAC case.
Thanks,
Omer