This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
eliadr
Participant
‎2022-10-18 06:33 AM
Jump to solution

Force clearing disconnected sessions

Hi.

I've a management server R81 Take 36.
I've an admin session stuck - can't login with that user or even discard, take over or publish.
Just getting "Internal error".
cpm.elg show lots of different errors around it.

Trying to remove it from mgmt_cli, results in the following error:
"Runtime error: Tried to open non existing session with id <SOME GUID>"

 

Any ideas? or just TAC?

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2022-10-18 06:40 AM
Jump to solution

Please open a TAC request

View solution in original post

0 Kudos
13 Replies
_Val_
Admin
Admin
‎2022-10-18 06:40 AM
Jump to solution

Please open a TAC request

0 Kudos
the_rock
Legend
Legend
‎2022-10-18 06:52 AM
Jump to solution

Im pretty sure cpstop;cpstart or reboot would fix that. However, if that was done, then I guess you may need to contact TAC.

George_Ellis
Advisor
‎2023-10-19 04:06 AM
In response to the_rock
Jump to solution

Zombie Thread Alert.  Same deal on 81.10 JHF 95.  Reboot did not fix it on a MDM.  Setting up to call TAC.

 

0 Kudos
the_rock
Legend
Legend
‎2023-10-19 04:58 AM
In response to George_Ellis
Jump to solution

Have you tried below command?

Andy

mgmt_cli -r true show sessions details-level full -f json | jq -r '.objects[] | select(."user-name" != "WEB_API") | .uid' | while read -r uid; do mgmt_cli -r true disconnect uid $uid; done
0 Kudos
George_Ellis
Advisor
‎2023-10-19 06:57 AM
In response to the_rock
Jump to solution

We did and got 

"Runtime error: Tried to open non existing session with id <SOME GUID>"

The guid response is not in the worksession data.

 

 

mgmt_cli -r true disconnect uid UID -d DOMAINID
and
mgmt_cli -r true disconnect uid UID

 

0 Kudos
the_rock
Legend
Legend
‎2023-10-19 07:04 AM
In response to George_Ellis
Jump to solution

This is Provider 1?

0 Kudos
George_Ellis
Advisor
‎2023-10-19 07:14 AM
In response to the_rock
Jump to solution

MDM, yes.  We will need TAC on this one.

 

0 Kudos
the_rock
Legend
Legend
‎2023-10-19 07:22 AM
In response to George_Ellis
Jump to solution

Ah, sorry, if its MDM, then not sure, hope TAC can help. I have some time later, I will set up MDM in the lab and test myself, if I make progress, will let you know either way.

Keep us posted.

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-10-19 08:16 AM
In response to George_Ellis
Jump to solution

K, though Im working on really difficult Fortigate vpn issue, Im in parallel doing the MDS lab. I got it going, so will see how far I get. Will update you little later on the progress.

Kind regards,

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-10-19 07:06 AM
In response to George_Ellis
Jump to solution

This is from my R81.20 jhf 26 mgmt lab

Andy

 

[Expert@CP-management:0]# mgmt_cli -r true show sessions details-level full -f json | jq -r '.objects[] | select(."user-name" != "WEB_API") | .uid' | while read -r uid; do mgmt_cli -r true disconnect uid $uid; done
message: "OK"

 

---------------------------------------------
Time: [10:05:57] 19/10/2023
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@CP-management:0]#

0 Kudos
George_Ellis
Advisor
‎2023-10-19 07:13 AM
In response to the_rock
Jump to solution

It works great, but the problem is this particular UID is broken.  You get a generic "An internal error has occurred" dialog box, so went to expert cli and it fails with better information.

 

0 Kudos
the_rock
Legend
Legend
‎2023-10-19 08:19 AM
In response to George_Ellis
Jump to solution

K, just ran it on MDS level, worked 100%

See below.

Andy

 

[Expert@CP-Provider1:0]# uptime
11:17:49 up 14 min, 1 user, load average: 1.03, 1.24, 1.00
[Expert@CP-Provider1:0]# mgmt_cli -r true show sessions details-level full -f json | jq -r '.objects[] | select(."user-name" != "WEB_API") | .uid' | while read -r uid; do mgmt_cli -r true disconnect uid $uid; done
message: "OK"

 

---------------------------------------------
Time: [11:18:16] 19/10/2023
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@CP-Provider1:0]# mdsstat

CPM: Check Point Security Management Server is running and ready

+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| Type | Name | IP address | FWM | FWMHA | FWD | CPD | CPCA |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| MDS | - | 172.16.10.242 | up 11869 | up 11880 | up 11867 | up 7792 | up 17354 |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
Total Domain Management Servers checked: 0 0 up 0 down
Tip: Run mdsstat -h for legend

[Expert@CP-Provider1:0]#

0 Kudos
Gero_Stolle
Contributor
‎2022-10-18 07:49 AM
Jump to solution

Yes, I would also recommend open a TAC case , because your database need afixup to remove different table entries. 
There additional scripts available to do the rudimentary cleanup, but do it with TAC 🙂 

Gero

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events