This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Supporto_Checkp
Collaborator
‎2024-07-08 08:01 AM

MDS 81.10 Takt 152 - CPD process N/A only one one domain

Hi ,we have a strange issue with only one of our domain, this is a mdsstat

CPM: Check Point Security Management Server is running and ready

+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| Type | Name | IP address | FWM | FWMHA | FWD | CPD | CPCA |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| MDS | - | ipmds | up 56719 | up 56724 | up 56648 | up 14784 | up 57303 |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| CMA | domain1 | ip1 | up 47788 | up 48329 | up 46541 | up 41890 | up 53493 |
| CMA | domain2 | ip2 | up 45287 | up 46518 | up 44012 | up 41892 | up 53334 |
| CMA | domain3 | ip3 | up 46530 | up 47789 | up 45360 | up (N/A) | up 53335 |
| CMA | domain4 | ip4 | up 45288 | up 46532 | up 44013 | up 41887 | up 53331 |
| CMA | domain5 | ip5 | up 46540 | up 47849 | up 45358 | up 41891 | up 53333 |

"mdsstop_customer domain3" doesn't work, it remain stuck without stopping the domoain
the same command on other domains works.

We recently installed the jumbo take 152 because we had an issue regarding zombie processes and this issue too, the jumbo solved the zombie process spawning but not this one.

we tried to reboot the mds ,it works for some hours but then the CPD process is still in N/A.

$CPDIR/log/cpd.elg doesnt' show anything useful for us and for the TAC .
only strange messages are
t.so], Function offset [0x139a0].
[CPD 14784]@mds[8 Jul 8:29:40] Warning:cp_timed_blocker_handler: A handler [0xf56a71c0] blocked for 6 seconds.
[CPD 14784]@mds[8 Jul 8:29:40] Warning:cp_timed_blocker_handler: Handler info: Library [/opt/CPshrd-R81.10/lib/libosstatagent.so], Function offset [0x41c0].

any help will be appreciated 🙂

0 Kudos
25 Replies
the_rock
MVP Gold
MVP Gold
‎2024-07-08 08:08 AM

Weird shows as up, but n/a. Did you run cpd debug as per below (mds part)?

Andy

https://support.checkpoint.com/results/sk/sk86320

Best,
Andy
0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-08 08:12 AM
In response to the_rock

hi ,i can't do for the specified domain because even mdsenv domain3 remain stuck and give no output at all.

other useful info, a cpwd_admin list show that the process is running,
CPD.domain3 181457 E 1 [15:51:04] 2/7/2024 N cma_with_wd domain3 '/opt/CPmds-R81.10/customers/domain3/CPshrd-R81.10/bin/cpd'

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-08 08:15 AM
In response to Supporto_Checkp

Understood. I did find couple of older sk's, though its for R80.10 and R80.20, which are EOL. It says CP has hotfix for such an issue, so you may want to ask TAC if same applies to R81.10 as well.

Andy

Best,
Andy
0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-08 08:17 AM
In response to the_rock

can you give me the SK number ?

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-08 08:23 AM
In response to Supporto_Checkp

Similar...

https://support.checkpoint.com/results/sk/sk123722

https://support.checkpoint.com/results/sk/sk114936

Best,
Andy
0 Kudos
Peter_Lyndley
Advisor
Advisor
‎2024-07-09 06:18 AM
In response to Supporto_Checkp

i've seen this before where you have a duplicate process running (for some reason).

The only way to find it is to run ps -ef |grep domain3

Then kill -9 xxxxx, where xxxxx is the process number you want to kill. if mdsstop_ customer is not working , then you may have to kill all processes related to domain3. Then mdsstart_customer domain3.

thanks

Peter

0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-09 06:20 AM
In response to Peter_Lyndley

we don't have duplicate process regarding CPD , we had with jumbo 139 but not with Take 152

 

0 Kudos
Peter_Lyndley
Advisor
Advisor
‎2024-07-09 06:57 AM
In response to Supporto_Checkp

its not necessarily the cpd process that might be duplicate.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-09 06:21 AM
In response to Peter_Lyndley

Hey Peter,

Im wondering, say if that was really the case, would not reboot take care of it?

Andy

Best,
Andy
0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-09 06:24 AM
In response to the_rock

we did ,but after few hours the cpd was in N/A from mdsstat but with a valid pid from cwpd_admin list.
really strange. for the TAC the hcp update should be the key


0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-09 06:33 AM
In response to Supporto_Checkp

Let us know what they say.

Andy

Best,
Andy
0 Kudos
Peter_Lyndley
Advisor
Advisor
‎2024-07-09 06:58 AM
In response to the_rock

you would hope so, but it was mentioned that 'it worked for some hours', so i wasnt 100% sure

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-09 07:27 AM
In response to Peter_Lyndley

Its never easy to tell with standalone setup, thats why I was never big fan of it.

Andy

Best,
Andy
0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-09 08:19 AM
In response to the_rock

we don't have a standalone setup 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-09 08:32 AM
In response to Supporto_Checkp

Sorry, I replied thinking of the other post similar to this, that involved standalone, apologies.

Andy

Best,
Andy
0 Kudos
Olavi_Lentso
Contributor
‎2024-07-09 12:32 AM

We have the same issue and it started after installing jumbo take 150 + custom hotfix for sk182370.

0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-09 02:25 AM
In response to Olavi_Lentso

we had with Take 139 too,the update to take 152 was useless ,and even force the update of the HCP to version 73.
Finger crossed, at the moment we are all crawling in the dark

 

 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-07-09 04:04 AM
In response to Supporto_Checkp

Did you mention those sk's to TAC?

Andy

Best,
Andy
0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-09 04:06 AM
In response to the_rock

yep,we are waiting if the update of the HCP with a private packate will solve.finger crossed

the_rock
MVP Gold
MVP Gold
‎2024-07-09 04:08 AM
In response to Supporto_Checkp

Lets hope so...

Best,
Andy
0 Kudos
Supporto_Checkp
Collaborator
‎2024-07-09 08:20 AM
In response to the_rock

CPD on that domain is still up ,so ...maybe... let's wait until tomorrow to be sure

0 Kudos
CheckPointerXL
Advisor
Advisor
‎2024-08-01 01:25 AM

i fixed in this way:

 

ps -aux | grep DOMAIN | grep cpd
kill -9 PID
mdsstop_customer IP-DOMAIN
mdsstart_customer IP-DOMAIN

0 Kudos
Olavi_Lentso
Contributor
‎2024-08-01 03:37 AM
In response to CheckPointerXL

According to the TAC hcp updates since 03 July should fix this problem.

0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2024-10-02 09:02 AM
In response to Olavi_Lentso

this fixed the issue

0 Kudos
AleLovaz82
Collaborator
Collaborator
‎2024-10-02 09:07 AM
In response to CheckPointerXL

too easy to be the solition , anyway not workig for us

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events