Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Supporto_Checkp
Collaborator

MDS 81.10 Takt 152 - CPD process N/A only one one domain

Hi ,we have a strange issue with only one of our domain, this is a mdsstat

CPM: Check Point Security Management Server is running and ready

+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| Type | Name | IP address | FWM | FWMHA | FWD | CPD | CPCA |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| MDS | - | ipmds | up 56719 | up 56724 | up 56648 | up 14784 | up 57303 |
+------+--------------------+-----------------+-------------+-------------+-------------+-------------+-------------+
| CMA | domain1 | ip1 | up 47788 | up 48329 | up 46541 | up 41890 | up 53493 |
| CMA | domain2 | ip2 | up 45287 | up 46518 | up 44012 | up 41892 | up 53334 |
| CMA | domain3 | ip3 | up 46530 | up 47789 | up 45360 | up (N/A) | up 53335 |
| CMA | domain4 | ip4 | up 45288 | up 46532 | up 44013 | up 41887 | up 53331 |
| CMA | domain5 | ip5 | up 46540 | up 47849 | up 45358 | up 41891 | up 53333 |

"mdsstop_customer domain3" doesn't work, it remain stuck without stopping the domoain
the same command on other domains works.

We recently installed the jumbo take 152 because we had an issue regarding zombie processes and this issue too, the jumbo solved the zombie process spawning but not this one.

we tried to reboot the mds ,it works for some hours but then the CPD process is still in N/A.

$CPDIR/log/cpd.elg doesnt' show anything useful for us and for the TAC .
only strange messages are
t.so], Function offset [0x139a0].
[CPD 14784]@mds[8 Jul 8:29:40] Warning:cp_timed_blocker_handler: A handler [0xf56a71c0] blocked for 6 seconds.
[CPD 14784]@mds[8 Jul 8:29:40] Warning:cp_timed_blocker_handler: Handler info: Library [/opt/CPshrd-R81.10/lib/libosstatagent.so], Function offset [0x41c0].

any help will be appreciated 🙂

25 Replies
the_rock
Legend
Legend

Weird shows as up, but n/a. Did you run cpd debug as per below (mds part)?

Andy

https://support.checkpoint.com/results/sk/sk86320

Supporto_Checkp
Collaborator

hi ,i can't do for the specified domain because even mdsenv domain3 remain stuck and give no output at all.

other useful info, a cpwd_admin list show that the process is running,
CPD.domain3 181457 E 1 [15:51:04] 2/7/2024 N cma_with_wd domain3 '/opt/CPmds-R81.10/customers/domain3/CPshrd-R81.10/bin/cpd'

the_rock
Legend
Legend

Understood. I did find couple of older sk's, though its for R80.10 and R80.20, which are EOL. It says CP has hotfix for such an issue, so you may want to ask TAC if same applies to R81.10 as well.

Andy

Supporto_Checkp
Collaborator

can you give me the SK number ?

Peter_Lyndley
Advisor
Advisor

i've seen this before where you have a duplicate process running (for some reason).

The only way to find it is to run ps -ef |grep domain3

Then kill -9 xxxxx, where xxxxx is the process number you want to kill. if mdsstop_ customer is not working , then you may have to kill all processes related to domain3. Then mdsstart_customer domain3.

thanks

Peter

Supporto_Checkp
Collaborator

we don't have duplicate process regarding CPD , we had with jumbo 139 but not with Take 152

 

Peter_Lyndley
Advisor
Advisor

its not necessarily the cpd process that might be duplicate.

the_rock
Legend
Legend

Hey Peter,

Im wondering, say if that was really the case, would not reboot take care of it?

Andy

Supporto_Checkp
Collaborator

we did ,but after few hours the cpd was in N/A from mdsstat but with a valid pid from cwpd_admin list.
really strange. for the TAC the hcp update should be the key


the_rock
Legend
Legend

Let us know what they say.

Andy

Peter_Lyndley
Advisor
Advisor

you would hope so, but it was mentioned that 'it worked for some hours', so i wasnt 100% sure

the_rock
Legend
Legend

Its never easy to tell with standalone setup, thats why I was never big fan of it.

Andy

Supporto_Checkp
Collaborator

we don't have a standalone setup 

the_rock
Legend
Legend

Sorry, I replied thinking of the other post similar to this, that involved standalone, apologies.

Andy

Olavi_Lentso
Contributor

We have the same issue and it started after installing jumbo take 150 + custom hotfix for sk182370.

Supporto_Checkp
Collaborator

we had with Take 139 too,the update to take 152 was useless ,and even force the update of the HCP to version 73.
Finger crossed, at the moment we are all crawling in the dark

 

 

the_rock
Legend
Legend

Did you mention those sk's to TAC?

Andy

Supporto_Checkp
Collaborator

yep,we are waiting if the update of the HCP with a private packate will solve.finger crossed

the_rock
Legend
Legend

Lets hope so...

Supporto_Checkp
Collaborator

CPD on that domain is still up ,so ...maybe... let's wait until tomorrow to be sure

CheckPointerXL
Advisor
Advisor

i fixed in this way:

 

ps -aux | grep DOMAIN | grep cpd
kill -9 PID
mdsstop_customer IP-DOMAIN
mdsstart_customer IP-DOMAIN

Olavi_Lentso
Contributor

According to the TAC hcp updates since 03 July should fix this problem.

AleLovaz82
Collaborator
Collaborator

this fixed the issue

AleLovaz82
Collaborator
Collaborator

too easy to be the solition , anyway not workig for us

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events