This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jack_Prenderga1
Contributor
‎2018-02-27 07:39 AM

Policy verification failed

Hi,

I have policy install failures on all my gateways. 

Verification of policy from the security manager is failing.

Management and all gateways R80.10 with latest HFA. 

This has happened randomly. Nothing has changed recently.

Verification problems from install_policy.elg shows..

27/02/18 10:27:32,008 INFO com.checkpoint.management.dleserver.coresvc.intern al.LegacyPolicyLoader$PolicyLoadTask.doWork:175 [taskExecutor-27]: Completed to load legacy policy for product 'Threat'
27/02/18 10:27:45,203 ERROR com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.processExecutionErrors:105 [taskExecutor-29]: Execution for instance 3768cf4f-9242-4a5c-b491-951d0f1006fc had failed due to an execution exception
org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
at org.apache.commons.exec.DefaultExecutor.executeInt ernal(DefaultExecutor.java:377)
at org.apache.commons.exec.DefaultExecutor.access$200 (DefaultExecutor.java:46)
at org.apache.commons.exec.DefaultExecutor$1.run(Defa ultExecutor.java:188)
27/02/18 10:27:45,203 ERROR com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.processExecutionErrors:159 [taskExecutor-29]: All policy loading commands had failed due to execution exceptions
27/02/18 10:27:45,203 INFO com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.executeLoadCommands:184 [taskExecutor-29]: Loader executions completed
27/02/18 10:27:45,203 INFO com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.executeLoadCommands:204 [taskExecutor-29]: Command's full output:

There are no specifics SK articles for this, however I have tried moving mv $FWDIR/conf/last_dump.C $FWDIR/conf/last_dump.C.ORIG.

Any other suggestions?

6 Replies
Kaspars_Zibarts
Employee Employee
Employee
‎2018-02-27 09:14 PM

Sounds like SR candidate. Just from Java exceptions only I can think of is RAM. Either you are running out of it during policy push or it does not allocate enough max heap size in your default configuration (that would be based on max physically available). But that's a long shot I have to be honest..

Any other logs in messages maybe? Or cpd.elg

Jack_Prenderga1
Contributor
‎2018-02-28 03:28 AM
In response to Kaspars_Zibarts

Hi,

no other messages, and RAM is 32GB running very low!!

could be one for TAC

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-02-28 12:05 AM

My first suggestion is to check thru How To Troubleshoot Policy Installation Issues - a good starting point for finding the reason of the issue! At least, policy install does only fail any other time, not everytime...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Jack_Prenderga1
Contributor
‎2018-02-28 03:27 AM
In response to G_W_Albrecht

Hi,

I have been through this, and some similar SK articles and none of it is applicable.

the Java faults seems to be some corruption that might need TAC support.

it isn’t intermittent. It’s persistent and happening all the time now.

0 Kudos
Tom_Cripps
Advisor
‎2018-02-28 04:28 AM

Hi Jack,

We had something similar to this a few weeks ago, and our issue was our management server was looking for a file what wasn't there in our R80.10 suite but was looking for a file in a R77 suite. It'll be best to open up a case with your support provider as we had to install a policy using fwm -d load and we say right at the end it was looking for this file it couldn't find, until we created it again. 

See what they have to say, this helped a lot.

Tomer_Sole
Mentor
Mentor
‎2018-03-15 12:19 PM

Guys usually I'm very pro self-help but I strongly request that you open a TAC case for this. They will ask for more files, and push for a root cause fix for the benefit of the rest of our customers. 

Thanks

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top