This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Herselman
Advisor
‎2021-06-04 06:42 AM
Jump to solution

R81 - How to cleanup old server objects in SmartEvent?

We recently upgraded MDM to R81 which has a dedicated Smart Events server attached to the Global domain. We experienced problems with the Advanced Upgrade (migrate_server) tool on the secondary MDM management server and MDM log server and decided to simply redeploy these as part of the upgrade process.

 

ie: We deleted each domain's standby management server and log server and then re-created them.

 

Running log doctor also complains about duplicate servers being defined, herewith the view when editing the Correlation Unit in SmartEvent:

SmartEvent_old_server_objects.png

 

We're running R81 JHA take 23 on primary and standby MDM management servers, MDM log server and dedicated SmartEvent server.

 

Domain view:

mdm_domain_view.png

 

PS: SmartEvent server status shows all objects being in sync:
SmartEvent_sync_status.png

 

Regards

David Herselman

0 Kudos
1 Solution

Accepted Solutions
Yaakov_Ohayon
Employee
Employee
‎2021-06-05 11:55 PM
Jump to solution

Hi,

I'm Kobi Ohayon from R&D, responsible for SmartEvent.

It is hard to know exactly what led to this situation, since there is missing information.
What do you mean by re-deploy, fresh install? what was on the partitions while installing?

What went wrong with the upgrade itself that you decided to re-deploy the server?


If the only problematic issue is the duplicate of objects, you just need to resync DBSync using the clean_dbsync_tables.sh script (sk116335)

Pay attention that this script causes cpstop/cpstart.

Thanks.

View solution in original post

4 Replies
Yaakov_Ohayon
Employee
Employee
‎2021-06-05 11:55 PM
Jump to solution

Hi,

I'm Kobi Ohayon from R&D, responsible for SmartEvent.

It is hard to know exactly what led to this situation, since there is missing information.
What do you mean by re-deploy, fresh install? what was on the partitions while installing?

What went wrong with the upgrade itself that you decided to re-deploy the server?


If the only problematic issue is the duplicate of objects, you just need to resync DBSync using the clean_dbsync_tables.sh script (sk116335)

Pay attention that this script causes cpstop/cpstart.

Thanks.

David_Herselman
Advisor
‎2021-06-06 06:26 AM
In response to Yaakov_Ohayon
Jump to solution

Hi Kobi,

 

That certainly did. Many thanks for the tip, running the script provided in sk116335 allowed us to reconfigure SmartEvents and removed all duplicates.

 

To answer your earlier questions though:

We ran migrate_server to generate the advanced upgrade TGZ archive on all systems successfully (MDS primary, MDS standby, MDS log and Smart Event server). Stopped those VMs and installed R81 on new VMs with the same network settings, then ran the first time wizard as the appropriate role (MDS primary, MDS standby, MDS log and finally dedicated Smart Event server for the global domain). We then created a snapshot before installing licenses and running '$MDS_FWDIR/scripts/migrate_server verify -v R81', validating  'cpprod_util CPPROD_GetValue CPupgrade-tools-R81 BuildNumber 1' returned the then current '995000486'. We would then try to run migrate_server to restore the TGZ which worked for the MDS primary and Smart Event servers but failed thrice for the MDS standby and MDS log servers.
We subsequently reverted to snapshot, connected to MDS primary and removed each domain's standby management server instance and log instance, after which we removed the MDS servers. Then established SIC with the new MDS standby and MDS log server and re-created all domain server instances, connecting to each domain to update logging on the security gateways and installing policy on each one.

The problem was logged as 6-0002724907, should someone at Check Point wish to reproduce the problem in a lab to aid others pursuing an R81 upgrade in future.

 

Regards

David Herselman

0 Kudos
Ido_Shoshana
Employee
Employee
‎2021-06-06 03:53 AM
Jump to solution

Hi David,

Please let us know if the suggested solution by Kobi helped you.

 

Thanks,

Ido

0 Kudos
David_Herselman
Advisor
‎2021-06-07 10:21 PM
In response to Ido_Shoshana
Jump to solution

Hi,

Yes, the clean_dbsync_tables.sh script provided in sk116335 removed the duplicate server objects.

Again, many thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events