This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cgyoerfi
Explorer
‎2024-01-29 03:06 AM
Jump to solution

Restore admin password R77.30 GAIA

Dear All,

I need urgent help to restore my Checkpoint Management Server GAIA Admin user password an R77.30. I summarize all things what I know and how is build up the environment.

So we have two FW box in cluster and we have two Management server also in cluster. These Management servers are Multi-Domain systems and running two physical HPE Proliant DL380 G8 systems. Pretty old. For primary I have iLO access for secondary there is no connection to iLO because of EEPROM issue. 

In Domain Manager Console I see both mgmt server and defined domains. Secondary server is at the moment lost connect from Domain Mgmt Console, root cause certification expired and no SIC connection to the server. I couldn't rejoin system to Console (generate new CERT and OTP password) why? Because my ancestor forgot to document Mgmt server Web and SSH admin user and pass. I think build in user admin active but no information about the password. 

Here come my problem how can I set back an a HPE physical machine the admin user password. I found this article:

https://support.checkpoint.com/results/sk/sk91380

I tried it in a test environment VMware platform an virtual machines it works, but an physical machine (Secondary mgmt server) didn't.

Generated live Ubuntu and boot from USB stick start the method. I got following error message during point 5. mount /dev/mapper/vg_splat-lv_current /mnt/cp

Error opening cmdline file: /proc/7720/cmdline
cp_set_process_vs_affinity

We do not have CheckPoint support contract so I can not open case for vendor. 

Please help me and if possible give me hint how can I proceed this password restoration procedure.

I can not reinstall environment if I do not have database backup usw. 

Ps: I deleted IPs from my picture.

Preview file
96 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-02-07 04:58 PM
Jump to solution

R77.30 has been End of Support for some time.
However, it did have a useful tool called Emergendisk that would help with this sort of thing: https://support.checkpoint.com/results/sk/sk92663
If you have another system with R77.30 installed on it, you can generate the USB drive per the command.
You might require a software subscription to download it otherwise (R77.30, that is): https://support.checkpoint.com/results/sk/sk104859 

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2024-02-07 04:58 PM
Jump to solution

R77.30 has been End of Support for some time.
However, it did have a useful tool called Emergendisk that would help with this sort of thing: https://support.checkpoint.com/results/sk/sk92663
If you have another system with R77.30 installed on it, you can generate the USB drive per the command.
You might require a software subscription to download it otherwise (R77.30, that is): https://support.checkpoint.com/results/sk/sk104859 

cgyoerfi
Explorer
‎2024-02-07 10:50 PM
In response to PhoneBoy
Jump to solution

Hi,

Thank you very much,  I found this article as well. My problem with the first point:

Login into expert mode of Gaia computer

What kind of GAIA Computer I need, only a Notebook or should I install R77.30 an another ProLiant Server? Unfortunately I do not have workable GAIA Server, original problem that I couldn't login to MGMT server. So how can I generate a USB stick without login, or which GAIA computer I need?

Thank you in advance.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-08 02:20 PM
In response to cgyoerfi
Jump to solution

Gaia runs on Check Point appliances and specific Open Server appliances, such as the management server you're trying to recover.
You can see what hardware is supported on R77.30 here (Choose Archive and Unsupported Check Point OS Versions): https://www.checkpoint.com/support-services/hcl/
The other option is to install the ISO in VMware or similar (use RHEL 5 if asked for OS type).

0 Kudos
cgyoerfi
Explorer
‎2024-02-08 10:39 PM
In response to PhoneBoy
Jump to solution

Hi,

I mentioned above that I have already installed R77.30 an VMware Virtual Machine, where I tested restoration with live Ubuntu. Is it mean this applient (R77.30) good for me to generate USB recovery stick? 

My problem is hard to mount an USB stick to a VMware ESXi VM. And question this recovery USB after useable for physical machine as well? I mean there is no restriction (Boot loader, Physical HW driver, FW usw) ?

Or last option if I would have a Server for instance HP Proliant DL380 G8 where can I install R77.30, here I could generate a USB recovery key and start process. Fix me if I am wrong.

And if I install a fresh applient to a HP Proliant machine with base image of R77.30, should I install updates etc as well; or not necessary for recovery stick?

Thank you

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-09 05:30 PM
In response to cgyoerfi
Jump to solution

I don't believe Emergendisk is specific to a given appliance/VM regardless of where it is generated.

You should be able to do this from R77.30 in VMware or similar if you properly map the USB ports/device to the VM.
You can also use your HP Proliant hardware with R77.30 installed to do the same.
Not sure if Emergendisk was updated as part of the JHF process.
To cover your bases, apply the last JHF for R77.30 before generating the USB drive.

0 Kudos
the_rock
Legend
Legend
‎2024-02-07 06:05 PM
Jump to solution

Definitely emergendisk is your only option, pretty much. Other than that, you cant get support for R77.30, its had been unsupported for few years now.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events