This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Huzzaa
Explorer
‎2019-10-25 08:28 AM

SmartConsole unable to connect after Security Management server upgrade from R77.30 to R80.30.

Hello,

I wanted to ask some help. We're trying to upgrade our enterprise firewalls from R77.30 to R80.30. Starting with the management server.

The upgrade process goes without error(except some that were rectified when the pre-upgrade verifier brought them up). We get to the point when the Management Server goes up and cpstart and everything is good. This is after the database import from the old version.

And the client(SmartConsole) can not connect to the Management server.

The client complains: 

Unable to connect to server.
Please make sure that the server is up and running.

(The host is in the allowed client list and the ports are opened, the log reflects access attempts)

cpm.elg:

25/10/19 18:16:09,328 ERROR dleserver.internal.DefaultExceptionMapper [qtp-1038525279-89]: Internal runtime error
CpmGeneralException{base='com.checkpoint.management.is.exceptions.CpmGeneralException: Unable to connect to server.
Please make sure that the server is up and running.', errorCode='CP_ERR_COULD_NOT_CONNECT_FWM', errorFamily='null', messageForUser='Unable to connect to server.
Please make sure that the server is up and running.', message='Unable to connect to server.
Please make sure that the server is up and running.'}
at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl.createFwmConnectionException(LoginSvcImpl.java:2268)
at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl.authenticateUserByFwm(LoginSvcImpl.java:796)
at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl.authenticateUser(LoginSvcImpl.java:2586)
at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl.authenticate(LoginSvcImpl.java:1340)
at com.checkpoint.management.dleserver.coresvc.internal.LoginSvcImpl.login(LoginSvcImpl.java:1808)
at com.checkpoint.management.web_services.dleserver.internal.LoginSvcRemoteImpl.loginNew(LoginSvcRemoteImpl.java:133)
at sun.reflect.GeneratedMethodAccessor1178.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
at org.apache.cxf.jaxws.JAXWSMethodInvoker.performInvocation(JAXWSMethodInvoker.java:66)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:232)
at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:85)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInvokerInterceptor.java:126)
at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:131)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:234)
at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1129)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1065)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:812)

 

[Expert@fwmanager:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 27203 E 1 [18:00:30] 25/10/2019 N cpviewd
CPVIEWS 27206 E 1 [18:00:30] 25/10/2019 N cpview_services
CPD 27232 E 1 [18:00:30] 25/10/2019 Y cpd
FWD 27297 E 1 [18:00:31] 25/10/2019 N fwd -n
FWM 27301 E 1 [18:00:31] 25/10/2019 N fwm
STPR 27334 E 1 [18:00:31] 25/10/2019 N status_proxy
CPM 27706 E 1 [18:00:32] 25/10/2019 N /opt/CPsuite-R80.30/fw1/scripts/cpm.sh -s
SOLR 28283 E 1 [18:00:33] 25/10/2019 N java_solr /opt/CPrt-R80.30/conf/jetty.xml
RFL 28460 E 1 [18:00:33] 25/10/2019 N LogCore
SMARTVIEW 28534 E 1 [18:00:33] 25/10/2019 N SmartView
INDEXER 28565 E 1 [18:00:33] 25/10/2019 N /opt/CPrt-R80.30/log_indexer/log_indexer
SMARTLOG_SERVER 28596 E 1 [18:00:33] 25/10/2019 N /opt/CPSmartLog-R80.30/smartlog_server
DASERVICE 28773 E 1 [18:00:34] 25/10/2019 N DAService_script
LPD 29655 E 1 [18:01:39] 25/10/2019 N lpd
CPSM 30354 E 1 [18:02:50] 25/10/2019 N cpstat_monitor

[Expert@fwmanager:0]# $FWDIR/scripts/cpm_status.sh
Check Point Security Management Server is running and ready

I'm running out of ideas right now on what to try to rectify this.

 

The replacement R80.30 server runs in a seperate VLAN with 0 network access other than inside its own VLAN. Meaning the GW is N/A.

DNS is enabled however, through my own workstation, which is sitting in the VLAN with 1 interface.


The licenses are all present successfully after the import, so I've assumed thus far that I've no need to do anything with them. The servers IP is also unchanged.

 

Any help would be appreciated. 

Apologies ahead of time is this is posted in the wrong section of the forum or if this is not the place for complaints.

 

Thanks for reading.

 

 

 

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2019-10-30 06:54 AM

Please verify you have connectivity between your SmartConsole machine and management in TCP ports 443, 18190, and 19009.
A simple telnet to the management server should suffice for this, or a tcpdump.
Huzzaa
Explorer
‎2019-10-30 07:05 AM
In response to PhoneBoy

Good evening,

Apologies, the issue was rather simple.

The login error was generated because the imported DB set up the accounts properly and thus they were supposed to be able to access the Active Directory server but since the new replacement management DB was setup in a seperate VLAN with no gateway access on its subnet, it simply was not able.

And the issue was resolved by simply logging in with our managements local account(recovery account).

Thanks for the response.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events