This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cdooer
Contributor
a week ago
Jump to solution

Upgrading secondary logging server to R82

Hey everyone. We upgraded our management server from R81.20 to R82 Take 44 several weeks back, and are now planning on doing our secondary logging server. The verify is failing with the attached error message. I'm reading that the primary management server can't have any jumbos installed, but it's got Take 44 which is why it's failing. The upgrade from R81 was done in one fell swoop (R82 with take 44), so how would one uninstall the take in order to get the secondary logging server upgraded?

 

 

Preview file
28 KB
0 Kudos
2 Solutions

Accepted Solutions
the_rock
MVP Diamond
MVP Diamond
a week ago
In response to cdooer
Jump to solution

Looks right to me. I wonder if its because logging server shows active...

Best,
Andy

View solution in original post

cdooer
Contributor
a week ago
In response to the_rock
Jump to solution

You might be onto something. Ran the following command on logging;

cpprod_util FwSetActiveManagement 0

Now shows standby, and the verify shows it's good for clean install or upgrade. I'll proceed with the upgrade and report back. 

View solution in original post

13 Replies
the_rock
MVP Diamond
MVP Diamond
a week ago
Jump to solution

Did you make sure based on below screnshow you sent that primary is indeed active and secondary is standby?

Screenshot_1.png

Best,
Andy
0 Kudos
cdooer
Contributor
a week ago
In response to the_rock
Jump to solution

It is indeed. This isn't even a secondary management server, it's only purpose is for logging. 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
a week ago
In response to cdooer
Jump to solution

Fair enough. What do you get with cpstat mg command?

[Expert@CP-MANAGEMENT:0]# cpstat mg

Product Name: Check Point Security Management Server
Major version: 6
Minor version: 0
Build number: 998000009
Is started: 1
Active status: active
ICA status: 0
Status: The Internal Certificate Authority (ICA) certificate is valid until Jan 19 03:14:07 2038 GMT

 

Connected clients
----------------------------------------------------
|Client type |Administrator|Host |Database lock|
----------------------------------------------------
|SmartConsole|admin |EVE-WIN11|false |
----------------------------------------------------


[Expert@CP-MANAGEMENT:0]#

Best,
Andy
0 Kudos
the_rock
MVP Diamond
MVP Diamond
a week ago
In response to the_rock
Jump to solution

This too?

cpprod_util FwIsPrimary

Best,
Andy
0 Kudos
cdooer
Contributor
a week ago
In response to the_rock
Jump to solution

From the logging server, or the management server?

0 Kudos
cdooer
Contributor
a week ago
In response to the_rock
Jump to solution

Logging
Product Name: Check Point Security Management Server
Major version: 6
Minor version: 0
Build number: 997000016
Is started: 0
Active status: active
ICA status: 0
Status: The Internal Certificate Authority (ICA) certificate is valid until Jan 19 03:14:07 2038 GMT

 

Connected clients
----------------------------------------------
|Client type|Administrator|Host|Database lock|
----------------------------------------------
----------------------------------------------

Management
Product Name: Check Point Security Management Server
Major version: 6
Minor version: 0
Build number: 998000008
Is started: 1
Active status: active
ICA status: 0
Status: The Internal Certificate Authority (ICA) certificate is valid until Jan 19 03:14:07 2038 GMT

 

Connected clients
------------------------------------------------------


Logging
cpprod_util FwIsPrimary
0

Management
cpprod_util FwIsPrimary
1

0 Kudos
the_rock
MVP Diamond
MVP Diamond
a week ago
In response to cdooer
Jump to solution

Looks right to me. I wonder if its because logging server shows active...

Best,
Andy
cdooer
Contributor
a week ago
In response to the_rock
Jump to solution

You might be onto something. Ran the following command on logging;

cpprod_util FwSetActiveManagement 0

Now shows standby, and the verify shows it's good for clean install or upgrade. I'll proceed with the upgrade and report back. 

the_rock
MVP Diamond
MVP Diamond
a week ago
In response to cdooer
Jump to solution

Excellent! Great job! Honestly, I just said that based on pure logic. There are lots smarter people than I on here 🙂

Best,
Andy
0 Kudos
CheckPointerXL
Advisor
Advisor
a week ago
Jump to solution

this is something that i warned just yesterday https://community.checkpoint.com/t5/Management/Upgrade-Experience-Log-Server-amp-Management-Server-f...

check point needs to update documentation urgently, a lot of admins are failing in this

the_rock
MVP Diamond
MVP Diamond
a week ago
In response to CheckPointerXL
Jump to solution

I do recall you mentioning it.

Best,
Andy
0 Kudos
cdooer
Contributor
Tuesday
In response to the_rock
Jump to solution

My upgrade completed successfully. I do appreciate the help. 

the_rock
MVP Diamond
MVP Diamond
Tuesday
In response to cdooer
Jump to solution

Excellent...very happy it worked. We always find a solution on community.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events