This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rajesh_Tripath1
Participant
‎2018-05-04 04:30 AM

mgmt_cli login works but add host fails

mgmt_cli login works but add host fails any idea why?

[Expert@AGSXXXXX:0]# mgmt_cli login -c /opt/CPshrd-R80/bin/cpcert.p12 -p 1234
uid: "8c8c0d3b-8c0a-475e-914f-323b3b6c9d99"
sid: "_5dcgLCSa4YG_wYruWP51HEbhnqpVyxMOlL9idxYMtM"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at:
posix: 1525430286
iso-8601: "2018-05-04T11:38+0100"
read-only: false
standby: false
api-server-version: "1.1"
[Expert@AXXXXXX:0]# mgmt_cli add host name blacklist_test_47.31.77.184 ip-address 47.31.77.184 -c /opt/CPshrd-R80/bin/cpcert.p12 -p 1234
code: "generic_server_error"
message: "Management server failed to execute command"

Executed command failed. Changes are discarded.
[Expert@AXXXXXXX:0]#

6 Replies
Rajesh_Tripath1
Participant
‎2018-05-04 04:33 AM

[Expert@AXXXXXXXX:0]# mgmt_cli login -c /opt/CPshrd-R80/bin/cpcert.p12 -p 1234 > session.txt
[Expert@AXXXXXXXX:0]# mgmt_cli add host name blacklist_test_43.157.213.33 ip-address 43.157.213.33 -s session.txt
code: "generic_server_error"
message: "Management server failed to execute command"

0 Kudos
Robert_Decker
Advisor
‎2018-05-04 12:14 PM
In response to Rajesh_Tripath1

Hi,

Please go to log file named "api.elg" inside directory "$MDS_FWDIR/logs".

Open the file and search for "add-host" command at the end of the file.

Please copy and paste here all the info from the command execution start to the final reply returned, including all the exceptions you see in between. You may use xxx for any sensitive data.

Robert.

0 Kudos
Rajesh_Tripath1
Participant
‎2018-05-08 03:19 AM
In response to Robert_Decker

Hi Robert

Seems like Insufficient privilege. What privilege is required? the user has expert login enabled.

2018-05-08 10:46:16,744 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp1410813280-231] - Cache created and initialized
2018-05-08 10:46:16,896 INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:50 [qtp1410813280-231] - Executing [add-host] of version 1.1 (references 1)
2018-05-08 10:46:26,978 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:195 [qtp1410813280-231] - Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_INSUFFICIENT_PERMISSIONS] errorFamily [Tried to create an object in an unauthorized folder 18900ec1-b7a5-4da0-90c4-2f76005a524a from profile 08ee8f09-4685-4cae-9214-5a46b00e695e and object=com.checkpoint.objects.classes.dummy.CpmiHostPlain CheckPointObject{metaInfo=com.checkpoint.management.dlecommon.ngm_api.MetaInfoForTopLevel@18fa9009, featuresPreset=92045845-6141-3b98-af2c-6416d0c9652d, features=[5a28475d-d1f2-4ff4-a923-4c08600fe852, 252e2290-1194-11e4-9191-0800200c9a66, c1c7901a-9835-48cb-b434-31e8813b439d, 7f44117b-fa39-4ed0-be73-6c7e4c22d043, 2e2d0cc8-ff1f-4ce0-8775-2f59256e4ff3, 33bbebcb-0472-410f-a43e-62f58e5af907, f0c156b0-c1a3-11e4-8830-0800200c9a66, c8999ba9-a44c-4d58-9c75-4917d0b0f76a, 5310cad7-e586-415a-be8a-830c96480adb, 977b9459-b56d-4f17-ade1-25423fe76352], tags=[], systemTags=[1316ee9c-4f9c-49ca-85c0-37fbfa2f55ea, 25ccb751-c81a-4b11-9e51-1d0a85fe2ba6, ea7f217a-3224-4bfc-9a21-8ab70e4478c3], actions=[], dynamicFeatures=null} {name='blacklisttest_1.1.1.1', objId='6c64e38d-1faf-4117-a770-7a4f8fd25f9f', domain='41e821a0-3720-11e3-aa6e-0800200c9fde'}] message [An internal error has occurred.]
2018-05-08 10:46:27,089 WARN com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:52 [qtp1410813280-231] - Unhandled GeneralRemoteFault error code [CP_ERR_INSUFFICIENT_PERMISSIONS]
2018-05-08 10:46:27,137 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:219 [qtp1410813280-231] -
com.checkpoint.web_services.faults.GeneralRemoteFault: An internal error has occurred.
at sun.reflect.GeneratedConstructorAccessor245.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
at org.apache.cxf.interceptor.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:182)
at org.apache.cxf.interceptor.ClientFaultConverter.handleMessage(ClientFaultConverter.java:82)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:802)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1642)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1533)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1336)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
at com.sun.proxy.$Proxy232.updateObjectWithReturnControlErrorLevel(Unknown Source)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager.updateObjectWithReturn_aroundBody30(RemoteObjectCrudManager.java:28)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager$AjcClosure31.run(RemoteObjectCrudManager.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.checkpoint.management.web_api_is.aspects.logging.WebApiMethodLoggerAspect.aroundMethodLoggerTest(WebApiMethodLoggerAspect.java:30)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager.updateObjectWithReturn(RemoteObjectCrudManager.java:135)
at com.checkpoint.management.web_api_is.core.handler.base.ApiObjectRequestHandler.doUpdateObjectForAdd(ApiObjectRequestHandler.java:13)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler.add_aroundBody0(ApiCrudRequestHandler.java:96)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler$AjcClosure1.run(ApiCrudRequestHandler.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.checkpoint.management.web_api_is.aspects.logging.WebApiMethodLoggerAspect.aroundMethodLoggerTest(WebApiMethodLoggerAspect.java:30)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler.add(ApiCrudRequestHandler.java:107)
at com.checkpoint.management.web_api.core.handler.objects.network_objects.host.HostRequestHandler.add(HostRequestHandler.java:11)
at sun.reflect.GeneratedMethodAccessor119.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at com.checkpoint.management.web_api_is.utils.WebApiReflectionUtils.invoke(WebApiReflectionUtils.java:12)
at com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint(WebApiEntryPoint.java:46)
at sun.reflect.GeneratedMethodAccessor103.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at com.checkpoint.management.web_api.core.filter.LogCustomDebugFieldFilter.doFilter(LogCustomDebugFieldFilter.java:3)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.IPAccessHandler.handle(IPAccessHandler.java:203)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:785)
2018-05-08 10:46:29,113 INFO com.checkpoint.management.web_api_is.utils.CsvFileWriterUtils.writeCsvLine:1 [qtp1410813280-231] - 2018-05-08,10:46:29 +0100,add-host,FAILED,12368
2018-05-08 10:46:29,623 INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp1410813280-231] - Outbound Message
---------------------------
ID: 112
Response-Code: 400
Content-Type: text/plain
Headers: {Content-Type=[text/plain], Date=[Tue, 08 May 2018 09:46:29 GMT]}
Payload: code: "generic_server_error"
message: "Management server failed to execute command"

0 Kudos
Robert_Decker
Advisor
‎2018-05-08 03:32 AM
In response to Rajesh_Tripath1

if you need to perform CRUD operations, you need to assign appropriate permissions profile for that user in SmartConsole.

0 Kudos
Rajesh_Tripath1
Participant
‎2018-05-08 07:16 AM
In response to Robert_Decker

Thanks we change some of the privileges from read to read-write and it has worked. Thanks to all of you and Robert for your response. Highly Appreciated!

Kim_Moberg
Advisor
‎2018-05-04 09:02 AM

Hi Rajesh

Please remove our ‘:’ and also “” between the uid.

I Think that would work.

BR

Kim

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events