Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LeeBingKang
Advisor

policy installation failed with error 0-2000080 on R80.40 Full HA environment

Hi Guys,

 

This is my first time on using this forum and I hope that I'm using it correctly.

 

Recently, my client faced a problem whereby get an error code 0-2000080  after a policy installation failure. The current setup of the FULL HA is R80.40 with jumbo hotfix take 139.

 

policy installation error2.PNG

 

I had searched the SK on the checkpoint website and found out no SK which is focus on this error code and there is a sk173103 which has the keyword, but the solution is rebooting the firewall which is not really acceptable.

 

Hence, I would like to seek for all of your advice on this issue.

 

Thank you.

0 Kudos
14 Replies
_Val_
Admin
Admin

Please open a TAC case for this issue.

Chris_Atkinson
Employee Employee
Employee

Further to Val's advise what appliances are those and what is their memory population?

CCSM R77/R80/ELITE
0 Kudos
LeeBingKang
Advisor

Hi Chris. If i get your point correctly regarding your question, the FULL HA firewalls are CheckPoint 6200P appliance and it has 16GB RAM.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Add more memory or seperate out the management functions for longevity.

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
Legend Legend
Legend

A reboot should be possible at least during maintenance window - dont forget that reboot is good !

But as the sk173103 is for VSX you do not use, have a look into sk175205 and sk170300.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
LeeBingKang
Advisor

hi G_W_Albrecht, thank you for your advice.

I installed the latest general available Jumbo Hotfix and this installation involved reboot. After the reboot, there is no policy installation error on that day, but it comes back again after 3 days. Hence, i believe the reboot only able to temporary resolve the issue. Currently, already open a case with TAC for assist.

the_rock
Legend
Legend

Try below if you can:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Also, there is option under settings in smart console for debug option

Andy

0 Kudos
(1)
G_W_Albrecht
Legend Legend
Legend

Looks like the good old memory leak - i would suggest to install JT 150 for sk170673 "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000108)." 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
LeeBingKang
Advisor

Dear all,

 

After having a long run with TAC on this issue, TAC finally found out the bug and they managed to solve the bug in their testing environment.

 

Meanwhile, you may refer to these code in the R80.40 Jumbo Hotfix list:

1. PRJ-43501, and PRHF-26979 : for resolved policy installation error 0-2000184

2. PRJ-43495 : for resolving policy installation error 0-2000080

 

FYI, I still haven't get to see those codes in the R80.40's Jumbo Hotfix list from last year December until now.

 

Hence, lets update each other in this page if you aware those code listed in the 80.40 Jumbo Hotfix one day.

 

Thank you.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Thank you for this update, one year after posting about the issue ! Sadly, R80.40 will be out of support next January, so i have removed the version from my Lab. I would suggest to upgrade to R81.10 or .20 asap !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
LeeBingKang
Advisor

Dear G_W_Albrecht,

 

You are correct whereby the R80.40 will be out of support at next year January. However, the upgrade decision was on our customers' hand.

 

Hence, its no easy to go upgrade to R81.XX.

0 Kudos
the_rock
Legend
Legend

I second what @G_W_Albrecht said. I always found that with similar errors, every time customer rebooted the firewalls, it solved the issue.

Andy

0 Kudos
Patrick_Jung
Participant

Hello. LeeBingKang.

 

There is one place where the same error code occurs among our team's customers. I opened the case and uploaded all the debugging contents, but the answer that came back was to install the latest hotfix and upload the cpm doctor and cpinfo information again if a problem occurs and open the case again. The answer is always the same.

Mgmt is R80.40 T180 and smart-1 405 H.A. GW is 5900 with 8Gb memory, R80.40 T120. TAC always asks to install the latest hotfix, but the customer wants the root cause such as the resolved issue list in the latest hotfix. We don't want to install hotfixes without knowing what they will do.

There are some customers who trust ccsp, but there are many customer representatives who don't. It can be an embarrassing situation.

At first, I thought it was a code caused by GW running out of memory, but looking at your 16Gb memory, it doesn't seem like that either. This is because our customer's 5900 generates swap memory of at least 1Gb and at most 3Gb.

 

Thank you.

 

0 Kudos
Patrick_Jung
Participant

Hello. 

(My old checkmate account was not accessible, so I created a checkmate account again.Jung_Patrick)

I also had the same symptoms.
It happened about,, two months ago?
At first I was getting error code 0-2000108.(sk170673)
I told the customer that they need to install a hotfix.

And the root cause was because of sk170673.

And while discussing the installation date without installing the hotfix, 3 new error codes popped up.

Error code  0-2000080

Error Code 0-2000184

Error Code 0-2000107 


I opened the case and uploaded all the debugging contents, but the answer that came back was to install the latest hotfix and upload
the cpm doctor and cpinfo information again if a problem occurs and open the case again.

The answer is always the same.

Cutomer's mgmt is R80.40, T180 and smart-1 405 H.A.

GW is 5900 with 8Gb memory, R80.40 T120. (5ea)

It occurs randomly among the two firewalls, the server farm firewall and the Internet firewall.
For example, server farm FW 2 times, internet FW 1 times, install fail messages occur in this way. along with the error code.


TAC always asks to install the latest hotfix, but the customer wants the root cause such as the resolved issue list in the latest hotfix.

We don't want to install hotfixes without knowing what they will do. There are some customers who trust ccsp,
but there are many customer representatives who don't. It can be an embarrassing situation.

At first, I thought it was a code caused by GW running out of memory, but looking at your 16Gb memory, it doesn't seem like that either.
This is because our customer's 5900 generates swap memory of at least 1Gb and at most 3Gb.

As a result, I haven't been able to install the R80.40 T192 Latest hotfix yet.
The customer has also agreed to install it, but no date has been set yet.

thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events