This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
andrey247
Participant
yesterday
Jump to solution

Error Remote Access Connection R77.30

Hello!

An error occurred while connecting to RA via the Checkpoint endpoint client("Error connecting to the site."). A gateway reboot was performed, but the problem recurred a day later. Renewing the certificate finally resolved the issue. The old certificate was still active. Please explain what this error might be related to and what steps are needed to prevent it.

I found the following messages in the vpnd.elf file

get_dpd_initiator_peers_hash: peer X.X.X.X. doesn't appear in dpd_initiator_peers hash
fwCert_FindCertreqList: Entering
Reactor::poll: received event for RID 2695
wCert_FindCertreqList: I have no certificate to use for IKE.
fwCert_FindCertreqList: no cert request has been prepared
MMCreate4: can't create cert request

0 Kudos
1 Solution

Accepted Solutions
TurgutKaplanogl
Contributor
Contributor
yesterday
Jump to solution

Hello,

Such issues may occur after certificate renewal operations. It appears that the initial problem you experienced was caused by the certificate having expired. This condition can be observed during policy installation or while checking logs.

Following this after the certificate renewal it is necessary to verify that the certificate has been properly updated after performing a policy install. For this verification for example if MOB VPN is being used, you should be able to see the new certificate via a web browser. If a VPN client is used, you can check the certificate of the configured site or as a simple test you may delete and recreate the site(for showing new certificate).

I am aware that similar situations have been encountered before. After such certificate changes, waiting for a period of time or performing actions such as service restarts can help shorten the fix. For instance, a similar issue was experienced and resolved even in the SK R81.20 version, which I will share below.

https://support.checkpoint.com/results/sk/sk183123

Additionally, I recommend upgrading to the recommended and supported version.

Thank you

TK

View solution in original post

8 Replies
Vincent_Bacher
Leader Leader
Leader
yesterday
Jump to solution

I hope you don’t take this the wrong way, but I wanted to point out that R77.30 has been end-of-life for over five years now. Because of this, I don’t think it makes much sense to discuss troubleshooting or solutions for such an outdated release, especially given the security and support implications.

I strongly recommend upgrading to a currently supported version as soon as possible. Once you’ve done that, I’d be more than happy to help with any issues or questions you might have!

Thanks for your understanding.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
andrey247
Participant
yesterday
In response to Vincent_Bacher
Jump to solution

I understand, but unfortunately there is no way to update to a newer version

0 Kudos
_Val_
Admin
Admin
yesterday
In response to andrey247
Jump to solution

That's just too bad. I would also like to stress what @Vincent_Bacher mentioned above: trying to fix an issue with a version out of support for years is absolutely futile.

Vincent_Bacher
Leader Leader
Leader
yesterday
In response to andrey247
Jump to solution

What's the reason that there is no way?
In Germany we say "Geht nicht, gibt's nicht" meaning there is no way to say there is no way, there is always a way.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
TurgutKaplanogl
Contributor
Contributor
yesterday
Jump to solution

Hello,

Such issues may occur after certificate renewal operations. It appears that the initial problem you experienced was caused by the certificate having expired. This condition can be observed during policy installation or while checking logs.

Following this after the certificate renewal it is necessary to verify that the certificate has been properly updated after performing a policy install. For this verification for example if MOB VPN is being used, you should be able to see the new certificate via a web browser. If a VPN client is used, you can check the certificate of the configured site or as a simple test you may delete and recreate the site(for showing new certificate).

I am aware that similar situations have been encountered before. After such certificate changes, waiting for a period of time or performing actions such as service restarts can help shorten the fix. For instance, a similar issue was experienced and resolved even in the SK R81.20 version, which I will share below.

https://support.checkpoint.com/results/sk/sk183123

Additionally, I recommend upgrading to the recommended and supported version.

Thank you

TK

the_rock
MVP Platinum
MVP Platinum
yesterday
Jump to solution

Put it this way...the fact it still works, you are very lucky, specially considering you are using totally unsupported version. Other than making sure cert is valid (as far as the date goes), not much else really to check.

Best,
Andy
PhoneBoy
Admin
Admin
yesterday
Jump to solution

If you cannot upgrade from R77.30 for whatever reason, please ensure you have at least this hotfix installed: https://support.checkpoint.com/results/sk/sk182336 

andrey247
Participant
3 hours ago
Jump to solution

Thanks everyone for your help! I have a similar issue to this sk https://support.checkpoint.com/results/sk/sk183123

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events