Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kaushik28
Explorer

connection aborted error sometimes.

Check Point's Linux SNX  (for rhel7 )

build 800010003

 when I used -g option the log has following erors for failed login attempt:  

CP_gethostbyname Failed to resolve hostname ‘fqdn’

rand_add_seedfile Failed to read seed from registry Operation not permitted

fwrand_write_seed Failed to read seed from registry Operation not permitted

fwrand_write_seed Failed to write seed Operation not permitted snx_browser Failure entering with code: 3

 

Only few users are getting this error.  otherwise for most other users it establishes fine on the same host.

 

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

When you say "on the same host" what precisely do you mean?
User A on host X is successful, but user B on host X is not?
Are they doing it at the same time or different times?
If you create a brand new user on the same host, does it work?
Please clarify the situation and include the version/JHF level of the gateway you are connecting to.

0 Kudos
kaushik28
Explorer

User A on host X is successful, but user B on host X is not?  correct
Are they doing it at the same time or different times?  different  (snx won't start again if session already exists)
If you create a brand new user on the same host, does it work?  (it works for all other new or old users)
Please clarify the situation and include the version/JHF level of the gateway you are connecting to. (its snx build 800010003 foe linux - not sure how to find out JHF level)

0 Kudos
kaushik28
Explorer

Basically these are the two scenarios:

scenario A (BAD)

i am logged in to hostX as Jim, starting snx as userA

jim@hostX >>  /usr/bin/snx -s server.fqdn -u userA -g

Check Point's Linux SNX

build 800010003

Please enter your password:

<<There is NO prompt for Root Cert y or n>>

connection aborted.

scenario B (GOOD)

i am logged in to hostX as nancy, starting snx as userA

nancy@hostX >>  /usr/bin/snx -s server.fqdn -u userA -g

Check Point's Linux SNX

build 800010003

Please enter your password:

Prompted to accept the Root Cert GUE DGP KOP PNE : y or n 

y

SNX - connected.

 

0 Kudos
_Val_
Admin
Admin

Seems like those users do not have full admin rights.

0 Kudos
kaushik28
Explorer

it worked for months before it stopped working.  on the same host other profile can start snx with no issue.  

another key is that the user  who can't start snx anymore , is not being prompted for the < accept root cert > 

0 Kudos
PhoneBoy
Admin
Admin

That all points to a preference stored in the user's home directory.
I don't recall what SNX uses offhand, but I'd recommend reviewing the contents of the user's home directory for a dot directory.
My bet is if you remove the relevant dot directory (maybe .snx), it should start working again.

0 Kudos
kaushik28
Explorer

couldn't locate anything thing specific to snx in home.  only thing i see is the cert saved for each local user in /etc/snx/user.db 

i have tried removing/renaming that but not luck.  It causes no change in the user's behaviour for snx.

0 Kudos
PhoneBoy
Admin
Admin

Your best bet here is to open a TAC case.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events