Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Netadmin2020
Collaborator
Jump to solution

Error on updating - Internal error in a hook script: bin/hook_cvpn_HOTFIX_R80_40_JUMBO_

Good morning, I am facing the below error on updating security gateway from Take 91 to Take 154.

Checkpoint 15600 Series.

Internal error. Internal error in a hook script: bin/hook_cvpn_HOTFIX_R80_40_JUMBO_HF_MAIN. (Return Code: 1). Contact Check Point Technical Services for further assistance. Error: uninstalling of SmartLog R80.40 R80_40_JUMBO_HF_MAIN failed - the machine might be in a unstable state. Contact Check Point Technical Services for further assistance.

Any ideas?

 

 

0 Kudos
1 Solution

Accepted Solutions
Alex-
Leader Leader
Leader

At this point but not knowing your environment constraints, I'd reimage the machine from scratch since you have a working member in your cluster. It might be better than trying to fix a potentially unstable machine.

Or better yet, upgrade the whole infrastructure to R81.10.

View solution in original post

0 Kudos
21 Replies
G_W_Albrecht
Legend Legend
Legend

Yes - Contact Check Point Technical Services for further assistance.

You can try to uninstall all installed Jumbo takes and then try again to install 154 first.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Naama_Specktor
Employee
Employee

Hi 🙂

Please share with us the SR for our follow up. Share the full contents of the '/opt/CPInstLog/' directory in the SR

 

thanks!

Naama

0 Kudos
Netadmin2020
Collaborator

CPAP-SG15600-NGTX, Version 80.40 Take 91 need to upgrade to take 154. As I referred above, the update was successfully on the second node.

 

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Wrong folder in image: /opt/CPInstLog/ has been asked for...

I did suggest to uninstall all Jumbo takes and try only to install the newest !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Naama_Specktor
Employee
Employee

Thanks for your response 🙂

Did you open a TAC SR to check pint support?

if you did , I will appreciate it if you will share the SR number with me, you can also send me a PM.

 

in the SR, it's important that you also include the content of  '/opt/CPInstLog/' directory .

 

thank you!

 

Naama

0 Kudos
Netadmin2020
Collaborator

I have send a request to our partner to do this for us, today I am waiting for the service request from our partner. 

0 Kudos
Naama_Specktor
Employee
Employee

thank you ! 

I will appreciate your update once you will have the SR #.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Just a besides question: Why is SmartLog installed on the GW at all ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Netadmin2020
Collaborator

Hello, on my second node the update completed successfully, I tried to uninstall the last take (91) and then to reinstall it with no results...

0 Kudos
Netadmin2020
Collaborator

I am sorry, check please

0 Kudos
G_W_Albrecht
Legend Legend
Legend
 
 has asked you to share the SR# and upload all files and folders from '/opt/CPInstLog/' directory to the SR# or SFTP. A screenshot is not very helpfull here i fear 😎.
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Netadmin2020
Collaborator

SR#6-0003193164

0 Kudos
Naama_Specktor
Employee
Employee

Thanks!

 

0 Kudos
Naama_Specktor
Employee
Employee

thanks!

0 Kudos
Alex-
Leader Leader
Leader

At this point but not knowing your environment constraints, I'd reimage the machine from scratch since you have a working member in your cluster. It might be better than trying to fix a potentially unstable machine.

Or better yet, upgrade the whole infrastructure to R81.10.

0 Kudos
cosmos
Advisor

Hi, what was the resolution for this? I have similar error installing HFA161 on an MDS. Now fwm will not start due to ERROR checkpoint.java_sic.SicUtils [main]: Failed to create SIC local SSLContext
com.checkpoint.java_sic.SicException: Failed to create SIC KeyStore.

Awesome.

 

Info: Initiating install of Check_Point_R80_40_JUMBO_HF_Bundle_T161_sk165456_FULL.tgz...
Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
Result: Install of package Check_Point_R80_40_JUMBO_HF_Bundle_T161_sk165456_FULL.tgz Failed
Internal error. Internal error in a hook script: bin/hook_mds_HOTFIX_R80_40_JUMBO_HF_MAIN. (Return Code: 1). Contact Check Point Technical Services for further assistance. Error: uninstalling of Performance Pack R80.40 R80_40_JUMBO_HF_MAIN failed - the machine might be in an unstable state. Contact Check Point Technical Services for further assistance.

Dorit_Dor
Employee
Employee

The previous report is on different hook hook_cvpn vs this being hook_mds

The hook represent a series of actions taken upon upgrade of sub-pkg/modules and the two cases are expected to be unrelated. I advise to open a TAC case (you can also tell TAC that you would like to share the outcome at the end of resolution) 

 

0 Kudos
cosmos
Advisor

Thanks Dorit

I appreciate the root cause of the installation failure may be distinct, however the result remains the same:

Internal error. Internal error in a hook script: X. (Return Code: 1). Contact Check Point Technical Services for further assistance. Error: uninstalling of Y failed - the machine might be in an unstable state. Contact Check Point Technical Services for further assistance.

In both cases, after installation failed, an uninstall was attempted. The uninstallation also failed, and left the system in an "unstable state". In our case key material became corrupt requiring a restore (mds_restore), in other cases it may require a backup or snapshot restore, which is not ideal when a) a hotfix is intended to fix issues rather than introduce them and b) if installation does fail, it shouldn't leave the system in an unrecoverable state especially when customers may not have recent or working backups.

Taking (or testing) backups and snapshots are best practice, but let's face it, not everyone does. I do as a habit, but like to reserve them for DR (both real and drill).

Root cause of hook script RC is still unknown but may have been related to missing/corrupt registry data for a failed CMA - we've recovered the CMA with TAC and will re-attempt the hotfix again tonight.

 

Max_Frankl
Employee
Employee

Hi, cosmos!

 

Did you re-attempt the hotfix? Was it successful?

0 Kudos
cosmos
Advisor

Hey Max

After we recovered the missing registry file for the broken CMA, the hotfix installed successfully.

Cheers

Max_Frankl
Employee
Employee

Hey, that's great news

 

Can you please collect the logs from /opt/CPInstLog/ and upload them to the SR that would be great!

Also can you please give me the SR number?

 

Cheers

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events