This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ipolovokhin
Contributor
‎2023-11-02 02:39 AM
Jump to solution

Gaia r80.40 Scheduled backups error

Dear community,

Scheduled backup does not work on 2 security gateways.

The most interesting thing is that manual backup works without problems. Here are the logs from the devices:

 

Device 1:

Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: backup: backup_alloc_proc().
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: backup_set_proc: Started.
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: backup_set_proc: exit normally
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: backup_check_proc: backup_check_proc().
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: backup_check_proc: start backup action
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: Starting pubkey query
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: action [6] host [SCP_SERV_IP] prefs [ssh-rsa,ecdsa-sha2-nistp256] hash [sha256] port [22] timeout [5]
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: query hostkey type [ssh-rsa]
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: Host address SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: Connecting to host SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: query hostkey type [ecdsa-sha2-nistp256]
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: Host address SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: Connecting to host SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: knownhost_cdk: Failed getting banner
Oct 27 23:30:01 2023 Security_GW_1 xpand[23019]: backup: backup_disengage_proc().
Oct 27 23:30:02 2023 Security_GW_1 scheduled_backup: set_binding: Failed to set binding : error = ERR_HOST_BASED_AUTH: Security issue detected. Remote server identity is not known by Gaia. This usually means that this is the first time you connect to this server. The type and fingerprint of the host key sent by the server are 'ssh-rsa aW3MZw/Nzsdg2X0OMKwzjOMMGQXyJ6sMnBuCLfrRmeA'. If you trust this identity, add the server to known hosts using the command 'add ssh hba'. For more details, please refer to sk164234. ; val=(nil)
Oct 27 23:30:02 2023 Security_GW_1 scheduled_backup: /bin/scheduled_backup: rc=0

Of course HBA added as known host in config and i also try ssh connection from expert mode to SCP server, it was succeed without any notifications

 

Device 2:

Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: backup: backup_alloc_proc().
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: backup_set_proc: Started.
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: backup_set_proc: exit normally
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: backup_check_proc: backup_check_proc().
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: backup_check_proc: start backup action
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: Starting pubkey query
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: action [6] host [SCP_SERV_IP] prefs [ssh-rsa,ecdsa-sha2-nistp256] hash [sha256] port [22] timeout [5]
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: query hostkey type [ssh-rsa]
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: Host address SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: Connecting to host SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: query hostkey type [ecdsa-sha2-nistp256]
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: Host address SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: Connecting to host SCP_SERV_IP
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: knownhost_cdk: Failed getting banner
Oct 27 23:30:01 2023 Security_GW_2 xpand[23019]: backup: backup_disengage_proc().
Oct 27 23:30:01 2023 Security_GW_2 scheduled_backup: set_binding: Failed to set binding : error = Unable to validate remote server identity. Failed getting banner ; val=(nil)
Oct 27 23:30:02 2023 Security_GW_2 scheduled_backup: /bin/scheduled_backup: rc=0.

 

Of course HBA added as known host in config and i also try ssh connection from expert mode to SCP server, it was succeed without any notifications.

 

Thank you!

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-11-13 01:36 AM
In response to ipolovokhin
Jump to solution

If after verifying that a current JHF take is applied to these gateways and retesting, the issue persists please reach out to TAC to investigate further.

For the record R80.40 is approaching end of support per: Support Life Cycle Policy - Check Point Software

 

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-11-02 05:57 AM
Jump to solution

Could you also share the JHF (Jumbo) level of each system involved?

CCSM R77/R80/ELITE
0 Kudos
ipolovokhin
Contributor
‎2023-11-02 06:18 AM
In response to Chris_Atkinson
Jump to solution

If i understood you correctly...

Security_GW_1

This is Check Point CPinfo Build 914000202 for GAIA
[IDA]
No hotfixes..

[MGMT]
No hotfixes..

[CPFC]
No hotfixes..

[FW1]
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R80.40 - Build 685
kernel: R80.40 - Build 689

[SecurePlatform]
No hotfixes..

[PPACK]
No hotfixes..

[CPinfo]
No hotfixes..

[AutoUpdater]
No hotfixes..

[CVPN]
No hotfixes..

[CPUpdates]
BUNDLE_CPVIEWEXPORTER_AUTOUPDATE Take: 27
BUNDLE_CPOTELCOL_AUTOUPDATE Take: 70
BUNDLE_GENERAL_AUTOUPDATE Take: 17
BUNDLE_CPSDC_AUTOUPDATE Take: 29
BUNDLE_CORE_FILE_UPLOADER_AUTOUPDATE Take: 21
BUNDLE_R80_40_MAAS_TUNNEL_AUTOUPDATE Take: 49
BUNDLE_HCP_AUTOUPDATE Take: 62
BUNDLE_INFRA_AUTOUPDATE Take: 58
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 25
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 120

[CPDepInst]
No hotfixes..

[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE

[DIAG]
No hotfixes..

[core_uploader]
HOTFIX_CHARON_HF

[cpsdc_wrapper]
HOTFIX_CPSDC_AUTOUPDATE

[CPotelcol]
HOTFIX_OTLP_GA

[CPviewExporter]
HOTFIX_OTLP_GA

Security_GW_2

This is Check Point CPinfo Build 914000202 for GAIA
[IDA]
No hotfixes..

[MGMT]
No hotfixes..

[CPFC]
No hotfixes..

[FW1]
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R80.40 - Build 685
kernel: R80.40 - Build 689

[SecurePlatform]
No hotfixes..

[PPACK]
No hotfixes..

[CPinfo]
No hotfixes..

[AutoUpdater]
No hotfixes..

[DIAG]
No hotfixes..

[CVPN]
No hotfixes..

[CPDepInst]
No hotfixes..

[CPUpdates]
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 78
BUNDLE_INFRA_AUTOUPDATE Take: 36
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 18


0 Kudos
ipolovokhin
Contributor
‎2023-11-13 01:23 AM
In response to Chris_Atkinson
Jump to solution

Dear Chris, could you help me with this issue?

 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-11-13 01:36 AM
In response to ipolovokhin
Jump to solution

If after verifying that a current JHF take is applied to these gateways and retesting, the issue persists please reach out to TAC to investigate further.

For the record R80.40 is approaching end of support per: Support Life Cycle Policy - Check Point Software

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events