This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sajenthiran_Mic
Contributor
‎2022-06-20 03:54 AM
Jump to solution

LOM Session Expired - LOM Firmware 6.10.0

During Checkpointb restoration from R81 to R80.40. The LOM session has expired. At the same time the restoration process did not  complete. Now getting back into the LOM (LOG IN ) is denied with the message "LOM session has expired." Message.

 

 

Fixed:

ipmitool mc reset cold

service ipmi stop; service ipmi start

OR

a complete system reboot

 

Labels
(1)
1 Solution

Accepted Solutions
George_Ellis
Advisor
‎2022-06-23 04:36 AM
In response to Christian_Opitz
Jump to solution

You could do a 'ipmitool mc reset cold' for an alleged cold boot of the device if you have not done so.  That would get you half way to a full deenergize.

View solution in original post

0 Kudos
15 Replies
Vladimir
Champion
Champion
‎2022-06-20 08:45 AM
Jump to solution

Try using browser's Incognito mode. Perhaps it's a cached session issue.

0 Kudos
Dolev
Employee
Employee
‎2022-06-20 10:19 PM
Jump to solution

Do you have open SR with Check Point Support? If you do, please mention it here, if not then open one and update here.

I'll follow up with TAC on that.

0 Kudos
skandshus
Advisor
Advisor
‎2022-06-21 11:05 AM
Jump to solution

Seeing the same thing here 😞 havent found a fix

0 Kudos
George_Ellis
Advisor
‎2022-06-21 12:02 PM
Jump to solution

Do you have GAIA access at all either by console or SSH session?  If so, you should be able to reboot the LOM.

service ipmi start

#reboot
ipmitool mc reset warm

OR

ipmitool mc reset cold

service ipmi stop

0 Kudos
Christian_Opitz
Contributor
Contributor
‎2022-06-22 04:33 AM
In response to George_Ellis
Jump to solution

We noticed the same error on three different HTML5 LOMs this week. 2x6000 and one 7000 Appliance. There were no system changes. Maybe a global issue on HTML5 LOMs?

A ipmi restart with warm reset did not help. Also a change of the LOM IP address via clish did not change the behavior.

George_Ellis
Advisor
‎2022-06-22 04:39 AM
In response to Christian_Opitz
Jump to solution

Have you tried different browsers?  In ancient times, I had to use Chrome and Mozilla at times to work around an issue.  Or Firefox or MS browsers were the fix.  Maybe you got a GPO push from the desktop team that included some security measure that is precluding it (and the alternate browser may not have that setting.)

Edit - PS, little known browser feature.  Ctrl + reload usually forces a cache skip.  Not that that will help.

 

0 Kudos
Christian_Opitz
Contributor
Contributor
‎2022-06-22 04:59 AM
In response to George_Ellis
Jump to solution

thanks. We tried Chrome, Firefox, Edge and IE on different sources with the same result. The same from the LOM subnet (without a gateway). All tests were done with an uptodate Windows 10.

0 Kudos
George_Ellis
Advisor
‎2022-06-22 08:47 AM
In response to Christian_Opitz
Jump to solution

Call support.  If you have a test box (as we do not test in production, right...), ipmitool could help.  Creating another user looks like it is on the realm of possibility. 
'ipmitool set name 3 newguy'
'ipmitool set password 3 somethinglongerthan8chars'
'ipmitool user priv 3 ADMINISTRATOR 1'
'ipmitool user enable 3'

ipmitool user
User Commands:
summary [<channel number>]
list [<channel number>]
set name <user id> <username>
set password <user id> [<password>]
disable <user id>
enable <user id>
priv <user id> <privilege level> [<channel number>]
test <user id> <16|20> [<password]>

That should give you newguy and not have an existing session.  But beware, I do not have anything to test against, so this may not work and could be wrong.

0 Kudos
Christian_Opitz
Contributor
Contributor
‎2022-06-23 04:00 AM
In response to George_Ellis
Jump to solution

we don't have a test box, too. The support currently want to test a deenergize of the system for some minutes currently.

0 Kudos
George_Ellis
Advisor
‎2022-06-23 04:36 AM
In response to Christian_Opitz
Jump to solution

You could do a 'ipmitool mc reset cold' for an alleged cold boot of the device if you have not done so.  That would get you half way to a full deenergize.

0 Kudos
Christian_Opitz
Contributor
Contributor
‎2022-06-27 04:40 AM
In response to George_Ellis
Jump to solution

The deenergize of the server helps to get the LOM working again. Tomorrow there will be a test with the cold reset command, too.

0 Kudos
skandshus
Advisor
Advisor
‎2022-06-27 04:52 AM
In response to Christian_Opitz
Jump to solution

what does "de energize mean"?  is that slang for pulling the power? 🙂

 

0 Kudos
George_Ellis
Advisor
‎2022-06-27 06:37 AM
In response to skandshus
Jump to solution

Unplug from all power.  The LOM is on whenever there is power to the unit.  This allows the LOM to also manage power on/off for the firewall.  You can cold start the firewall via the LOM.

0 Kudos
Christian_Opitz
Contributor
Contributor
‎2022-06-28 12:23 AM
In response to George_Ellis
Jump to solution

good news. "ipmitool mc reset cold" worked also without outages :).

George_Ellis
Advisor
‎2022-06-28 03:50 AM
In response to Christian_Opitz
Jump to solution

Great news.  Remote solutions rock.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events