Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sajenthiran_Mic
Contributor

LOM Session Expired - LOM Firmware 6.10.0

Jump to solution

During Checkpointb restoration from R81 to R80.40. The LOM session has expired. At the same time the restoration process did not  complete. Now getting back into the LOM (LOG IN ) is denied with the message "LOM session has expired." Message.

 

 

Fixed:

ipmitool mc reset cold

service ipmi stop; service ipmi start

OR

a complete system reboot

 

1 Solution

Accepted Solutions
George_Ellis
Contributor

You could do a 'ipmitool mc reset cold' for an alleged cold boot of the device if you have not done so.  That would get you half way to a full deenergize.

View solution in original post

0 Kudos
15 Replies
Vladimir
Champion
Champion

Try using browser's Incognito mode. Perhaps it's a cached session issue.

0 Kudos
Dolev
Employee
Employee

Do you have open SR with Check Point Support? If you do, please mention it here, if not then open one and update here.

I'll follow up with TAC on that.

0 Kudos
skandshus
Collaborator

Seeing the same thing here 😞 havent found a fix

0 Kudos
George_Ellis
Contributor

Do you have GAIA access at all either by console or SSH session?  If so, you should be able to reboot the LOM.

service ipmi start

#reboot
ipmitool mc reset warm

OR

ipmitool mc reset cold

service ipmi stop

0 Kudos
Christian_Opitz
Participant

We noticed the same error on three different HTML5 LOMs this week. 2x6000 and one 7000 Appliance. There were no system changes. Maybe a global issue on HTML5 LOMs?

A ipmi restart with warm reset did not help. Also a change of the LOM IP address via clish did not change the behavior.

George_Ellis
Contributor

Have you tried different browsers?  In ancient times, I had to use Chrome and Mozilla at times to work around an issue.  Or Firefox or MS browsers were the fix.  Maybe you got a GPO push from the desktop team that included some security measure that is precluding it (and the alternate browser may not have that setting.)

Edit - PS, little known browser feature.  Ctrl + reload usually forces a cache skip.  Not that that will help.

 

0 Kudos
Christian_Opitz
Participant

thanks. We tried Chrome, Firefox, Edge and IE on different sources with the same result. The same from the LOM subnet (without a gateway). All tests were done with an uptodate Windows 10.

0 Kudos
George_Ellis
Contributor

Call support.  If you have a test box (as we do not test in production, right...), ipmitool could help.  Creating another user looks like it is on the realm of possibility. 
'ipmitool set name 3 newguy'
'ipmitool set password 3 somethinglongerthan8chars'
'ipmitool user priv 3 ADMINISTRATOR 1'
'ipmitool user enable 3'

ipmitool user
User Commands:
summary [<channel number>]
list [<channel number>]
set name <user id> <username>
set password <user id> [<password>]
disable <user id>
enable <user id>
priv <user id> <privilege level> [<channel number>]
test <user id> <16|20> [<password]>

That should give you newguy and not have an existing session.  But beware, I do not have anything to test against, so this may not work and could be wrong.

0 Kudos
Christian_Opitz
Participant

we don't have a test box, too. The support currently want to test a deenergize of the system for some minutes currently.

0 Kudos
George_Ellis
Contributor

You could do a 'ipmitool mc reset cold' for an alleged cold boot of the device if you have not done so.  That would get you half way to a full deenergize.

0 Kudos
Christian_Opitz
Participant

The deenergize of the server helps to get the LOM working again. Tomorrow there will be a test with the cold reset command, too.

0 Kudos
skandshus
Collaborator

what does "de energize mean"?  is that slang for pulling the power? 🙂

 

0 Kudos
George_Ellis
Contributor

Unplug from all power.  The LOM is on whenever there is power to the unit.  This allows the LOM to also manage power on/off for the firewall.  You can cold start the firewall via the LOM.

0 Kudos
Christian_Opitz
Participant

good news. "ipmitool mc reset cold" worked also without outages :).

0 Kudos
George_Ellis
Contributor

Great news.  Remote solutions rock.

0 Kudos