Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kadar2
Contributor

Unable to download from http://updates.checkpoint.com/WebService/

Hello all,

 

I am getting the following message from all GWs in our environment.

 

Could not download from "http://updates.checkpoint.com/WebService/services/DownloadMetaDataService?wsdl". Server error occurred.

Failure impact: An unsecure server may be trusted, or update services may fail to operate

The output of the curl_cli command is:

<?xml version='1.0' encoding='UTF-8'?><wsdl:definitions name="DownloadMetaDataServiceService" targetNamespace="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:ns1="http://webservices.downloadcenter.checkpoint.com/" xmlns:ns2="http://schemas.xmlsoap.org/soap/http" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

  <wsdl:import location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService?wsdl=Produc..." namespace="http://webservices.downloadcenter.checkpoint.com/">

    </wsdl:import>

  <wsdl:binding name="DownloadMetaDataServiceServiceSoapBinding" type="ns1:ProductUpdatesWebService">

    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

    <wsdl:operation name="invoke">

      <soap:operation soapAction="" style="document"/>

      <wsdl:input name="invoke">

        <soap:body use="literal"/>

      </wsdl:input>

      <wsdl:output name="invokeResponse">

        <soap:body use="literal"/>

      </wsdl:output>

    </wsdl:operation>

  </wsdl:binding>

  <wsdl:service name="DownloadMetaDataServiceService">

    <wsdl:port binding="tns:DownloadMetaDataServiceServiceSoapBinding" name="DownloadMetaDataService">

      <soap:address location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService"/>

    </wsdl:port>

  </wsdl:service>

 

I do understand that this does not impact any operational services, but I would like to minimize any clutter in the logs.

Any input would be highly appreciated.

Thank you in advance.

 

13 Replies
G_W_Albrecht
Legend Legend
Legend

Are the services (IPS, AV a.o.) updating successfully ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
kadar2
Contributor

Yes, everything is updating successfully.There doesn't seem to be any service impact, but I would like to know if there is a way to remove this clutter from the logs.

shais
Employee
Employee

This error sound like some kind of configuration issue, I suggest opening a ticket to support as it will require looking at your system 

0 Kudos
kadar2
Contributor

A hotfix is required in order to gather more information from the system.

Thanks!

0 Kudos
Luis_Miguel_Mig
Advisor

I get the same error in R80.40 take 83.
The description of the error is: Internal trusted CAs service

Everything seems to be working HTTPS inspection, Antivirus, IPS, Antibot ... updates ... but I get this error that I don't know where it comes from

0 Kudos
SharonElmashaly
Employee Alumnus
Employee Alumnus

Hello Luis Miguel,

Have you opened a Service Request with TAC to investigate this?

 

Regards,

Sharon Elmashaly

VP, Customer Support

0 Kudos
Luis_Miguel_Mig
Advisor

I did but we haven't found the root cause yet

0 Kudos
SharonElmashaly
Employee Alumnus
Employee Alumnus

Please send me the SR number to elmashaly@checkpointc.com for review

0 Kudos
Luis_Miguel_Mig
Advisor

Any idea what is the root cause? Still happening in R80.40 take 102

0 Kudos
the_rock
Legend
Legend

Are you able to do curl_cli at all? Like below:

curl_cli -v updates.checkpoint.com
* Rebuilt URL to: updates.checkpoint.com/
* Trying 23.78.138.28...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (23.78.138.28) port 80 (#0)
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Server: awselb/2.0
< Date: Fri, 30 Apr 2021 14:56:16 GMT
< Connection: keep-alive
<
* Connection #0 to host updates.checkpoint.com left intact

 

0 Kudos
Luis_Miguel_Mig
Advisor

this is what I get

curl_cli -v -k --proxy proxy.ip:port http://updates.checkpoint.com/WebService/services/DownloadMetaDataService?wsdl
* Trying proxy.ip ...
* TCP_NODELAY set
* Connected to proxy.ip (proxy.ip) port port (#0)
< HTTP/1.1 200 OK
< Content-Type: text/xml
< Content-Length: 1596
< Server: Apache-Coyote/1.1
< Date: Fri, 30 Apr 2021 15:35:33 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
<
<?xml version='1.0' encoding='UTF-8'?><wsdl:definitions name="DownloadMetaDataServiceService" targetNamespace="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:ns1="http://webservices.downloadcenter.checkpoint.com/" xmlns:ns2="http://schemas.xmlsoap.org/soap/http" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsdl:import location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService?wsdl=Produc..." namespace="http://webservices.downloadcenter.checkpoint.com/">
</wsdl:import>
<wsdl:binding name="DownloadMetaDataServiceServiceSoapBinding" type="ns1:ProductUpdatesWebService">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="invoke">
<soap:operation soapAction="" style="document"/>
<wsdl:input name="invoke">
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output name="invokeResponse">
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="DownloadMetaDataServiceService">
<wsdl:port binding="tns:DownloadMetaDataServiceServiceSoapBinding" name="DownloadMetaDataService">
<soap:address location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService"/>
</wsdl:port>
</wsdl:service>
* Connection #0 to host proxy.ip left intact

The network capture matching the smartconsole log error shows a fine tcp/http transaction with FIN/ACK and HTTP 200/OK.

This is the response


Frame 120: 806 bytes on wire (6448 bits), 806 bytes captured (6448 bits)
Ethernet II, Src: Invertex_0f:f0:a5 (00:d0:83:0f:f0:a5), Dst: IntelCor_36:f3:e8 (90:e2:ba:36:f3:e8)
Internet Protocol Version 4, Src: proxy.ip, Dst: gateway.ip
Transmission Control Protocol, Src Port: proxy.port, Dst Port: 10182, Seq: 3148, Ack: 972, Len: 740
Source Port: proxy.port
Destination Port: 10182
[Stream index: 4]
[TCP Segment Len: 740]
Sequence number: 3148 (relative sequence number)
[Next sequence number: 3888 (relative sequence number)]
Acknowledgment number: 972 (relative ack number)
Header Length: 32 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 2064
[Calculated window size: 132096]
[Window size scaling factor: 64]
Checksum: 0x5ddc [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
TCP segment data (740 bytes)
[4 Reassembled TCP Segments (3887 bytes): #117(1348), #118(451), #119(1348), #120(740)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Content-Type: text/xml;charset=UTF-8\r\n
Content-Length: 3690\r\n
Server: Apache-Coyote/1.1\r\n
Date: Tue, 26 Jan 2021 15:11:43 GMT\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.115934000 seconds]
[Request in frame: 115]
File Data: 3690 bytes
eXtensible Markup Language
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<checkpoint:getMetaData
xmlns:checkpoint="urn:downloadcenter"
checkpoint:client=""
checkpoint:stn=""
checkpoint:userID=""
checkpoint:userPassword="">
<checkpoint:MetaData>
<checkpoint:Index>
18721
</checkpoint:Index>
<checkpoint:Product>
CA_BUNDLE
</checkpoint:Product>
<checkpoint:ProductDisplayName>
CA_BUNDLE
</checkpoint:ProductDisplayName>
<checkpoint:OS>
All
</checkpoint:OS>
<checkpoint:OSDisplayName>
All
</checkpoint:OSDisplayName>
<checkpoint:Version>
1.0
</checkpoint:Version>
<checkpoint:VersionDisplayName>
1.0
</checkpoint:VersionDisplayName>
<checkpoint:MajorVersion>
0
</checkpoint:MajorVersion>
<checkpoint:MinorVersion>
0
</checkpoint:MinorVersion>
<checkpoint:SubMinorVersion>
0
</checkpoint:SubMinorVersion>
<checkpoint:Vendor>
CheckPoint
</checkpoint:Vendor>
<checkpoint:Bundle>
</checkpoint:Bundle>
<checkpoint:FileName>
ca-bundle.crt
</checkpoint:FileName>
<checkpoint:FileType>
Hidden
</checkpoint:FileType>
<checkpoint:FileSize>
438024
</checkpoint:FileSize>
<checkpoint:FileDate>
2013-04-07 00:00:00
</checkpoint:FileDate>
<checkpoint:FileComment>
</checkpoint:FileComment>
<checkpoint:FileDescription>
</checkpoint:FileDescription>
<checkpoint:FileRevision>
1.0
</checkpoint:FileRevision>
<checkpoint:PackageKey>
</checkpoint:PackageKey>
<checkpoint:ApplicationCategory>
</checkpoint:ApplicationCategory>
<checkpoint:FileDisplayName>
CA Bundle
</checkpoint:FileDisplayName>
<checkpoint:MD5>
03c57d02663b6a03c2af98878e30f8b6
</checkpoint:MD5>
<checkpoint:Order>
</checkpoint:Order>
<checkpoint:Latest>
</checkpoint:Latest>
<checkpoint:CPSignature>
</checkpoint:CPSignature>
<checkpoint:SHA1>
34095b3836904766fd8ed54153ec3f64229a54ed
</checkpoint:SHA1>
<checkpoint:DownloadURL>
http://dl3.checkpoint.com/paid/03/ca-bundle.crt?HashKey=1611681103_0cbd8ab04f2502614e3ff6150cd66a35&...
</checkpoint:DownloadURL>
<checkpoint:FileSignature>
</checkpoint:FileSignature>
</checkpoint:MetaData>
<checkpoint:MetaData>
<checkpoint:Index>
18722
</checkpoint:Index>
<checkpoint:Product>
CA_BUNDLE
</checkpoint:Product>
<checkpoint:ProductDisplayName>
CA_BUNDLE
</checkpoint:ProductDisplayName>
<checkpoint:OS>
All
</checkpoint:OS>
<checkpoint:OSDisplayName>
All
</checkpoint:OSDisplayName>
<checkpoint:Version>
1.0
</checkpoint:Version>
<checkpoint:VersionDisplayName>
1.0
</checkpoint:VersionDisplayName>
<checkpoint:MajorVersion>
0
</checkpoint:MajorVersion>
<checkpoint:MinorVersion>
0
</checkpoint:MinorVersion>
<checkpoint:SubMinorVersion>
0
</checkpoint:SubMinorVersion>
<checkpoint:Vendor>
CheckPoint
</checkpoint:Vendor>
<checkpoint:Bundle>
</checkpoint:Bundle>
<checkpoint:FileName>
last_revision_DC.xml
</checkpoint:FileName>
<checkpoint:FileType>
Utility
</checkpoint:FileType>
<checkpoint:FileSize>
110
</checkpoint:FileSize>
<checkpoint:FileDate>
2012-07-16 00:00:00
</checkpoint:FileDate>
<checkpoint:FileComment>
</checkpoint:FileComment>
<checkpoint:FileDescription>
</checkpoint:FileDescription>
<checkpoint:FileRevision>
0
</checkpoint:FileRevision>
<checkpoint:PackageKey>
</checkpoint:PackageKey>
<checkpoint:ApplicationCategory>
</checkpoint:ApplicationCategory>
<checkpoint:FileDisplayName>
Last revision of CA Bundle
</checkpoint:FileDisplayName>
<checkpoint:MD5>
b6be68665e9fb620c1587667b0cbd995
</checkpoint:MD5>
<checkpoint:Order>
</checkpoint:Order>
<checkpoint:Latest>
</checkpoint:Latest>
<checkpoint:CPSignature>
</checkpoint:CPSignature>
<checkpoint:SHA1>
ecda6137140fc4928f4a87c5958ca4950287fd62
</checkpoint:SHA1>
<checkpoint:DownloadURL>
http://dl3.checkpoint.com/paid/b6/last_revision_DC.xml?HashKey=1611681103_651c53e2dba3a3ec1e1b59a670...
</checkpoint:DownloadURL>
<checkpoint:FileSignature>
</checkpoint:FileSignature>
</checkpoint:MetaData>
</checkpoint:getMetaData>
</soap:Body>
</soap:Envelope>



0 Kudos
rgalloso
Explorer

I am having a similar problem, in my case we have a proxy for internet access and we have only allowed https and http (443, 80) but in the file we can see an url with port 8093: I think that this can be the problem and this was change in some version after R80.10. In the sk83520 I do not find any TCP/8093 port reference, only http and https. We have mdps too. I am going to request new proxy access with 8093 and update if this was a solution in my case.

0 Kudos
the_rock
Legend
Legend

You can also allow any cloud updatable objects related to the fqdn.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events