- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello all,
I am getting the following message from all GWs in our environment.
Could not download from "http://updates.checkpoint.com/WebService/services/DownloadMetaDataService?wsdl". Server error occurred.
Failure impact: An unsecure server may be trusted, or update services may fail to operate
The output of the curl_cli command is:
<?xml version='1.0' encoding='UTF-8'?><wsdl:definitions name="DownloadMetaDataServiceService" targetNamespace="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:ns1="http://webservices.downloadcenter.checkpoint.com/" xmlns:ns2="http://schemas.xmlsoap.org/soap/http" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsdl:import location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService?wsdl=Produc..." namespace="http://webservices.downloadcenter.checkpoint.com/">
</wsdl:import>
<wsdl:binding name="DownloadMetaDataServiceServiceSoapBinding" type="ns1:ProductUpdatesWebService">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="invoke">
<soap:operation soapAction="" style="document"/>
<wsdl:input name="invoke">
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output name="invokeResponse">
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="DownloadMetaDataServiceService">
<wsdl:port binding="tns:DownloadMetaDataServiceServiceSoapBinding" name="DownloadMetaDataService">
<soap:address location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService"/>
</wsdl:port>
</wsdl:service>
I do understand that this does not impact any operational services, but I would like to minimize any clutter in the logs.
Any input would be highly appreciated.
Thank you in advance.
Are the services (IPS, AV a.o.) updating successfully ?
Yes, everything is updating successfully.There doesn't seem to be any service impact, but I would like to know if there is a way to remove this clutter from the logs.
This error sound like some kind of configuration issue, I suggest opening a ticket to support as it will require looking at your system
A hotfix is required in order to gather more information from the system.
Thanks!
I get the same error in R80.40 take 83.
The description of the error is: Internal trusted CAs service
Everything seems to be working HTTPS inspection, Antivirus, IPS, Antibot ... updates ... but I get this error that I don't know where it comes from
Hello Luis Miguel,
Have you opened a Service Request with TAC to investigate this?
Regards,
Sharon Elmashaly
VP, Customer Support
I did but we haven't found the root cause yet
Please send me the SR number to elmashaly@checkpointc.com for review
Any idea what is the root cause? Still happening in R80.40 take 102
Are you able to do curl_cli at all? Like below:
curl_cli -v updates.checkpoint.com
* Rebuilt URL to: updates.checkpoint.com/
* Trying 23.78.138.28...
* TCP_NODELAY set
* Connected to updates.checkpoint.com (23.78.138.28) port 80 (#0)
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Server: awselb/2.0
< Date: Fri, 30 Apr 2021 14:56:16 GMT
< Connection: keep-alive
<
* Connection #0 to host updates.checkpoint.com left intact
this is what I get
curl_cli -v -k --proxy proxy.ip:port http://updates.checkpoint.com/WebService/services/DownloadMetaDataService?wsdl
* Trying proxy.ip ...
* TCP_NODELAY set
* Connected to proxy.ip (proxy.ip) port port (#0)
< HTTP/1.1 200 OK
< Content-Type: text/xml
< Content-Length: 1596
< Server: Apache-Coyote/1.1
< Date: Fri, 30 Apr 2021 15:35:33 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
<
<?xml version='1.0' encoding='UTF-8'?><wsdl:definitions name="DownloadMetaDataServiceService" targetNamespace="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:ns1="http://webservices.downloadcenter.checkpoint.com/" xmlns:ns2="http://schemas.xmlsoap.org/soap/http" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://updates.checkpoint.com/WebService/services/DownloadMetaDataService" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsdl:import location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService?wsdl=Produc..." namespace="http://webservices.downloadcenter.checkpoint.com/">
</wsdl:import>
<wsdl:binding name="DownloadMetaDataServiceServiceSoapBinding" type="ns1:ProductUpdatesWebService">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="invoke">
<soap:operation soapAction="" style="document"/>
<wsdl:input name="invoke">
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output name="invokeResponse">
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="DownloadMetaDataServiceService">
<wsdl:port binding="tns:DownloadMetaDataServiceServiceSoapBinding" name="DownloadMetaDataService">
<soap:address location="http://updates-prd-cloud.checkpoint.com:8093/WebService/services/DownloadMetaDataService"/>
</wsdl:port>
</wsdl:service>
* Connection #0 to host proxy.ip left intact
The network capture matching the smartconsole log error shows a fine tcp/http transaction with FIN/ACK and HTTP 200/OK.
This is the response
Frame 120: 806 bytes on wire (6448 bits), 806 bytes captured (6448 bits)
Ethernet II, Src: Invertex_0f:f0:a5 (00:d0:83:0f:f0:a5), Dst: IntelCor_36:f3:e8 (90:e2:ba:36:f3:e8)
Internet Protocol Version 4, Src: proxy.ip, Dst: gateway.ip
Transmission Control Protocol, Src Port: proxy.port, Dst Port: 10182, Seq: 3148, Ack: 972, Len: 740
Source Port: proxy.port
Destination Port: 10182
[Stream index: 4]
[TCP Segment Len: 740]
Sequence number: 3148 (relative sequence number)
[Next sequence number: 3888 (relative sequence number)]
Acknowledgment number: 972 (relative ack number)
Header Length: 32 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 2064
[Calculated window size: 132096]
[Window size scaling factor: 64]
Checksum: 0x5ddc [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
TCP segment data (740 bytes)
[4 Reassembled TCP Segments (3887 bytes): #117(1348), #118(451), #119(1348), #120(740)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
Request Version: HTTP/1.1
Status Code: 200
Response Phrase: OK
Content-Type: text/xml;charset=UTF-8\r\n
Content-Length: 3690\r\n
Server: Apache-Coyote/1.1\r\n
Date: Tue, 26 Jan 2021 15:11:43 GMT\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.115934000 seconds]
[Request in frame: 115]
File Data: 3690 bytes
eXtensible Markup Language
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<checkpoint:getMetaData
xmlns:checkpoint="urn:downloadcenter"
checkpoint:client=""
checkpoint:stn=""
checkpoint:userID=""
checkpoint:userPassword="">
<checkpoint:MetaData>
<checkpoint:Index>
18721
</checkpoint:Index>
<checkpoint:Product>
CA_BUNDLE
</checkpoint:Product>
<checkpoint:ProductDisplayName>
CA_BUNDLE
</checkpoint:ProductDisplayName>
<checkpoint:OS>
All
</checkpoint:OS>
<checkpoint:OSDisplayName>
All
</checkpoint:OSDisplayName>
<checkpoint:Version>
1.0
</checkpoint:Version>
<checkpoint:VersionDisplayName>
1.0
</checkpoint:VersionDisplayName>
<checkpoint:MajorVersion>
0
</checkpoint:MajorVersion>
<checkpoint:MinorVersion>
0
</checkpoint:MinorVersion>
<checkpoint:SubMinorVersion>
0
</checkpoint:SubMinorVersion>
<checkpoint:Vendor>
CheckPoint
</checkpoint:Vendor>
<checkpoint:Bundle>
</checkpoint:Bundle>
<checkpoint:FileName>
ca-bundle.crt
</checkpoint:FileName>
<checkpoint:FileType>
Hidden
</checkpoint:FileType>
<checkpoint:FileSize>
438024
</checkpoint:FileSize>
<checkpoint:FileDate>
2013-04-07 00:00:00
</checkpoint:FileDate>
<checkpoint:FileComment>
</checkpoint:FileComment>
<checkpoint:FileDescription>
</checkpoint:FileDescription>
<checkpoint:FileRevision>
1.0
</checkpoint:FileRevision>
<checkpoint:PackageKey>
</checkpoint:PackageKey>
<checkpoint:ApplicationCategory>
</checkpoint:ApplicationCategory>
<checkpoint:FileDisplayName>
CA Bundle
</checkpoint:FileDisplayName>
<checkpoint:MD5>
03c57d02663b6a03c2af98878e30f8b6
</checkpoint:MD5>
<checkpoint:Order>
</checkpoint:Order>
<checkpoint:Latest>
</checkpoint:Latest>
<checkpoint:CPSignature>
</checkpoint:CPSignature>
<checkpoint:SHA1>
34095b3836904766fd8ed54153ec3f64229a54ed
</checkpoint:SHA1>
<checkpoint:DownloadURL>
http://dl3.checkpoint.com/paid/03/ca-bundle.crt?HashKey=1611681103_0cbd8ab04f2502614e3ff6150cd66a35&...
</checkpoint:DownloadURL>
<checkpoint:FileSignature>
</checkpoint:FileSignature>
</checkpoint:MetaData>
<checkpoint:MetaData>
<checkpoint:Index>
18722
</checkpoint:Index>
<checkpoint:Product>
CA_BUNDLE
</checkpoint:Product>
<checkpoint:ProductDisplayName>
CA_BUNDLE
</checkpoint:ProductDisplayName>
<checkpoint:OS>
All
</checkpoint:OS>
<checkpoint:OSDisplayName>
All
</checkpoint:OSDisplayName>
<checkpoint:Version>
1.0
</checkpoint:Version>
<checkpoint:VersionDisplayName>
1.0
</checkpoint:VersionDisplayName>
<checkpoint:MajorVersion>
0
</checkpoint:MajorVersion>
<checkpoint:MinorVersion>
0
</checkpoint:MinorVersion>
<checkpoint:SubMinorVersion>
0
</checkpoint:SubMinorVersion>
<checkpoint:Vendor>
CheckPoint
</checkpoint:Vendor>
<checkpoint:Bundle>
</checkpoint:Bundle>
<checkpoint:FileName>
last_revision_DC.xml
</checkpoint:FileName>
<checkpoint:FileType>
Utility
</checkpoint:FileType>
<checkpoint:FileSize>
110
</checkpoint:FileSize>
<checkpoint:FileDate>
2012-07-16 00:00:00
</checkpoint:FileDate>
<checkpoint:FileComment>
</checkpoint:FileComment>
<checkpoint:FileDescription>
</checkpoint:FileDescription>
<checkpoint:FileRevision>
0
</checkpoint:FileRevision>
<checkpoint:PackageKey>
</checkpoint:PackageKey>
<checkpoint:ApplicationCategory>
</checkpoint:ApplicationCategory>
<checkpoint:FileDisplayName>
Last revision of CA Bundle
</checkpoint:FileDisplayName>
<checkpoint:MD5>
b6be68665e9fb620c1587667b0cbd995
</checkpoint:MD5>
<checkpoint:Order>
</checkpoint:Order>
<checkpoint:Latest>
</checkpoint:Latest>
<checkpoint:CPSignature>
</checkpoint:CPSignature>
<checkpoint:SHA1>
ecda6137140fc4928f4a87c5958ca4950287fd62
</checkpoint:SHA1>
<checkpoint:DownloadURL>
http://dl3.checkpoint.com/paid/b6/last_revision_DC.xml?HashKey=1611681103_651c53e2dba3a3ec1e1b59a670...
</checkpoint:DownloadURL>
<checkpoint:FileSignature>
</checkpoint:FileSignature>
</checkpoint:MetaData>
</checkpoint:getMetaData>
</soap:Body>
</soap:Envelope>
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY