Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mlinko
Contributor
Jump to solution

Var/log/messages SPAM - cmik_loader_fw_context_match_cb: match_cb for CMI APP 31

Dear All

since the upgrade to take 76, we've noticed that our messages get SPAMed from "kernel Error" (logs are below). Does someone know what is causing this error messages?

Appliance 23800

KR
Rok



Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:25999 -> 13.107.206.39:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:25032 -> 205.251.196.141:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.222:20890 -> 205.251.196.141:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:51691 -> 150.171.16.37:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:44074 -> 2.23.154.132:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing
context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:35573 -> 13.107.206.39:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:62790 -> 66.163.53.1:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing
context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:63925 -> 150.171.10.201:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executi
ng context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.222:56365 -> 150.171.10.201:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executi
ng context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.223:56797 -> 205.251.194.187:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_0];[172.16.10.222:45689 -> 170.72.18.2:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing
context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 39 seconds. To disable this suppression see sk74580
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_36];[172.16.10.222:58264 -> 204.14.183.5:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 39 seconds. To disable this suppression see sk74580
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_31];[172.16.10.223:32702 -> 208.84.5.222:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executin
g context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_31];[172.16.10.222:38189 -> 199.180.182.53:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 39 seconds. To disable this suppression see sk74580
Sep 7 10:31:21 2024 fwgw-wbg-01 AutoUpdater[25735]: Error occurred running the application.
Sep 7 10:31:21 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.222:60344 -> 199.180.182.53:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:22 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.223:50733 -> 13.107.236.201:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.222:45935 -> 81.169.144.234:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execut
ing context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.222:19411 -> 150.171.10.32:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executi
ng context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.223:28740 -> 140.205.122.243:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execu
ting context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:[fw4_23];[172.16.10.223:65035 -> 108.162.192.122:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, execu
ting context 366 and adding the app to apps in exception
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:
Sep 7 10:31:23 2024 fwgw-wbg-01 kernel:FW-1: stopping debug messages for the next 37 seconds. To disable this suppression see sk74580
Sep 7 10:31:26 2024 fwgw-wbg-01 AutoUpdater[26181]: Error occurred running the application.
Sep 7 10:31:31 2024 fwgw-wbg-01 AutoUpdater[26295]: Error occurred running the application.
Sep 7 10:31:36 2024 fwgw-wbg-01 AutoUpdater[26675]: Error occurred running the application.
Sep 7 10:31:42 2024 fwgw-wbg-01 AutoUpdater[26709]: Error occurred running the application.
Sep 7 10:31:47 2024 fwgw-wbg-01 AutoUpdater[26732]: Error occurred running the application.

0 Kudos
1 Solution

Accepted Solutions
AkosBakos
Leader Leader
Leader

Hi @Mlinko 

Did you read this SK? https://support.checkpoint.com/results/sk/sk182606

 

Symptoms

  • The $FWDIR/log/fwk.elg or /var/log/messages file on the Security Gateway / Cluster Member contains this line repeatedly:
    cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing context 366 and adding the app to apps in exception

  • Traffic outages through a Security Gateway / Cluster / VSX Virtual System, and core dumps are created.

Cause

A missing attribute in the DNS server response causes a data failure.

Solution

Contact Check Point Support to get a Hotfix for this issue.
The fix resolves this issue by ensuring that the Security Gateway does not fail when the specified attribute is invalid.

A Support Engineer will make sure the Hotfix is compatible with your environment before providing it.
For faster resolution and verification, collect these files:

  1. CPinfo file from the Management Server involved in the case.
  2. CPinfo file from the Security Gateway / each Cluster Member involved in the case.

Hotfix installation instructions:
Refer to sk168597 - How to install a Hotfix.

----------------
\m/_(>_<)_\m/

View solution in original post

0 Kudos
27 Replies
AkosBakos
Leader Leader
Leader

Hi @Mlinko 

Did you read this SK? https://support.checkpoint.com/results/sk/sk182606

 

Symptoms

  • The $FWDIR/log/fwk.elg or /var/log/messages file on the Security Gateway / Cluster Member contains this line repeatedly:
    cmik_loader_fw_context_match_cb: match_cb for CMI APP 31 - DNS_DATA_SOURCE failed on context 201, executing context 366 and adding the app to apps in exception

  • Traffic outages through a Security Gateway / Cluster / VSX Virtual System, and core dumps are created.

Cause

A missing attribute in the DNS server response causes a data failure.

Solution

Contact Check Point Support to get a Hotfix for this issue.
The fix resolves this issue by ensuring that the Security Gateway does not fail when the specified attribute is invalid.

A Support Engineer will make sure the Hotfix is compatible with your environment before providing it.
For faster resolution and verification, collect these files:

  1. CPinfo file from the Management Server involved in the case.
  2. CPinfo file from the Security Gateway / each Cluster Member involved in the case.

Hotfix installation instructions:
Refer to sk168597 - How to install a Hotfix.

----------------
\m/_(>_<)_\m/
0 Kudos
Mlinko
Contributor

Hi @AkosBakos,

I was searching for the SK but I couldn't find one, thank you for our reply! I'll have a look at it!

KR
Rok

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The PRJ-56360 is included in R81.20 JT 90 Released on 12 November 2024 https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Take_90.htm?Highlight=PRJ-56360

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Greg_Harbers
Collaborator

the sk article says that cause is a missing attribute in the DNS server response.

is there any detail as to what could be missing? we have around 20 gateways all using the same policy, all pointing to the same series of DNS servers but only one is showing this error.

 

0 Kudos
Nandhakumar_N
Participant

I am also getting same error on gateway which is running in R81.20 version take 76 hotfix

PhoneBoy
Admin
Admin

The fix for this does not appear to be available as part of a JHF yet.
You will need to request the specific hotfix from TAC.

0 Kudos
Daniel_Kavan
Advisor
Advisor

I applied the JHF76 hotfix yesterday and I'm still getting these errors, but not nearly as many.   TAC is looking at it.  

[Mon Sep 16 05:58:19 2024] [fw4_4];[someIP:56780 -> someEXTip:53] [ERROR]: cmik_loader_fw_context_match_cb: match_cb for CMI APP 10 - RESOURCE_REPUTATION failed on context 201, executing context 366 and adding the app to apps in exception

0 Kudos
Olavi_Lentso
Contributor

The same messages continue to appear also in take 84. Quite long time without adding the fix into a jumbo hotfix.

0 Kudos
itinfranetwork
Explorer

What is worse :

  • the hotfix is only available by opening a support case, which for the majority of the customers implies going through a partner, adding latency to the resolution
  • the SK182606 has been created on 2024-08-21, before JHF 84 was out ("Released on 5 Sep 2024 and declared as Recommended on 18 Sep 2024"), and is still not listed in the known issues of any JHF
  • in our case, upgrading from JHF 53 to 84, the bug has been introduced by the JHF 84 !

 

cdelcarmen
Contributor

in Take 76, checkpoint tac provided a hotfix for this DNS errror and I had to remove the hotfix checkpoint provided in order to be able to upgrade to take 84, not  good. 

 

(1)
Olavi_Lentso
Contributor

Even the latest R81.20 take 89 reports still same errors ...

0 Kudos
Richard_Wieser
Participant

I was seeing this in T76 and T84. Contacted TAC and was provided a portfix and the issue gone now. 

0 Kudos
Olavi_Lentso
Contributor

Yep, a hotfix does exist, but it has not been added into any jumbo hotfixes yet, after being discovered so long time ago.

0 Kudos
Max_Frankl
Employee
Employee

Hi this fix will be added to the next JHF releases for all versions

Olavi_Lentso
Contributor

Good news!

0 Kudos
Sven_Glock
Advisor

@Max_Frankl is this a gateway or a management releated issue?

0 Kudos
Licensing_Manag
Explorer

Security Gateway issue

0 Kudos
FerPr0c03
Participant

Hi Max,

Same problem here with an Security Gateway in R81.20 JHF 89

I have opened a case with the tac, and they indicate that there is no hotfix for the Jumbo 89.
Do you have any news about when the hotfix for this Jumbo will be released?

I see many people have this same problem.

0 Kudos
cdelcarmen
Contributor

I just received the wrapper hotfix for take 89 today, reach out to them again, they should have it already. 

0 Kudos
RS_Daniel
Advisor

Hello @Max_Frankl ,

We have the same issue with a new upgrade to R81.20 jumbo 89. Already have a case open with TAC however wanted to ask here if there is any workaround while we get the hotfix or any ETA for the jumbo with the fix?

Regards

0 Kudos
cdelcarmen
Contributor

TAC told me this issues is fixed in R82.

=

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Why then includes sk182606 R82 as Version ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MatanYanay
Employee
Employee

Hi @RS_Daniel  and all 

if you refer to sk182606 and the HF from this sk so as Max mention it was not yet released

It will be release in the next jumbo we target to release during next week ( the relevant PRJ for R81.20 from the sk is PRJ-56360)

Thanks 

Matan.

Olavi_Lentso
Contributor

I can confirm that error messages have disappeared after installation of R81.20 jumbo 90.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

R81.20 Take 90 was Released on 12 November 2024 - but this inormation is missing from sk182606, and no reference to sk182606 is found in https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20/R81.20/Take_90.htm, only to PRJ-56360 !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
CheckPointerXL
Advisor
Advisor

Hello Matan,

when we find logs like this "CMI APP 31 - DNS_DATA_SOURCE failed on context 201" how we can go deeper with investigation/troubleshooting? it is possible to identify what is context 201? trying to find some useful command but no luck

0 Kudos
MikeB
Advisor

Hi @Richard_Wieser , the portfix was provided for T84? 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events