Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor
Jump to solution

internal error occurred during the verification process

Hello we have R81.10 MDS w/ R81.10 Security VE Gateway 

This is a fresh VE gateway deployment with Take 30 installed (latest) 

Have not been able to ever install any policy , i have establish SIC trust and then I am stuck . 

How can I fix this? Seems like a bug maybe as the policy I am trying to deploy is very minimal. 

I am not even trying to deploy any threat policy at this time . 

0 Kudos
1 Solution

Accepted Solutions
nflnetwork29
Advisor

this issue was solved by TAC eventually. 

the very short answer was that basically what we had to do what remove the gateway object and re-add it . 

 

View solution in original post

0 Kudos
21 Replies
the_rock
Legend
Legend

What do you see if you only do policy verification?

Andy

0 Kudos
nflnetwork29
Advisor

yes of course, done that!  and it is successful . no issue reported there . 

0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
nflnetwork29
Advisor

on my gateway

# ls -lh connectra_rulenums.html

ls: cannot access connectra_rulenums.html: No such file or directory

0 Kudos
the_rock
Legend
Legend

If you run this command from expert mode-> find / -name connectra_rulenums.html

Do you see anything?

By the way, its on management(also R81.10), NOT gateway

From my lab:

[Expert@MANAGEMENT:0]# find / -name connectra_rulenums.html
find: /proc/27779: No such file or directory
find: /proc/28071: No such file or directory
find: /proc/28073: No such file or directory
/var/log/opt/CPsuite-R81/fw1/log/connectra_rulenums.html
[Expert@MANAGEMENT:0]#

Andy

0 Kudos
nflnetwork29
Advisor

OK yes i found it 

 

/var/log/mds_logs/MGMT-MDS-01/log/connectra_rulenums.html

the_rock
Legend
Legend

Great! Just back it up and try the sk @PhoneBoy suggested. let us know if it works.

Andy

nflnetwork29
Advisor

to confirm .

i just replace step 1 with the path below?? 

/var/log/mds_logs/MGMT-MDS-01/log/connectra_rulenums.html

 
  1. # cd $FWDIR/log/ >>>>>> REPLACE  THIS
  2. # ls -lh connectra_rulenums.html (this will show the incorrect link)
  3. # unlink connectra_rulenums.html
  4. # touch connectra_rulenums.html
  5. # chmod 777 connectra_rulenums.html
0 Kudos
the_rock
Legend
Legend

What I would personally do, just to be safe, make backup first...so cd $FWDIR/log, then cp connectra_rulenums.html connectra_rulenums.html.backup and maybe get backup file off the server (JUST IN CASE) and then follow the instructions. I dont want to sound difficult now, but I would also take a backup as well.

0 Kudos
nflnetwork29
Advisor

tried the solution in the sk and still getting the same error . *sigh*

0 Kudos
the_rock
Legend
Legend

Thats unfortunate. O well...I would certainly contact TAC next. In the meantime, try from mgmt ssh something like below, just replace firewall name and correct policy )below is example from my lab)

mgmt_cli install-policy policy-package "R81.10_policy" targets "gateway"

 

Andy

0 Kudos
nflnetwork29
Advisor

Should the file "connectra_rulenums.html" exist in every single CMA when referring to an MDS?

 

my policy name = "standard" 

when i run the cmdlt i got 

code: "generic_err_object_not_found"
message: "Requested object [standard] not found"

0 Kudos
the_rock
Legend
Legend

That Im not 100% sure, you may wish to confirm with TAC on it.

Andy

0 Kudos
nflnetwork29
Advisor

@the_rock 

 

mgmt_cli install-policy policy-package "standard" targets "CORP-cp01"

0 Kudos
the_rock
Legend
Legend

Can you paste exact command you ran?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Have you tried forcing a non accelerated policy install or patching with JHF T45?

CCSM R77/R80/ELITE
nflnetwork29
Advisor

hi @Chris_Atkinson 

 

yes i patched to JHF T45 . same issue . 

 

How do i force a non  accelerated  policy install ? i can try that 

0 Kudos
the_rock
Legend
Legend
0 Kudos
nflnetwork29
Advisor

@the_rock 

was worth a shot . still failed though! arggg .

0 Kudos
the_rock
Legend
Legend

Sorry to say, but I got nothing else... : - (. I guess doing debug would be next step...

0 Kudos
nflnetwork29
Advisor

this issue was solved by TAC eventually. 

the very short answer was that basically what we had to do what remove the gateway object and re-add it . 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events