- CheckMates
- :
- Products
- :
- Quantum
- :
- Smart-1 Cloud
- :
- Re: Broken Smart-1 Cloud instance
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Broken Smart-1 Cloud instance
Hello all,
I reverted the database on a Smart-1 Cloud instance.
Now policy installation fails with the following error: "This policy version references purged object(s) this cannot be installed."
This error is documented in sk180571: "Contact Check Point Support to get assistance for this issue."
Support for this customer is pending renewal, so I cannot involve TAC right now.
Anyone ever hit this issue?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, found what the issue was.
Restarting the Smart-1 Cloud instance did not fix it.
Install Database on the management server completed without error.
Policy installation failed with the "purged object(s)" error message, even with only either Access Control or Treat Prevention ticked, or with accelerated installation disabled.
(Policy installation task would stay queued in SmartConsole and had to be cleared manually.)
Entering the Updates tool in a SmartConsole policy brought a "Failed to get DB object" error message.
IPS updates status showed a warning sign, with a "loading IPS update statuses" message when hovered on.
IPS database appears to be broken, and manual update went bad (using SmartConsole crashed SmartConsole, update using SMS failed or maybe restarted SMS not sure).
The real fix was just to manually switch the IPS database version (Policy Tools > IPS > drop-down menu > Switch to version).
I guess the management database revision I reverted to was so far away in time (still was just the previous one) that the referenced IPS version had been purged locally, and this broke the IPS state.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you say reverted database, you mean installed one of previous revisions?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I do.
Reverted to the previous revision from a few weeks before.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you wish, happy to do remote and we can check together, let me know.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No longer needed, but thanks for the offer. 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, found what the issue was.
Restarting the Smart-1 Cloud instance did not fix it.
Install Database on the management server completed without error.
Policy installation failed with the "purged object(s)" error message, even with only either Access Control or Treat Prevention ticked, or with accelerated installation disabled.
(Policy installation task would stay queued in SmartConsole and had to be cleared manually.)
Entering the Updates tool in a SmartConsole policy brought a "Failed to get DB object" error message.
IPS updates status showed a warning sign, with a "loading IPS update statuses" message when hovered on.
IPS database appears to be broken, and manual update went bad (using SmartConsole crashed SmartConsole, update using SMS failed or maybe restarted SMS not sure).
The real fix was just to manually switch the IPS database version (Policy Tools > IPS > drop-down menu > Switch to version).
I guess the management database revision I reverted to was so far away in time (still was just the previous one) that the referenced IPS version had been purged locally, and this broke the IPS state.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great job! I saw thats what the sk mentioned as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks!
Yeah, the SK mentioned the IPS manual update breakage, it just did not explain how to work around it. 😉
I guess TAC has a more involved solution, running a script to fix the database or something, but the version switch trick just worked.
Edit: sent feedback to the SK