This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HansKazan
Contributor
2 weeks ago
Jump to solution

Maestro R81.20 SGM downgrading JHF upon joining SG (SMO has required JHF)

Hello CheckMates I am back with another question that you may be able to help me out with!

I have started staging a Maestro environment and noticed something curious that I am unsure about. I staged the security group with 1 SGM and upgraded all SGMs seperate to R81.20 and the latest Hotfix. However, when I let the other SGMs join the SG, after rebooting they would downgrade to R81.20 without any Hotfix installation and refuse to join the cluster because of a FullSync problem.

Is this intended behavior? If so, how will I be able to avoid encountering the same issue in the future? I followed the full upgrade guide from R81.10 to R81.20 including updating the DA before upgrading to R81.20. I intend to reboot and install the same hotfix on the SGMs if they don't end up syncing properly and see if that resolves the problem (issue has not yet been resolved).

Product: MHO-140's and 6700 SGM's with a Smart-1 Cloud management connection for staging with a basic any/any accept policy installed.

Thank you for sharing your valuable knowledge with me!

 

[Expert@SMO]# cphaprob list

Registered Devices:

Device Name: during_upgrade
Registration number: 4
Timeout: none
Current state: problem
Time since last report: 11219.7 sec

 

[Expert@SGM-2]# cphaprob list

Registered Devices:

Device Name: Fullsync
Registration number: 0
Timeout: none
Current state: problem
Time since last report: 0.1 sec

 

[Expert@SMO]# cpinfo -y all

This is Check Point CPinfo Build 914000239 for GAIA
[IDA]
No hotfixes..
[CPFC]
No hotfixes..
[FW1]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 53
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE
HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 024
kernel: R81.20 - Build 032
[SecurePlatform]
HOTFIX_ENDER_V17_AUTOUPDATE
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 53
[SMO]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 53
[CPinfo]
No hotfixes..
[PPACK]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 53
[AutoUpdater]
No hotfixes..
[DIAG]
No hotfixes..
[CVPN]
HOTFIX_R81_20_JUMBO_HF_MAIN Take: 53
HOTFIX_ESOD_CSHELL_AUTOUPDATE
[cpsdc_wrapper]
HOTFIX_CPSDC_AUTOUPDATE
[CPUpdates]
BUNDLE_GENERAL_AUTOUPDATE Take: 18
BUNDLE_INFRA_AUTOUPDATE Take: 65
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 27
BUNDLE_ENDER_V17_AUTOUPDATE Take: 26
BUNDLE_R81_20_JUMBO_HF_MAIN Take: 53
BUNDLE_CORE_FILE_UPLOADER_AUTOUPDATE Take: 21
BUNDLE_R80_40_MAAS_TUNNEL_AUTOUPDATE Take: 60
BUNDLE_HCP_AUTOUPDATE Take: 70
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 128
BUNDLE_ESOD_CSHELL_AUTOUPDATE Take: 20
BUNDLE_CPVIEWEXPORTER_AUTOUPDATE Take: 34
BUNDLE_CPOTELCOL_AUTOUPDATE Take: 77
BUNDLE_CPSDC_AUTOUPDATE Take: 34
[CPotelcol]
HOTFIX_OTLP_GA
[CPviewExporter]
HOTFIX_OTLP_GA
[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE
[core_uploader]
HOTFIX_CHARON_HF
[CPDepInst]
No hotfixes..

 

[Expert@SGM-2# cpinfo -y all

This is Check Point CPinfo Build 914000231 for GAIA
[IDA]
No hotfixes..
[CPFC]
No hotfixes..
[FW1]
HOTFIX_GOT_TPCONF_AUTOUPDATE
HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 703
kernel: R81.20 - Build 597
[SecurePlatform]
No hotfixes..
[SMO]
No hotfixes..
[CPinfo]
No hotfixes..
[PPACK]
No hotfixes..
[AutoUpdater]
No hotfixes..
[DIAG]
No hotfixes..
[CVPN]
No hotfixes..
[cpsdc_wrapper]
HOTFIX_CPSDC_AUTOUPDATE
[CPUpdates]
BUNDLE_ESOD_CSHELL_AUTOUPDATE Take: 20
BUNDLE_CORE_FILE_UPLOADER_AUTOUPDATE Take: 17
BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 124
BUNDLE_R80_40_MAAS_TUNNEL_AUTOUPDATE Take: 60
BUNDLE_CPOTELCOL_AUTOUPDATE Take: 77
BUNDLE_CPSDC_AUTOUPDATE Take: 29
BUNDLE_HCP_AUTOUPDATE Take: 62
BUNDLE_CPVIEWEXPORTER_AUTOUPDATE Take: 34
[CPotelcol]
HOTFIX_OTLP_GA
[CPviewExporter]
HOTFIX_OTLP_GA
[hcp_wrapper]
HOTFIX_HCP_AUTOUPDATE
[core_uploader]
HOTFIX_CHARON_HF
[CPDepInst]
No hotfixes..

0 Kudos
1 Solution

Accepted Solutions
emmap
Employee
Employee
2 weeks ago
Jump to solution

[Expert@SMO]# cphaprob list

Registered Devices:

Device Name: during_upgrade
Registration number: 4
Timeout: none
Current state: problem
Time since last report: 11219.7 sec

This is a problem, it seems like the sp_upgrade script did not finish cleanly. You can try running 'sp_upgrade --cleanup' to clear that. I don't know what would cause the JHF to be removed (or at least the registry to think it is) but that flag on the SMO needs to be resolved before troubleshooting anything else.

View solution in original post

(1)
3 Replies
emmap
Employee
Employee
2 weeks ago
Jump to solution

[Expert@SMO]# cphaprob list

Registered Devices:

Device Name: during_upgrade
Registration number: 4
Timeout: none
Current state: problem
Time since last report: 11219.7 sec

This is a problem, it seems like the sp_upgrade script did not finish cleanly. You can try running 'sp_upgrade --cleanup' to clear that. I don't know what would cause the JHF to be removed (or at least the registry to think it is) but that flag on the SMO needs to be resolved before troubleshooting anything else.

(1)
HansKazan
Contributor
2 weeks ago
In response to emmap
Jump to solution

Thank you so much, this solved the problem within a second!

 

[Expert@SMO]# sp_upgrade --cleanup Multi-Version Cluster (MVC) is supported for Upgrade from current version. Performing cleanup... VSX is not supported on this platform 1_01: 1_02: Upgrade finished successfully.

 

nimloss.png

0 Kudos
emmap
Employee
Employee
2 weeks ago
In response to HansKazan
Jump to solution

Glad to hear it, thank you for the feedback.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫