Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mahadevan
Contributor

Checkpoint R81.10 API not running, Also SmartConsole showing "Serious problem and needs to Relaunch"

Hello Everyone,

We have installed Checkpoint version R81.10. We are having this issue where API is not running and also Smart Console is not starting up. It is asking us to relaunch even after restart the application,

FW1> api status

API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled

Processes:

Name State PID More Information
-------------------------------------------------
API Stopped 6256
CPM Started 6256 Check Point Security Management Server is running and ready
FWM Started 5842
APACHE Started 5233

Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: Small Medium env resources profile
CPM heap size: 1280m

Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------

API readiness test FAILED. The server is down and unable to receive connections!

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

 

 

-- When we try to start the API, we get below message, 

FW1> api start
2021-Nov-26 12:15:08 - Starting API ...
2021-Nov-26 12:15:08 - WARNING: File mgmt_api_profile_settings.xml not found.

 

Could you please let me know what needs to updated to get the API running for R81.10 and also get access to Smart console. Your help will be of great use to me and will be appreciated.


Regards
Mahadevan

 

 

0 Kudos
21 Replies
_Val_
Admin
Admin

What are the parameters of the server: RAM size, CPUs, HDD space?

Mahadevan
Contributor

Hello Val,

Thanks for your response, I have attached my Configuration. Please check it and let me know if that is sufficient. 

RAM - 11gb
CPU - 2

Storage - 200GB

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Management API is not running and you are not able to connect with SmartConsole (crashing during login) suggests something very basic is not working. I suggest also checking the following:

1| run cpwd_admin list to see the state of all Check Point services

2| Run ver to check the installed version

3| If possible run cpstop and cpstart to restart the services

4| If possible reboot the machine and check again.

As Valarie wrote the machine hardware (like diskspace and RAM) is also important.

 

 

Mahadevan
Contributor

Hello,

Thank you for you response. I have run the commands which you have listed. But when I check for the api status, Both API and FWM have stopped now. 

 

FW1> api status

API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled

Processes:

Name State PID More Information
-------------------------------------------------
API Stopped 12116
CPM Started 12116 Check Point Security Management Server is running and ready
FWM Stopped 0
APACHE Started 5013

Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: Medium env resources profile
CPM heap size: 1280m

Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------

API readiness test FAILED. The server is down and unable to receive connections!

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>' 

Please let me know any changes to make. Thanks again for your response. 

0 Kudos
Mahadevan
Contributor

Also For cpwd_admin list, FWM is also stopped and unable to start it. 

FW1> cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 11501 E 1 [09:29:23] 30/11/2021 N cpviewd
CPVIEWS 11506 E 1 [09:29:23] 30/11/2021 N cpview_services
SXL_STATD 11509 E 1 [09:29:23] 30/11/2021 N sxl_statd
CPD 11526 E 1 [09:29:23] 30/11/2021 Y cpd
MPDAEMON 11537 E 1 [09:29:24] 30/11/2021 N mpdaemon /opt/CPshrd-R81/log/mpdaemon.elg /opt/CPshrd-R81/conf/mpdaemon.conf
TP_CONF_SERVICE 11565 E 1 [09:29:24] 30/11/2021 N tp_conf_service --conf=tp_conf.json --log=error
CI_CLEANUP 11635 E 1 [09:29:27] 30/11/2021 N avi_del_tmp_files
CIHS 11638 E 1 [09:29:27] 30/11/2021 N ci_http_server -j -f /opt/CPsuite-R81/fw1/conf/cihs.conf
FWD 11654 E 1 [09:29:28] 30/11/2021 N fwd
FWM 0 T 0 [11:54:47] 30/11/2021 N fwm
STPR 11684 E 1 [09:29:28] 30/11/2021 N status_proxy
SPIKE_DETECTIVE 11713 E 1 [09:29:28] 30/11/2021 N spike_detective
CPM 12116 E 1 [09:29:30] 30/11/2021 N /opt/CPsuite-R81/fw1/scripts/cpm.sh -s
SOLR 15941 E 1 [09:30:41] 30/11/2021 N java_solr
RFL 15962 E 1 [09:30:41] 30/11/2021 N LogCore
SMARTVIEW 15987 E 1 [09:30:41] 30/11/2021 N SmartView
INDEXER 16067 E 1 [09:30:42] 30/11/2021 N /opt/CPrt-R81/log_indexer/log_indexer
SMARTLOG_SERVER 16094 E 1 [09:30:43] 30/11/2021 N /opt/CPSmartLog-R81/smartlog_server
REPMAN 16416 E 1 [09:30:48] 30/11/2021 N java_repository_manager
DASERVICE 16422 E 1 [09:30:48] 30/11/2021 N DAService_script
AUTOUPDATER 16438 E 1 [09:30:48] 30/11/2021 N AutoUpdaterService.sh

0 Kudos
the_rock
Champion
Champion

Im 99.99% sure I know why this is failing. If you look at the output of api start, it shows disabled. Now, Im not sure what cli command is to start is automatically, since you cant open dashboard, but let me check and I will get back to you. In the meantime, can you run api start from command line and see what happens? Then, if it works, run $FWDIR/scripts/./cpm_status.sh and see what it says.

Should show you below if its working:

 

[Expert@R81.10_MGMT:0]# $FWDIR/scripts/./cpm_status.sh
Check Point Security Management Server is running and ready
[Expert@R81.10_MGMT:0]#

 

Below links might be helpful:

 

https://community.checkpoint.com/t5/API-CLI-Discussion/Enabling-web-api/td-p/32641

https://sc1.checkpoint.com/documents/R80.30/SmartConsole_OLH/EN/html_frameset.htm?topic=documents/R8...

 

Mahadevan
Contributor

Hello,

Thanks for your response,

I have checked for the command you listed,

[Expert@FW1:0]# $FWDIR/scripts/./cpm_status.sh
Check Point Security Management Server is running and ready

 

But when I check for the API status,

[Expert@FW1:0]# api status

API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled

Processes:

Name State PID More Information
-------------------------------------------------
API Stopped 12116
CPM Started 12116 Check Point Security Management Server is running and ready
FWM Stopped 0
APACHE Started 5013

Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: Medium env resources profile
CPM heap size: 1280m

Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------

API readiness test FAILED. The server is down and unable to receive connections!

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

Could you please let me know what to check and update in order to get API and FWM started.

Thanks again for your response. Kindly let me know the changes to make. 

0 Kudos
mcatanzaro
Employee
Employee

Hi,

SmartConsole should connect regardless of if the api is up or not.

Though the error you are seeing with SmartConsole would normally be related to insufficient resources or a corrupted install.

As far as the api not starting, please see sk168832.

The postgres query would be different for R81 and would require a SR to get sorted.

I find it interesting that automatic start is disabled. 

From my lab it doesn't appear you can disable automatic start on R81.10:

api 3.png

This would make sense as the api server shares a pid with CPM starting in R81.

I tried replicating the issue in my lab but mgmt_api_profile_settings.xml is automatically recreated upon the process starting:

api 1.png

api 2.png

api 4.png

 

Mahadevan
Contributor

Hello,

Thanks for your response, File mgmt_api_profile_settings.xml not found. 
I have downloaded the right file and for some reason above file is not present and it is showing as the cause for api and fwm not starting.


[Expert@FW1:0]# api status

API Settings:
---------------------
Accessibility: Unknown
Automatic Start: Disabled

Processes:

Name State PID More Information
-------------------------------------------------
API Stopped 12116
CPM Started 12116 Check Point Security Management Server is running and ready
FWM Stopped 0
APACHE Started 5013

Port Details:
-------------------
JETTY Internal Port: 0
JETTY Documentation Internal Port: 0
APACHE Gaia Port: 443

Profile:
-------------------
Machine profile: Medium env resources profile
CPM heap size: 1280m

Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: The API Server Is Not Running!
--------------------------------------------

API readiness test FAILED. The server is down and unable to receive connections!

Notes:
------------
To collect troubleshooting data, please run 'api status -s <comment>'

 

Could you please let me know what is the changes to make. Your will response will of great help to me. 

0 Kudos
JozkoMrkvicka
Leader
Leader

Do you have valid license ?

You can check it using command "cplic print"

Kind regards,
Jozko Mrkvicka
Mahadevan
Contributor

Hello Jozko,

Thanks for your response, I have tried the command got the below result, 

cplic print
Host Expiration Features

 

======================================================================
Check Point product trial period will expire in 15 days.
Until then, you will be able to use the complete Check Point Product Suite.
Please obtain a permanent license from Check Point User Center at:
https://usercenter.checkpoint.com/pub/usercenter/get_started.html
======================================================================

0 Kudos
Omer_Kleinstern
Employee
Employee

Hi @Mahadevan ,

 

Did you install the management as "secondary"?

 

Thanks,

Omer

Mahadevan
Contributor

Hello Omer,

Thanks for your response. While installing Checkpoint image, I have chosen the file in the IDE secondary master. I have posted an image below. Please check it. 

Also I am getting the issue for File mgmt_api_profile_settings.xml not found while starting the API. 
Both API and FWM are stopped. Not starting after cpstop and cpstart. 

Could you please let me know the changes to make ?? Thanks again for your response. 

0 Kudos
_Val_
Admin
Admin

That is not what Omer is asking. During the Gaia config process, you need to choose Primary:

_Val__20-1591874721355.png

For the full installation process, look here: https://community.checkpoint.com/t5/Check-Point-for-Beginners-2-0/Part-3-Installing-Security-Managem...

Mahadevan
Contributor

Hello Val,

I apologize for replying with wrong information. Yeah During the Gaia config process, I have selected Primary. I did not change it to Secondary. 

0 Kudos
Mahadevan
Contributor

Hello Omer,

Thanks for your response. I am having issue with mgmt_api_profile_settings.xml file . When I try to initiate api with command "api start", it shows not file not found. 

I have also checked sk168832,
Could you please let me know where the file can be found as currently we do not have running server for same version. 

I apologize if the issue is basic, we are stuck at this stage and unable to perform other actions to generate logs. 

0 Kudos
Omer_Kleinstern
Employee
Employee

CPM 12116 E 1 [09:29:30] 30/11/2021 N /opt/CPsuite-R81/fw1/scripts/cpm.sh -s

 

Are you sure you installed R81.10?

0 Kudos
Mahadevan
Contributor

Hello Omer,

Thanks for your response. Sorry for the confusion,

I have checked for both versions and issue is occurring even in R81.10. Output for cpwd_admin list is from R81 but the issue - 

mgmt_api_profile_settings.xml file not found while initiating api has been occuring in both versions. (R81.10 as well)

Could you please redirect me to download link for R81.10 where .xml file issue will not occur ?? Thanks again for response

0 Kudos
Omer_Kleinstern
Employee
Employee

Can you share the output of:

$CPDIR/bin/cpprod_util FwIsPrimary

And:

$CPDIR/bin/cpprod_util FwIsActiveManagement

0 Kudos
Mahadevan
Contributor

Hello Omer,

Thanks for the commands, I have tried got the below output

[Expert@FW1:0]# $CPDIR/bin/cpprod_util FwIsPrimary
1
[Expert@FW1:0]# $CPDIR/bin/cpprod_util FwIsActiveManagement
1

Can you please let me know if this is the desired output ? 

0 Kudos
Omer_Kleinstern
Employee
Employee

Hi @Mahadevan ,

 

Yes, this is the desired output.

I sent you an email with more details that I need.

Please also open a TAC case.

 

Thanks,

Omer