This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kevin_Vargo
Collaborator
‎2018-06-11 08:56 PM

FW Fetch fails with "Failed to read database. Probably module was never installed"

Hi -

I've recently upgraded an R77.30 open server to R80.10 take 462.  This my ~6th cluster upgrade using this ISO on Dell R720/730 servers.  Once the OS was installed I setup mgmt and routing then ran the first time GUI wizard.  When complete, I SSH'd in and copied and pasted in the saved configuration.  I then reset SIC on the mgmt server and it is trusted/communicating. 

When I tried to push policy I get a 'failed timed out' message in the mgmt server after ~10 minutes.  Any other time policy pushes on any one of our ~14 clusters in 2-3 minutes. 

  • I validated the license is attached and see it in CPLIC print
  • After a reboot I did a FW unloadlocal and tried FW fetch mgmt ip address.  This also fails and the local/default policy was loaded. 
  • In TCPDump -i any host mgmt IP address | grep 18191 I see traffic between the gateway and mgmt server, but still no policy installs (via mgmt server or fw fetch). 
  • The cluster member is Active Attention and the upgraded box reads ClusterXL inactice or machine is down.  cpghaprob stat on the upgraded box reads HA module not started. 
  • I also verified the Masters file in $FWDIR/conf is set with the mgmt server host name, like our other 80.10 boxes.  I also added that mgmt server name and IP to the Host and DNS entry on the gateway. 

Not sure what else to try.  Outside of rebuilding again, I was looking for other suggestions? 

Thank you.


[Expert@8010gateway:0]# fw fetch (mgmt ip address)
Failed to read database.
Probably module was never installed

0 Kudos
4 Replies
Kaspars_Zibarts
Employee Employee
Employee
‎2018-06-12 12:51 PM

Feels like that option "this is part of Cluster" option was not selected during first time wizard if it shows HA module is not started. I would re-run FTW or better re-build it from scratch Smiley Happy

0 Kudos
Kevin_Vargo
Collaborator
‎2018-06-12 02:56 PM
In response to Kaspars_Zibarts

Interesting.  How does one go about re-running the first time wizard?  Could I just use CPConfig option 6?  Currently this box reads like it is part of a cluster, but I'm not sure.  Or - is there a command to tell me, similar to Magic MAC, or what it used to be?  Thanks for the lead!

This program will let you re-configure
your Check Point products configuration.


Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable cluster membership for this gateway
(7) Enable Check Point Per Virtual System State
(8) Disable Check Point ClusterXL for Bridge Active/Standby
(9) Disable Check Point SecureXL
(10) Check Point CoreXL
(11) Automatic start of Check Point Products

0 Kudos
Kevin_Vargo
Collaborator
‎2018-06-12 07:00 PM
In response to Kevin_Vargo

Opted to rebuild, but did find this comment/post by Enis Dunic regarding how to potentially re-run the first time wizard.  Thanks folks.

First time wizard how to in comment section

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events