Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Matthias42
Explorer

fwm/cpm not starting after backup-restore - Waiting until NGM server is up

Hi,

 

This is on a Checkpoint R80.10 Management-only standalone Server (no MDM).

Problem: no smartcenter connection possible, cannot manage firewall.


Steps performed that led to the problem:

1. An attempted upgrade via GAIA-WebGUI failed.

2. To recover, installed R80.10 from DVD, + Jumbo Patch.

3. backup restore local -> no errors, but also no logfile.

4. After reboot, no smartconsole connection possible

5. fwm daemon is started/running, but does NOT listen on its port 19009.
    netstat -anp | grep 190
    (shows nothing)


There is an error message in:
/var/log/opt/CPsuite-R80/fw1/log/fwm.elg


 Waiting until NGM server is up




What is NGM?
How can i fix this problem?

 

 

Some more details:

 cpwd_admin list
APP        PID    STAT  #START  START_TIME             MON  COMMAND
CPVIEWD    22866  E     1       [16:03:09] 27/5/2022   N    cpviewd
HISTORYD   22869  E     1       [16:03:09] 27/5/2022   N cpview_historyd
CPD        22891  E     1       [16:03:09] 27/5/2022   Y    cpd
FWD        22978  E     1       [16:03:10] 27/5/2022   N    fwd -n
FWM        22982  E     1       [16:03:10] 27/5/2022   N    fwm
CPM        23382  E     1       [16:03:10] 27/5/2022   N /opt/CPsuite-R80/fw1/scripts/cpm.sh -s
SOLR       23521  E     1       [16:03:11] 27/5/2022   N    java_solr /opt/CPrt-R80/conf/jetty.xml
RFL        23559  E     1       [16:03:11] 27/5/2022   N    LogCore
SMARTVIEW  23617  E     1       [16:03:11] 27/5/2022   N    SmartView
INDEXER    23789  E     1       [16:03:11] 27/5/2022   N /opt/CPrt-R80/log_indexer/log_indexer
SMARTLOG_SERVER 23899  E     1       [16:03:11] 27/5/2022   N /opt/CPSmartLog-R80/smartlog_server
DASERVICE  24379  E     1       [16:03:11] 27/5/2022   N DAService_script
AUTOUPDATER 24397  E     1       [16:03:11] 27/5/2022   N AutoUpdaterService.sh
LPD        24710  E     1       [16:03:18] 27/5/2022   N    lpd



 cpinfo -y all

This is Check Point CPinfo Build 914000227 for GAIA
[IDA]
    HOTFIX_R80_10
[CPFC]
    HOTFIX_R80_10_JUMBO_HF
    HOTFIX_R80_10
[FW1]
    HOTFIX_NGM_DOCTOR_AUTOUPDATE
    HOTFIX_R80_10_JUMBO_HF
    HOTFIX_R80_10

FW1 build number:
This is Check Point Security Management Server R80.10 - Build 066
This is Check Point's software version R80.10 - Build 240
[SecurePlatform]
    HOTFIX_R80_10_JUMBO_HF

...

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

R80.10 is End of Support, just FYI.

cpm is actually what listens on port 19009 (now fwm, which listens on port 18190).
On what precise hardware is this?
If this is Open Server or VM, please specify the number of cores and the amount of RAM installed/allocated.

Matthias42
Explorer

Hi PhoneBoy,

 

it is a OpenServer, Dell PE R730, 10Core  CPU E5-2630 v4 @ 2.20GHz, 16GB RAM, 2TB Disk (about 1% used). 

I have no process named cpm and nothing is listening on TCP18190.

R80.10 being EOL was the reason for the (failed) update...

 

If i look into cpm.elg, i see truncated java crash traces. One line stands out:

 

Caused by: com.checkpoint.infrastructure.utils.runtime.CpAssertionError: failed to load SIC cert file

 

Which file is that? Do you thing this is the problems cause or just another symptom?

0 Kudos
the_rock
Champion
Champion

I agree with @PhoneBoy . Can you also run this and see what you get:

cd $FWDIR/scripts

./cpm_status.sh

Andy

0 Kudos
Matthias42
Explorer

Hi the_rock,

# ./cpm_status.sh
Check Point Security Management Server failed to start

 

No cpm process is running

0 Kudos