R77.30 -> R80.20 Verification Failure

Rikus_van_Tond1 · ‎2019-08-22

Hi,

Has anyone seen the below verification error.

I have already upgraded different clusters (XL and VSX) using exactly the same process and packages. The upgrade verify has also previously passed on the exact same gateways that its failing on from last night.

What is funny is the R80.10 install pass successfully, however I don't want to upgrade to R80.10 because I have already upgraded numerous clusters successfully. It's just all of a sudden from last night where it started to fail.

Below I'm sharing the outputs for R80.20 and R80.10, maybe it something small I am missing.

R80.20

installer verify
** ************************************************************************* **
** Hotfixes **
** ************************************************************************* **
Num Display name Type
1 Check Point CPinfo build 191 for R77, R77.10,
R77.20, R77.30 Hotfix
** ************************************************************************* **
** Blink Images **
** ************************************************************************* **
Num Display name Type
2 R77.30 Security Gateway for 3K/5K/15K/23K
appliances Blink Version
3 R77.30 Security Gateway + JHF T302 for
3K/5K/15K/23K appliances Blink Version
4 R80.10 Security Gateway for appliances and
Open servers Blink Version
5 R80.10 Security Gateway + JHF T103 for
appliances and Open servers Blink Version
6 [Latest] R80.20 Security Gateway for
appliances and Open servers Blink Version
** ************************************************************************* **
** Majors **
** ************************************************************************* **
Num Display name Type
7 R77.10 Fresh Install and Upgrade from R76 Major Version
8 R77.20 Fresh Install and Upgrade from R75.4X /
R75.40VS / R76 Major Version
9 R77 Fresh Install and Upgrade from R71.50 /
R75.X / R76 Major Version
10 R80.10 Fresh Install and Upgrade from R7X Major Version
11 R80.20.M2 Fresh Install and Upgrade for
Security Management Major Version
12 R80.20 Fresh Install and Upgrade for Security
Gateway and Standalone Major Version
13 R80.20 Fresh Install and Upgrade for Security
Management Major Version
14 R80.30 Fresh Install and Upgrade for Security
Gateway and Standalone Major Version
GatewayX:0> installer verify 12
Info: Initiating verify of Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz...
Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
Result: Verifier results Package: R80.20 Fresh Install and Upgrade for Security Gateway and Standalone Clean Install: Installation is allowed. Upgrade: The following results are not compatible with the package:
- Machine's configuration is 'VSX'
The R80.20 image you imported is not supported on:
- Security Management or Multi-Domain Server
- Cluster Load Sharing
- xfs file system

R80.10

R75.X / R76 Major Version
10 R80.10 Fresh Install and Upgrade from R7X Major Version
11 R80.20.M2 Fresh Install and Upgrade for
Security Management Major Version
12 R80.20 Fresh Install and Upgrade for Security
Gateway and Standalone Major Version
13 R80.20 Fresh Install and Upgrade for Security
Management Major Version
14 R80.30 Fresh Install and Upgrade for Security
Gateway and Standalone Major Version
GatewayX:0> installer verify 10
Info: Initiating verify of Check_Point_R80.10_T479_Fresh_Install_and_Upgrade_from_R7X.tgz...
Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
Result: Verifier results Package: R80.10 Fresh Install and Upgrade from R7X Clean Install: Installation is allowed. Upgrade: Upgrade is allowed

Thank you

Tal_Paz-Fridman · ‎2019-08-22

Hi

Does you Cluster used Load Sharing? If so it is not supported in R80.20.

It is stated in the Known Limitations and the message given by the Verifier also includes it:

ClusterXL R80.20 and above does not support Load Sharing mode. Therefore, SmartConsole blocks such configuration with a warning message.

Tal

Rikus_van_Tond1 · ‎2019-08-22

Hi Tal,

This is VSX system that consist out of 2 physical chassis with 8 virtual systems on it. The split 4 virtual systems per chassis.

Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable cluster membership for this gateway
(7) Disable Check Point Per Virtual System State
(8) Enable Check Point ClusterXL for Bridge Active/Standby
(9) Hyper-Threading
(10) Disable Check Point SecureXL
(11) Check Point CoreXL
(12) Automatic start of Check Point Products

I have upgraded other clusters with similar configuration successfully, also the same verification used to pass until the night of my upgrade.

Tal_Paz-Fridman · ‎2019-08-22

Hi @Boaz_Orshav and @Liat_Cihan

Can you please look at this issue?

Thanks

Tal

Omer_Woloch · ‎2019-08-22

Please collect the CPUSE log files using this command:

da_cli collect_logs

And upload the archive.

Regards,

Omer Woloch

Rikus_van_Tond1 · ‎2019-08-22

How do I upload to archive?

Side note I tried the new version of CPUSE 1751 (released 19 Aug) and it's also failing. I have upgraded the other VSX clusters on build 1731 where it started failing from last night.

Arik_Ovtracht · ‎2019-08-25

Hi,

We discovered an issue with the verification of upgrades on VSX, which was introduced recently. Due to the issue, upgrades on VSX are currently blocked.

We will be releasing a fix for the issue via the cloud in the next few days. I will update here once the fix is released, and you should be able to do the upgrade then.

Rikus_van_Tond1 · ‎2019-08-25

Thank you, will the fix be released as an update to CPUSE engine? I just want to be aware so that I can keep an eye out for the update.

Arik_Ovtracht · ‎2019-08-25

The fix will be released as an automatic update without needing to update CPUSE.

I will update here once we release it.

Arik_Ovtracht · ‎2019-08-29

Hi,

the fix for this issue was released.

Rikus_van_Tond1 · ‎2019-08-29

Working, thanks guys!

Manoj_Rawat · ‎2019-08-29

Hi, Can you please specify the fix. As we are also facing the same issue.

_Val_ · ‎2019-08-30

@Manoj_Rawat use the lates CPUSE upgrade package

Manoj_Rawat · ‎2019-08-29

Hi Arik,

Can you please specify what is the fix and what I need to do.
We are also facing the same issue.
Your response will be appreciated
Thanks.

Arik_Ovtracht · ‎2019-09-03

Hi,

The issue was incorrect blocking of upgrade on VSX machines. It was distributed OTA (via the cloud) a few weeks ago, and since then, VSX machines which are connected to the cloud have not been able to upgrade.

The fix was delivered OTA (via the cloud) and would get to all machines which are connected to the cloud automatically.

If your machine was online before (so it got the bug) but is offline now (so it cannot get the fix), you will need to connect it to the cloud and use the CPUSE 'check for updates' to get the fix.

Are you a member of CheckMates?

R77.30 -> R80.20 Verification Failure