Solved

checkpoint failure while copying files to compatibility package directory

Posted on 2009-07-13
6
2,112 Views
Last Modified: 2012-05-07
We are getting error "Failure while copying files to compatibility package directory" and "Operation Ended with Errors" when we try to install a new policy on our Checkpoint firewalls.

We have a pair of R60's running HFA_05, hotfix 605 and have a dedicated mgmt host (R61). We have not rebooted them for a couple of years. Unfortunately we have no support contract and cannot call Checkpoint for advice.

We checked disk space and there is plenty of it for new policies. We considered simply rebooting but are concerned it may not come back up.

Has anyone seen this error before? Also, are there per/hr support options from 3rd party Checkpoint solution providers? Any that experienced Checkpoint folks can recommend?
0
Comment
Question by:skipervarg
  • 3
  • 3
6 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 24843730
Sadly in this case it may require CP assistance with which you say, is nit supported.

We have 2 options, remove the compat packages that are causing the issue or purchase CP support and upgrade to R65/R70

This is more than likely a software issue and will require the in depth knowledge of CP to correct, unless we have a closet CP developer out there,
0
 

Author Comment

by:skipervarg
ID: 24853679
Hi Deimark,

Thanks for your suggestion. Some more information that may help steer the ship:
1. We have not installed any additional compat packages in at least 1.5 years.
2. We have been able to successfully apply new rules on almost a weekly basis until now.
3. The firewalls and mgmt devices have ~715 days of uptime.
4. Someone else suggested this solution: http://www.cpug.org/forums/nokia-ipso/7416-fail-install-policy.html

Perhaps we should try rebooting the mgmt host first - do you know if it is possible to do so without affecting the firewall (we have a distributed installation)?

thanks kindly.
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 500 total points
ID: 24853797
Rebooting the mgmt server does not affect any firewall at all bud.

All you will get is that while the smartcentre is down, the firewall will log locally instead of sending to the smartcentre.  There are steps you can take to recover these logs from the firewall, but if there is little traffic, there is little benefit in copying across the few minutes worth of logs.

Rebooting the mgmt doe snto affect the traffic going through the firewalls.

Having a look at the article you post there it all makes sense and I would give it a go bud.

One comment thought, I would leave the backup registry file, no need to delete it, not untill you are fully happy that its working fine for a week or so.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:skipervarg
ID: 24864314
Deimark,

It turns out we do not have the standard or expert passwords for console access! So we cannot even try the steps in the article...we inherited this box so no means to get it from the last admin.

Is there a known password reset procedure for both passwords? All we have at this point is the console password for access the mgmt UI.

ack!
0
 

Author Comment

by:skipervarg
ID: 24867082
Just a quick followup

1. We were missing the standard and expert passwords so I booted from a RH5 Rescue CD and edited the following file: /etc/shadow - I removed the admin password, saved the file. I inspected the /etc/passwd file and noticed that there was no "admin" account, just "root".
2. I rebooted into normal mode, logged in as root, dropped into expert mode and executed the passwd command to replace the standard password.
3. I did a check of the drivespace on the filesystem, (df-h) and noticed the /var partition was 100% full. Most of that was in the logs directory.
4. I did a cpstop, cleared out the logs, then cpstart and everything was ok.

Thanks for your suggestions and help.
0
 
LVL 18

Expert Comment

by:deimark
ID: 24867227
Glad to hear its all working now bud
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now