Solved

checkpoint failure while copying files to compatibility package directory

Posted on 2009-07-13
6
2,158 Views
Last Modified: 2012-05-07
We are getting error "Failure while copying files to compatibility package directory" and "Operation Ended with Errors" when we try to install a new policy on our Checkpoint firewalls.

We have a pair of R60's running HFA_05, hotfix 605 and have a dedicated mgmt host (R61). We have not rebooted them for a couple of years. Unfortunately we have no support contract and cannot call Checkpoint for advice.

We checked disk space and there is plenty of it for new policies. We considered simply rebooting but are concerned it may not come back up.

Has anyone seen this error before? Also, are there per/hr support options from 3rd party Checkpoint solution providers? Any that experienced Checkpoint folks can recommend?
0
Comment
Question by:skipervarg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 24843730
Sadly in this case it may require CP assistance with which you say, is nit supported.

We have 2 options, remove the compat packages that are causing the issue or purchase CP support and upgrade to R65/R70

This is more than likely a software issue and will require the in depth knowledge of CP to correct, unless we have a closet CP developer out there,
0
 

Author Comment

by:skipervarg
ID: 24853679
Hi Deimark,

Thanks for your suggestion. Some more information that may help steer the ship:
1. We have not installed any additional compat packages in at least 1.5 years.
2. We have been able to successfully apply new rules on almost a weekly basis until now.
3. The firewalls and mgmt devices have ~715 days of uptime.
4. Someone else suggested this solution: http://www.cpug.org/forums/nokia-ipso/7416-fail-install-policy.html

Perhaps we should try rebooting the mgmt host first - do you know if it is possible to do so without affecting the firewall (we have a distributed installation)?

thanks kindly.
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 500 total points
ID: 24853797
Rebooting the mgmt server does not affect any firewall at all bud.

All you will get is that while the smartcentre is down, the firewall will log locally instead of sending to the smartcentre.  There are steps you can take to recover these logs from the firewall, but if there is little traffic, there is little benefit in copying across the few minutes worth of logs.

Rebooting the mgmt doe snto affect the traffic going through the firewalls.

Having a look at the article you post there it all makes sense and I would give it a go bud.

One comment thought, I would leave the backup registry file, no need to delete it, not untill you are fully happy that its working fine for a week or so.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:skipervarg
ID: 24864314
Deimark,

It turns out we do not have the standard or expert passwords for console access! So we cannot even try the steps in the article...we inherited this box so no means to get it from the last admin.

Is there a known password reset procedure for both passwords? All we have at this point is the console password for access the mgmt UI.

ack!
0
 

Author Comment

by:skipervarg
ID: 24867082
Just a quick followup

1. We were missing the standard and expert passwords so I booted from a RH5 Rescue CD and edited the following file: /etc/shadow - I removed the admin password, saved the file. I inspected the /etc/passwd file and noticed that there was no "admin" account, just "root".
2. I rebooted into normal mode, logged in as root, dropped into expert mode and executed the passwd command to replace the standard password.
3. I did a check of the drivespace on the filesystem, (df-h) and noticed the /var partition was 100% full. Most of that was in the logs directory.
4. I did a cpstop, cleared out the logs, then cpstart and everything was ok.

Thanks for your suggestions and help.
0
 
LVL 18

Expert Comment

by:deimark
ID: 24867227
Glad to hear its all working now bud
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question