I'm not sure if I can put this down to Karma or just plain luck, but I was knee deep in some recent upgrade work that wasn't travelling too well but managed to get it sorted with a bit of help from the customer.
The job was to upgrade a distributed Check Point installation to the new, all shinny R70.20. (up from NGX R65). H/A management is running on Windows 2003, the firewalls on SPLAT. I completed all the preliminary backups, license exports, etc, so I could get back to were I started if it all went bad then proceeded to run the R70 upgrade. Click, click, click, reboot. When the server came back up, I began the work to confirm the product was operating as expected. SmartDashboard connection --> failed, services check --> sort of looks OK, Check Point stuff listed, cmd window cpstop/cpstart --> fail.
C:\>cpstart
cpstart: Starting product - SVN Foundation
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
cpstart: Starting product - VPN-1
System error 1075 has occurred.
The dependency service does not exist or has been marked for deletion.
cpstart: Starting product - SmartView Monitor
SmartView Monitor is disabled .
cpstart: Starting product - SVN Foundation
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
cpstart: Starting product - VPN-1
System error 1075 has occurred.
The dependency service does not exist or has been marked for deletion.
cpstart: Starting product - SmartView Monitor
SmartView Monitor is disabled .
Nice, I was seeing a service dependancy error and it was on the foundation service. Now I didn't get any install errors and everything looked OK, so I compare the list of installed services against the secondary management server and sure enough, the foundation service was missing.
So a few Google, CPUG, Secure Knowlege searches later, I was no closer to resolving it with that majic one hit fix, so I could be facing a rollback or reinstall to get this server going.again . Called over the customer and had a chat about where I was at and what I though was wrong in that the installer had failed to register the foundation service. Software appeared to be installed OK as the following command would give build number.
C:\>cpshared_ver
This is Check Point SVN Foundation (R) Version R70 - Build 153
This is Check Point SVN Foundation (R) Version R70 - Build 153
We chatted around the windows command to register a service, and through a bit of experimentation, came up with the following:
> sc create CPSHAREDSVC binpath= "c:\Program Files\CheckPoint\CPShared\R70\bin\cpsharedsvc.exe" start= auto DisplayName= "Check Point SVN Foundation"
That was it, cpstart was now happy and management all checked out.
C:\>cpstart
cpstart: Starting product - SVN Foundation
The Check Point SVN Foundation service is starting.
The Check Point SVN Foundation service was started successfully.
cpstart: Starting product - VPN-1
The Check Point FireWall-1 service is starting.
The Check Point FireWall-1 service was started successfully.
cpstart: Starting product - SmartView Monitor
SmartView Monitor is disabled.
Note: Keep in mind that the windows sc command is a bit random in its use of spaces after the 'arg='.
exit -0
No comments:
Post a Comment