Support Center > Search Results > SecureKnowledge Details
Upgrade from R77.20 to R77.30 fails due to conflict with hotfix "R77_20_HF9" (Bar Mitzvah)
Symptoms
  • Unable to upgrade from R77.20 to R77.30 fails with the following messages:

    [Expert@HostName]# ./UnixInstallScript
     ***********************************************************
     Welcome to Check Point R77.30 installation
     ***********************************************************
     Verifying installation environment for R77.30...Error!
     R77.30 installation was aborted due to:
    A fix conflict was detected during pre-install validation.
     To prevent system instability, installation will not continue.
     Please contact Check Point support with the following information:
    HFA Check Point Security Gateway R77 R77_30
    Conflict with hotfix R77_20_HF9 - details:
     01667373
     01695195
    A fix conflict was detected during pre-install validation.
     To prevent system instability, installation will not continue.
     Please contact Check Point support with the following information:
    HFA Check Point SecurePlatform R77 R77_30
    Conflict with hotfix R77_20_HF9 - details:
     01697528
    
Cause

A Gaia OS / SecurePlatform OS part of the currently installed "Bar Mitzvah" hotfix (sk106478) for R77.20 ("R77_20_HF9") is not integrated into R77.30.


Solution

Important Note: This procedure applies only to (and is only supported for) "Bar Mitzvah" hotfix for R77.20 ("R77_20_HF9") when upgrading to R77.30.

Follow these steps:

  1. Connect to command line on the involved R77.20 machine.

  2. Log in to Expert mode.
  3. Uninstall the "Bar Mitzvah" hotfix:

    Important Note: On Gaia OS, the uninstall method must match the installation method:

    • If the "Bar Mitzvah" hotfix ("R77_20_HF9") was installed via CPUSE, then it must be uninstalled via CPUSE
    • If the "Bar Mitzvah" hotfix ("R77_20_HF9") was installed via Legacy CLI, then it must be uninstalled via Legacy CLI

    Refer to sk107320 - How can you tell if a hotfix was installed on Gaia OS via CPUSE or via Legacy CLI.

    Click Here to Show Entire Section

    • On Gaia OS using CPUSE (Check Point Update Service Engine)

      1. Connect to the Gaia Portal on your Check Point machine and navigate to Upgrades (CPUSE) pane - click on Status and Actions.
      2. Select Installed in the menu near the Help icon.
      3. Select the hotfix package R77.20 Hotfix for sk106478 (Check Point Response to CVE-2015-2808 (Bar Mitzvah)) - click on More button on the toolbar - click on Uninstall.
        Example:
      4. Reboot is required.

      For detailed instructions see sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent).

      Notes:

      • In cluster environment, this procedure must be performed on all members of the cluster.
      • In Management HA environment, this procedure must be performed on both Management Servers.


    • On Gaia OS, SecurePlatform OS, Linux OS and IPSO OS (manual uninstall in Command Line)

      1. Download the hotfix package from sk106478 - from the section "Disabling RC4-including cipher suites for HTTPS Inspection, Mobile Access Portal, Identity Awareness Portal, ICA Portal, SmartManagement Portal, LDAP".
      2. Unpack the hotfix package into some directory.
      3. Go into that directory (where you just unpacked the hotfix package).
      4. Run the installation script with "-u" flag:
        # ./UnixInstallScript -u
      5. Reboot is required.

      Notes:

      • In cluster environment, this procedure must be performed on all members of the cluster.
      • In Management HA environment, this procedure must be performed on both Management Servers.


    • On Windows OS

      1. Go to Control Panel:
        • On Windows 2000 / 2003 - click on Add/Remove Programs
        • On Windows 2008 / Vista / 7 - click on Programs and Features
      2. Select the hotfix Check Point R77.20 Hotfix R77_20_HF9W - click on Uninstall button.
        Note: The script will stop all of Check Point services ('cpstop') - read the output on the screen.
      3. Reboot is required.

      Alternatively, run the installation program with '-u' flag:

      1. Open the elevated Command Prompt:
        Start - Programs - Accessories - right-click on 'Command Prompt' icon - select 'Run as administrator'.
      2. Navigate to the folder where you unpacked the hotfix package:
        DISK:\> cd "path_to_unpacked_hotfix_package"
      3. Run the installation program with '-u' flag:
        DISK:\path_to_unpacked_hotfix_package\> Setup.exe -u
      4. Reboot is required.

      Notes:

      • In cluster environment, this procedure must be performed on all members of the cluster.
      • In Management HA environment, this procedure must be performed on both Management Servers.
  4. Only on Gaia OS:

    1. Remove the "Bar Mitzvah" hotfix from Check Point Registry:

      [Expert@HostName]# $CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HOTFIX_R77_20_HF9

      [Expert@HostName]# $CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HotFixes HOTFIX_R77_20_HF9

    2. Remove the "Bar Mitzvah" hotfix from Check Point Hotfix database (crs.xml):

      [Expert@HostName]# $CPDIR/bin/CRSValidator -l /opt/SecurePlatform/conf/crs.xml -remove R77_20_HF9


  5. Start the upgrade to R77.30 again.

  6. Reboot the machine.

  7. Install the latest R77.30 Recommended Hotfix from sk106389.

 

Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment