Multi-Domain Server upgrade from R77.30 fails due to database corruption in CMA

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk170258
Technical Level
Product	Multi-Domain Security Management
Version	R80.10 (EOL), R80.20, R80.30, R80.40
OS	Gaia
Platform / Model	All
Date Created	29-Oct-2020
Last Modified	03-Nov-2020

Symptoms

The /opt/CPInstLog/import_mds.DDMMYYY-HHMMSS.log file shows:

*** This is either not active or primary - do nothing Error: Importing Domain Management Server CMA_Name failed. See installation log for details or contact Check Point Support.
The $MDS_FWDIR/log/cpm_for_cpdb-DDMMYYY-HHMMSS.elg shows:

DATE TIME,PID ERROR coresvc.internal.SerializationContextImpl [qtp1601331284-519]: Failed to deserialize object 'Client Auth' of class com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate. set: . Error: java.lang.NumberFormatException: For input string: "cts+ip-X.X.X.X" ... ... DATE TIME,PID INFO coresvc.internal.FwsetFixerManager [qtp1601331284-519]: Trying to fix Client Auth with class name com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate DATE TIME,PID ERROR coresvc.internal.FwmSvcImpl [qtp1601331284-519]: Original exception. Failed to deserialize object ("Client Auth" :AdminInfo ( :chkpf_uid ("{B8568F5D-48EB-40AE-AECC-62742BB16DB7}") :ClassName (client_authenticate) :table (setup) ) ... :action (accept) :clauth_refreshable (true) :clauth_to_hours ("cts+ip-X.X.X.X") :clauth_to_infinite (false) ... ... ) . Skipping update - FIX THE DESERIALIZE!!! error: Failed to deserialize object 'Client Auth' of class com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate. set: . Error: java.lang.NumberFormatException: For input string: "cts+ip-X.X.X.X" java.lang.RuntimeException: Failed to deserialize object 'Client Auth' of class com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate. set: . Error: java.lang.NumberFormatException: For input string: "cts+ip-X.X.X.X"
The /opt/CPmds-R77/customers/CMA_Name/CPsuite-R77/fw1/log/upgrade_log-DDMMYYY-HHMMSS.elg file shows:

@MDS_HOST[DATE 17:16:56] [CUpgradeSecurityRule::Execute] policiesCollectionName : 'POLICY_NAME' @MDS_HOST[DATE 17:16:56] [CUpgradeSecurityRule::Execute] Upgrading application control policy '##POLICY_NAME' @MDS_HOST[DATE 17:20:40] [UpgradeToRenaissanceInfra::invokeUpgradeOnCpmServer] FATAL ERROR: Java migration failed, id = 46, response is 1 @MDS_HOST[DATE 17:20:40] [CUpgradeSecurityRule::Execute] FATAL ERROR: Could not upgrade application control policy '##POLICY_NAME' @MDS_HOST[DATE 17:20:40] [CUpgradeRule_Impl::Apply] ERROR: Failed to execute an action. Upgrade may fail. @MDS_HOST[DATE 17:20:40] [CUpgradeRulesList_Impl::Apply] FATAL ERROR: Failed to apply an upgrade rule to an object '##POLICY_NAME' from a table 'fw_policies' @MDS_HOST[DATE 17:20:40] [CManualUpgradeMgr_Impl::PerformUpgrade] ERROR: Could not execute rule list for version 'R77' @MDS_HOST[DATE 17:20:40] [CUpgradeMgr::PerformManualUpgrade] ERROR: Failed to perform Manual Upgrade @MDS_HOST[DATE 17:20:40] [CUpgradeMgr::PerformUpgrade] ERROR: Upgrade actions for manual upgrade had failed @MDS_HOST[DATE 17:20:41] [writeUpgradeResult] The path to result file is: '/opt/CPmds-R80.40/customers/CMA_Name/CPsuite-R80.40/fw1/log/upgrade_result' @MDS_HOST[DATE 17:20:41] [writeUpgradeResult] Wrote the following to the result file: '80004005' @MDS_HOST[DATE 17:20:41] [CCPDBMain::Run] cpdb ended with result '0x80004005' (Unspecified error).

'POLICY_NAME' is a rulebase name.

Cause

CMA Database corruption.

Invalid entry for “client_to_hours” field in file rulebases_5_0.fws.

According to classes.C (/var/opt/CPmds-R77/customers/CMA_Name/CPsuite-R77/fw1/conf/classes.C) the field "clauth_to_hours" value should he in hours (0~24).
Therefore value "cts+ip-X.X.X.X"" is forbidden.

Solution

Note: To view this solution you need to Sign In .