Support Center > Search Results > SecureKnowledge Details
Multi-Domain Server upgrade from R77.30 fails due to database corruption in CMA Technical Level
Symptoms
  • The /opt/CPInstLog/import_mds.DDMMYYY-HHMMSS.log file shows:

    *** This is either not active or primary - do nothing

    Error: Importing Domain Management Server CMA_Name failed.
    See installation log for details or contact Check Point Support.


  • The $MDS_FWDIR/log/cpm_for_cpdb-DDMMYYY-HHMMSS.elg shows:

    DATE TIME,PID ERROR coresvc.internal.SerializationContextImpl [qtp1601331284-519]: Failed to deserialize object 'Client Auth' of class com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate. set: . Error: java.lang.NumberFormatException: For input string: "cts+ip-X.X.X.X"
    ...
    ...
    DATE TIME,PID INFO coresvc.internal.FwsetFixerManager [qtp1601331284-519]: Trying to fix Client Auth with class name com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate
    DATE TIME,PID ERROR coresvc.internal.FwmSvcImpl [qtp1601331284-519]: Original exception. Failed to deserialize object ("Client Auth"
    :AdminInfo (
    :chkpf_uid ("{B8568F5D-48EB-40AE-AECC-62742BB16DB7}")
    :ClassName (client_authenticate)
    :table (setup)
    )
    ...
    :action (accept)
    :clauth_refreshable (true)
    :clauth_to_hours ("cts+ip-X.X.X.X")
    :clauth_to_infinite (false)
    ...
    ...
    )
    . Skipping update - FIX THE DESERIALIZE!!!
    error: Failed to deserialize object 'Client Auth' of class com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate. set: . Error: java.lang.NumberFormatException: For input string: "cts+ip-X.X.X.X"
    java.lang.RuntimeException: Failed to deserialize object 'Client Auth' of class com.checkpoint.objects.classes.dummy.CpmiClientAuthenticate. set: . Error: java.lang.NumberFormatException: For input string: "cts+ip-X.X.X.X"


  • The /opt/CPmds-R77/customers/CMA_Name/CPsuite-R77/fw1/log/upgrade_log-DDMMYYY-HHMMSS.elg file shows:

    @MDS_HOST[DATE 17:16:56] [CUpgradeSecurityRule::Execute] policiesCollectionName : 'POLICY_NAME'
    @MDS_HOST[DATE 17:16:56] [CUpgradeSecurityRule::Execute] Upgrading application control policy '##POLICY_NAME'
    @MDS_HOST[DATE 17:20:40] [UpgradeToRenaissanceInfra::invokeUpgradeOnCpmServer] FATAL ERROR: Java migration failed, id = 46, response is 1
    @MDS_HOST[DATE 17:20:40] [CUpgradeSecurityRule::Execute] FATAL ERROR: Could not upgrade application control policy '##POLICY_NAME'
    @MDS_HOST[DATE 17:20:40] [CUpgradeRule_Impl::Apply] ERROR: Failed to execute an action. Upgrade may fail.
    @MDS_HOST[DATE 17:20:40] [CUpgradeRulesList_Impl::Apply] FATAL ERROR: Failed to apply an upgrade rule to an object '##POLICY_NAME' from a table 'fw_policies'
    @MDS_HOST[DATE 17:20:40] [CManualUpgradeMgr_Impl::PerformUpgrade] ERROR: Could not execute rule list for version 'R77'
    @MDS_HOST[DATE 17:20:40] [CUpgradeMgr::PerformManualUpgrade] ERROR: Failed to perform Manual Upgrade
    @MDS_HOST[DATE 17:20:40] [CUpgradeMgr::PerformUpgrade] ERROR: Upgrade actions for manual upgrade had failed
    @MDS_HOST[DATE 17:20:41] [writeUpgradeResult] The path to result file is: '/opt/CPmds-R80.40/customers/CMA_Name/CPsuite-R80.40/fw1/log/upgrade_result'
    @MDS_HOST[DATE 17:20:41] [writeUpgradeResult] Wrote the following to the result file: '80004005'
    @MDS_HOST[DATE 17:20:41] [CCPDBMain::Run] cpdb ended with result '0x80004005' (Unspecified error).




    'POLICY_NAME' is a rulebase name.
Cause

CMA Database corruption.

Invalid entry for “client_to_hours” field in file rulebases_5_0.fws.



According to classes.C (/var/opt/CPmds-R77/customers/CMA_Name/CPsuite-R77/fw1/conf/classes.C) the field "clauth_to_hours" value should he in hours (0~24).
Therefore value "cts+ip-X.X.X.X"" is forbidden.


Solution
Note: To view this solution you need to Sign In .