Support Center > Search Results > SecureKnowledge Details
'migrate import' command fails to execute the 'fw authd_set -b fwauthd.conf' command
Symptoms
  • 'migrate import' command fails with these errors in 'migrate-DDD_MMM_DD_HH-MM-SS_YYYY.log' file:

    [ExecCommandGetOutput] Going to execute command: '"/opt/CPsuite-R77/fw1/bin/fw" authd_set -b fwauthd.conf' 
    [ExecCommandGetOutput] ERR: Command completed with error code 1 
    ..< -- ExecCommandGetOutput 
    [CommandRunner::exec] Command's output: 
    ------------------------------------- 
    
    authd_set: HTTP configuration utility for 'fwauthd.conf'. 
    authd_set: Ver. 1.0. 
    authd_set: Getting the amount of total system's physical memory... 
    authd_set: Physical memory: XXX Mb = YYY Kb. 
    ... ... ... ... 
    authd_set: Reading from 'fwauthd.conf'... 
    authd_set: Backing up 'fwauthd.conf' to 'fwauthd.conf.bak'... 
    authd_set: Assigning N processes. 
    authd_set: Error: Couldn't locate the HTTP processes parameter. 
    ------------------------------------- 
    [CommandRunner::exec] ERR: Command execution had failed 
    .< -- CommandRunner::exec 
    < -- ConditionalExecutor::exec 
    [ActivitiesManager::exec] ERR: Activity 'ConditionalExecutor' failed 
    [ActivitiesManager::exec] WRN: Activities execution finished with errors 
    [ActivitiesManager::exec] WRN: Activities 'ConditionalExecutor' have failed 
    [ActivitiesManager::exec] Designated exit code is 1 
    
Cause

$FWDIR/conf/fwauthd.conf file is corrupted on the source Security Management Server, from which you have exported the configuration - several lines are missing the exectable parameter (in particular, entry for port 80).


Solution

Follow these instructions:

  • Distributed environment (Security Management Server and Security Gateway are installed on separate machines)

    This problem (issue ID 01288873) was fixed on pure Security Management Server. The fix is included in:

    Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

     

    Code was improved: The call to "fw authd_set -b fwauthd.conf" command was removed from 'migrate import' command because it is not relevant for pure Management Servers (in Distributed environment).

     

    For lower versions, Check Point can supply a Hotfix. Contact Check Point Support to get a Hotfix for this issue.
    A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.

    Hotfix installation instructions:

    Note: In Management HA environment, this procedure must be performed on both Management Servers.

    1. Hotfix has to be installed on Security Management Server.

    2. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    3. Unpack the hotfix package:

      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar -zxvf fw1_wrapper_HOTFIX_NAME.tgz

    4. Install the hotfix:

      [Expert@HostName]# ./fw1_wrapper_HOTFIX_NAME

      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.

    5. Reboot the machine.

    6. Perform 'migrate export'.


  • StandAlone environment (Management Server and Security Gateway are installed on the same machine)

    1. Connect to command line on the source Security Management Server, from which you have exported the configuration.

    2. Log in to Expert mode.

    3. Backup the current $FWDIR/conf/fwauthd.conf file:

      [Expert@HostName]# cp $FWDIR/conf/fwauthd.conf $FWDIR/conf/fwauthd.conf_ORIGINAL

    4. Edit the current $FWDIR/conf/fwauthd.conf file:

      [Expert@HostName]# vi $FWDIR/conf/fwauthd.conf

    5. Change the line with in.ahttpd process (entry for port 80):

      from:
      80 in.ahttpd wait 0
      to:
      80 fwssd in.ahttpd wait 0
    6. Save the changes and exit from Vi editor.

    7. Perform 'migrate export' from this source Security Management Server.

    8. Perform 'migrate import' on the target Security Management Server.

     

    Show / Hide example of $FWDIR/conf/fwauthd.conf file from the default configuration

    21	fwssd       in.aftpd        wait    0
    80	fwssd       in.ahttpd       wait    -2
    513	fwssd       in.arlogind     wait    0
    25	fwssd       in.asmtpd       wait    0
    2525	fwssd       in.emaild.smtp  wait    0
    110	fwssd       in.emaild.pop3  wait    0
    23	fwssd       in.atelnetd     wait    0
    259	fwssd       in.aclientd     wait    259
    10081	fwssd       in.lhttpd       wait    0
    900	fwssd       in.ahclientd    wait    900
    0	fwssd       in.pingd        respawn 0
    0	fwssd       in.asessiond    respawn 0
    0	fwssd       in.aufpd        respawn 0
    0	fwssd       in.ufclnt       respawn 0
    0	fwssd       in.ufsrvr       respawn 0
    0	vpn         vpnd            respawn 0
    0	fwssd       mdq             respawn 0
    0	stormd      stormd          respawn 0
    0	igwd        igwd            respawn 0
    0	sds         sdsd            respawn 0
    0	dtps        dtpsd           respawn 0
    0	dtls        dtlsd           respawn 0
    0	fwssd       in.emaild.mta   respawn 0
    0	fwssd       in.msd          respawn 0
    
Applies To:
  • 01288873 , 01290219 , 01288948 , 01296804 , 01296805 , 01410158
  • 01383992
  • This SK replaces sk97086

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment