On 11/11/09 01:38, r locus wrote:
I am running Windows 2003 server spk2 and R65 HFA05.
If I use smartdashboard hfa01 from my windows xp box and login to the
firewall I can make changes as needed. The next time I try to login to the
firewall from my winxp box using smartdashboard I get a "Please make sure
server is up and running and that you are defined as a GUI client." which
I am and the firewall is active. If I reboot the firewall I can login to smart
dash board again. When its in the state I can't login, even if I am on the
firewall locally, I still can't login until I reboot the firewall.
Anyone experience
this before with HFA05, it didn't do this with HFA03.
I assume you mean HFA30 and HFA50? (It is HFA01, HFA02, HFA25, HFA30,
HFA40 and HFA50)
Large number of revisions is one cause of a lot of a lot of problems
which seems to be more visible with later HFA's.
I lost some hours yesterday doing an upgrade on Windows due to Windows
[CENSORED]. We hardly have customer with Check Point on Windows anymore.
So we normally do not run into locked DLL files at a regular basis. I
would check the lib directry and see if all dll files are actually
HFA-50 ones. In my case cpprod50.dll was not updated.
As I was migrating to another server as well I found that cpclean was my
friend. Installing fresh with R65 with an import file was faster then
trying to find out why windows refused to roll back HFA-50.
If you have this sort of issues I would export the configuration, run
cpclean and start again.
On windows before you apply any HFA do the following to prevent problems:
- Stop the firewall: cpstop
- Kill remaining Check Point processes. (I had to kill cprid and
friends with an axe)
- Now run the HFA.
When in doubt. Also remove SmartDashboard before you install the HFA.
They both have their own cpprod50.dll and you may still get issues if
you leave it installed. (To quote James T. Kirk: I never trusted
Windows, ....)
But I would also look carefully at the $FWDIR/log/*.elg and
$CPDIR/log/*.elg files for signs of trouble. (That is %FWDIR% and
%CPDIR% for Windows lovers.)
Hugo.
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
