Re: [FW-1] secureplatform fp3 ed2 hf2 to ai upgrade fails

[Covington, Chris [Permanent Link]]

Yes I'm using Secure XL.  Here's a little more information, from the
CPupgrade.elg file:



-- New Log Record - 06/22/03-17:31:12 --

Info:CPsecplPtchMod:'extract_all_rpms' function: Extracting RPMs ..
Info:CPsecplPtchMod:'extract_all_rpms' function: Changing to directory
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts

Info: CPsecplPtchMod:'main': Extracting Done!


Installing Security Policy traditional_w_rules on all.all@chqfw01
Fetching Security Policy from local succeeded


-- New Log Record - 06/22/03-17:31:44 --

Error:CPsecplPtchMod:'get_key_value' function: cannot find
Pre_Installation_Script
Info:CPsecplPtchMod:'get_key_value' function: Request
Key:Post_Installation_Script    Return Value:postinstall.sh
Info:CPsecplPtchMod:'get_key_value' function: Request Key:kernel_Infix
Return Value:2.4.9-39cp
Info:CPsecplPtchMod:'get_key_value' function: Request Key:libc_Infix
Return Value:2.2.4-31cp
Info:CPsecplPtchMod:'get_key_value' function: Request Key:cpshell_Infix
Return Value:540000061
Info:CPsecplPtchMod:'get_num_of_cpus' function: Number of CPUs is: 2
Info:CPsecplPtchMod:'get_cpu_id' function: CPU ID is: Intel(R)Intel(R)
Info:CPsecplPtchMod:'get_vendor_id' function: Vendor ID is: GenuineIntel
Info:CPsecplPtchMod:'get_cpu_fm' function: CPU FM is: 6

Products status:
-----------------

Info:CPsecplPtchMod:'update_installed_products' function: fwbc  0

Info:CPsecplPtchMod:'update_installed_products' function: rtm   0

Info:CPsecplPtchMod:'update_installed_products' function: ps    0

Info:CPsecplPtchMod:'update_installed_products' function: smalloffice
0

Info:CPsecplPtchMod:'update_installed_products' function: rt    0

Info:CPsecplPtchMod:'update_installed_products' function: fg    0

Info:CPsecplPtchMod:'update_installed_products' function: uag   0

Info:CPsecplPtchMod:'update_installed_products' function: fw    1

Info:CPsecplPtchMod:'update_installed_products' function: secxl 0

Info:CPsecplPtchMod:'get_key_value' function: Request Key:CD_RELEASE
Return Value:3
Info:CPsecplPtchMod:'get_key_value' function: Request Key:CD_EDITION
Return Value:2
Info:CPsecplPtchMod:'get_key_value' function: Request Key:CD_BUILD
Return Value:53607
Release: ALL; Edition:ALL; Build:ALL
Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:cp_products_packages        Return Value:CPdtps-50-04.i386.rpm
CPfg1-50-04.i386.rpm CPppak-50-04.i386.rpm CPrt-50-04.i386.rpm
CPrtm-50-04.i386.rpm CPuag-50-04.i386.rpm
Info:CPsecplPtchMod:'get_xml_val' function: Request XML:cp_svn_package
Return Value:CPshrd-50-04.i386.rpm
Info:CPsecplPtchMod:'get_xml_val' function: Request XML:cp_fw1_package
Return Value:CPfw1-50-04.i386.rpm
Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:pre_kernel_packages_to_upgrade      Return Value:
Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:wrapper_dependent_packages  Return Value:i2c_support-1-2cp.i386.rpm
ncurses-5.2-13cp.i386.rpm sharutils-4.2.1-9cp.i386.rpm
Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:dependent_packages  Return Value:openssh-3.1p1-8cp.i386.rpm
openssh-server-3.1p1-8cp.i386.rpm
Error :CPsecplPtchMod: 'upgrade' function: Platform dependent packages:
kernel-kdb-2.4.9-39cp_kdb.i686.rpm kernel-2.4.9-39cp.i686.rpm
kernel-kdb-smp-2.4.9-39cp_kdb.i686.rpm kernel-smp-2.4.9-39cp.i686.rpm

Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:packages_to_update  Return Value:cd_ver-1-540000142.noarch.rpm
cp-release-1-540000142.noarch.rpm cpinfo-540000012-1cp.i386.rpm
CPhttpd-1-540000003.i386.rpm cpwm-1-540000055.i386.rpm
file-3.37-5cp.i386.rpm db1-1.85-7cp.i386.rpm dev-3.2-6cp.i386.rpm
dos2unix-3.1-15cp.i386.rpm gdbm-1.8.0-10cp.i386.rpm
grub-0.92-7cp.i386.rpm initscripts-6.40-7cp.i386.rpm
ethtool-1.6-5cp.i386.rpm kudzu-0.99.23-5cp.i386.rpm
lkcdutils-4.0-2cp.i386.rpm local_nss-1-0cp.i386.rpm
mkinitrd-3.2.6-5cp.i386.rpm ntp-4.1.0-4cp.i386.rpm
openssh-3.1p1-8cp.i386.rpm openssl-libcrypto-0.9.6b-30cp.i386.rpm
pciutils-2.1.8-24cp.i386.rpm rootfiles-7.2-2cp.noarch.rpm
setup-2.5.7-3cp.noarch.rpm sh-utils-2.0.11-8cp.i386.rpm
spinst-1-540000004.i386.rpm tcpdump-3.6.2-11.7.2.0cp.i386.rpm
util-linux-2.11f-20cp.i386.rpm vlan-1.5-1cp.i386.rpm
xinetd-2.3.11-1cp.i386.rpm zebra-0.93b-4cp.i386.rpm
dhcpcd-1.3.18pl8-14cp.i386.rpm dhcp-2.0pl5-9cp.i386.rpm
Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:additional_packages Return Value:
Info:CPsecplPtchMod:'get_xml_val' function: Request
XML:packages_to_remove  Return Value:wget-1.7-3cp.i386.rpm
Info:CPsecplPtchMod:'verify_rpm_dependencies' function: Changing to
directory /mnt/cdrom/SecurePlatform/RPMS

Info:CPsecplPtchMod:'uninstall_rpms' function: Uninstalling RPMs ..
Info:CPsecplPtchMod:'uninstall_rpms' function: Removing
wget-1.7-3cp.i386.rpm

error: package wget-1.7-3cp.i386.rpm is not installed
Info:CPsecplPtchMod:'install_rpms' function: Installing RPMs ..
Info:CPsecplPtchMod:'install_rpms' function: Changing to directory
/mnt/cdrom/SecurePlatform/RPMS

Info:CPsecplPtchMod:'install_rpms' function: Adding
i2c_support-1-2cp.i386.rpm ncurses-5.2-13cp.i386.rpm
sharutils-4.2.1-9cp.i386.rpm

Info:CPsecplPtchMod:'install_rpms' function: i2c_support-1-2cp.i386.rpm
was successfully installed
Info:CPsecplPtchMod:'install_rpms' function: ncurses-5.2-13cp.i386.rpm
was successfully installed
package sharutils-4.2.1-9cp is already installed
Info:CPsecplPtchMod:'install_rpms' function:
sharutils-4.2.1-9cp.i386.rpm was successfully installed
Info: CPsecplPtchMod:'allow_cprid_conn': CPPROD_SetValue FW1
SecureUpdateInstallation: 0

Info: CPsecplPtchMod:'allow_cprid_conn': CPPROD_GetValue FW1
SecureUpdateInstallation : 1

Info: CPsecplPtchMod:'allow_cprid_conn': CPPROD_SetValue FW1 NoBoot: 0

Info: CPsecplPtchMod:'allow_cprid_conn': CPPROD_GetValue FW1 NoBoot : 1

Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPdtps-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPPolicySrv-50/CPdtps
-50-04.i386.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPfg1-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPFloodGate1-50/CPfg1
-50-04.i386.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPppak-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPPerPack-50/CPppak-5
0-04.i386.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPrt-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPrt-50/CPrt-50-04.i3
86.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPrtm-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPrtm-50/CPrtm-50-04.
i386.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPuag-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPuag-50/CPuag-50-04.
i386.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPshrd-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPshared-50/CPshrd-50
-04.i386.rpm
Info:CPsecplPtchMod:'upgrade': Cannot create simbolic links:
/mnt/cdrom/SecurePlatform/RPMS/CPfw1-50-04.i386.rpm ->
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts/linux/CPFirewall1-50/CPfw1-
50-04.i386.rpm
Info: CPsecplPtchMod:'upgrade': Local installation detected: Calling CP
wrapper ..
Info: CPsecplPtchMod:'upgrade': Seting wrapper status ..
VPN-1/FW-1 stopped
SVN Foundation: cpd stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
Info:CPsecplPtchMod:'upgrade' function: Creating
/var/opt/CPDownloadedUpdates

Info: CPsecplPtchMod:'upgrade': Executing wrapper ..
Info: CPsecplPtchMod:'upgrade': Checking wrapper exit status ..
Error: CPsecplPtchMod:'upgrade': Wrapper Failed <Exit Code:1
>
Error:CPsecplPtchMod:'main': Cannot complete this upgrade. Exiting..

Info: CPsecplPtchMod:'cleanall' function: Current dir is:
/sysimg/CPpatches/CPspupgrade_NG_R54

Info:CPsecplPtchMod:'cleanup' function: Removing
/sysimg/CPpatches/CPspupgrade_NG_R54/CPsecplPtchMod ..
Info:CPsecplPtchMod:'cleanup' function: Removing
/sysimg/CPpatches/CPspupgrade_NG_R54/CPsecplPtchMod.exe ..
Info:CPsecplPtchMod:'cleanup' function: Removing
/sysimg/CPpatches/CPspupgrade_NG_R54/content.txt ..
Info:CPsecplPtchMod:'cleanup' function: Removing
/sysimg/CPpatches/CPspupgrade_NG_R54/installme.sh ..
Info:CPsecplPtchMod:'cleanup' function: Removing
/sysimg/CPpatches/CPspupgrade_NG_R54/stam.tgz ..
Info:CPsecplPtchMod:'cleanup' function: Removing
/sysimg/CPpatches/CPspupgrade_NG_R54/scripts ..

Installing Security Policy traditional_w_rules on all.all@chqfw01
Fetching Security Policy from local succeeded


Thanks for any help
Chris

-----Original Message-----
From: Dorny [mailto:rdornhart AT OZBERGS DOT COM]
Sent: Tuesday, June 24, 2003 1:05 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] secureplatform fp3 ed2 hf2 to ai upgrade fails


As for the Secure XL error, are you using Secure XL?  IF not access
cpconfig and disable Secure XL, this should stop this error.

-----Original Message-----
From: "Covington, Chris" <ccovington AT PLUSONE DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Sun, 22 Jun 2003 20:36:21 -0400
Subject: [FW-1] secureplatform fp3 ed2 hf2 to ai upgrade fails

> Hi all,
>
> As a guinea pig, I just attemped upgrading to SecurePlatform AI from
> SecurePlatform FP3 Edition 2 Hotfix 2 and it was without success.  I
> followed the steps from SecurePlatform.pdf as to how to upgrade to AI
> from SecurePlatform NG FP3 Edition 2.
>
> I did the following:
>
> 1 Insert SecurePlatform with Application Intelligence CD into the
> drive.
>
> 2 Enter the expert mode: # expert
> 3 Mount the CD using the command: # mount /mnt/cdrom
> 4 Update the patch program by installing the CPpatch_command.tgz
> package from the
> CD: # patch add
> /mnt/cdrom/SecurePlatform/patch/CPpatch_command_540000142.tgz
> 5 Apply the SecurePlatform with Application Intelligence upgrade
> package: # patch add cd CPspupgrade_NG_R54.tgz
>
> (the documentation refers to /mnt/cdrom/SecurePlatform/patch/ files
> which don't exist, the above are the actual files on the iso)
>
> I successfully installed the new CPpatch, but when installing
> CPspupgrade_NG_R54.tgz I get the following errors:
>
> Extracting Files completed successfully.
>
> Upgrade program will now upgrade your system.  This process may take
> several minutes ..
>
> --- 06/22/03-17:34:21 ---
> Info:  Start extracting files ..
> Info:  Extracting files done.
> Info:  Upgrade Process Completed Successfully.
> --- 06/22/03-17:34:54 ---
> Info:  Start upgrading ..
> Info:  Verify upgrade parameters ..
> Info:  i2c_support-1-2cp.i386.rpm was successfully installed.
> Info:  ncurses-5.2-13cp.i386.rpm was successfully installed.
> Info:  sharutils-4.2.1-9cp.i386.rpm was successfully installed.
> Info:  Installing CheckPoint Products from CheckPoint Wrapper
> Error:  Failed to install CheckPoint products
> Error:  Installation/Upgrade Failed!
> STATUS=1
>
> Exiting ..
> Patch installation failed.
>
> After rebooting everything seems fine, I can still use Smart Clients
> (FP3) and the firewall behaves the same but there are a few odd error
> messages in the logs (message_info: SecureXL: Connection templates are

> not possible for the installed policy.  Please refer to the
> Performance Pack documentation for further details) and I can no
> longer login to the https interface (it loops when loading the page).
>
> Has anyone managed to upgrade from SecurePlatform FP3 to AI?  I
> would've thought that would've been the easiest upgrade path, given
> that it's pure CP and no outside OS vendor to blame.  It looks like
> other platforms are much easier to upgrade, and I have a hybrid FP3/AI
> system...  A shame.  Good thing for backups...
>
> Chris
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================