SmartConsole unable to connect to the SmartCenter server

[sambols]

I get the following error message when trying to connect to the SmartCenter server via the SmartConsole:

1) The SmartCenter Server's clock is not setup properly.
2) The certificate's issue date is later than the date of the SmartCenter Server's clock.
3) The GUI client's clock and the SmartCenter Server's clock are not synchronized.
4) The certificate has expired.
5) The certificateis invalid.

The firewall is R60 NGX.

[MarioL]

That would probably mean that you have changed the date/time and the certificate creation date hasn't "arrived" yet, which means the certificate was created in the future and of course is not valid yet. Have you double checked all time and date settings?

[sambols]

The time and date on the SmartCenter server and SmartConsole are the same. How do you check whether the certificate has expired?

[Thorpuse]

Have you changed the IP address of the SmartCenter server?

[sambols]

I haven't changed the IP address. I have verified that the GUI client address is specified.

I did run the following commands. This completed successfully.
cpca_client revoke_cert -n "cn=cp_mgmt"
cpca_client create_cert -n "cn=cp_mgmt" -f $CPDIR/conf/sic_cert.p12

I now get the following error message:

Connection cannot be initiated.
Please make sure that the server is up and running and you are defined as a GUI Client

help?

[vijayant]

Reboot Smart Center.
Is there latest HFA on the server.
Just try to connect Smart Update, that should work. There after you can check License.

[sambols]

I have run the cpstop and cpstart command and also reboot.
I get the following error message:

Connection cannot be initiated.
Please make sure that the server is up and running and you are defined as a GUI Client

This is Check Point SecurePlatform Pro NGX (R60) Build 244

any ideas?

[chillyjim]

From expert mode:

ps -ef | grep fwm

It that's not running the SmartCenter is broken

tcpdump host <ip of the GUI client>and not port 22

See if the traffic is making it.

cat $FWDIR/conf/gui_clients

Check for your IP address.

[Yasushi Kono]

Quote:

Originally Posted by sambols

I have run the cpstop and cpstart command and also reboot.
I get the following error message:

Connection cannot be initiated.
Please make sure that the server is up and running and you are defined as a GUI Client

This is Check Point SecurePlatform Pro NGX (R60) Build 244

any ideas?

Are you sure that the Certificate Authority is running? cpconfig to re-run the internal CA.
Check the GUI client table with fw tab -t gui_clients_list. You will see the list with hex ip addresses. Should you alter the list with cpconfig, you need to re-install the latest policy in order to inform your gateway of the new list.

Kind regards,
Yasushi