 | ||
 Management HA on Win2003 | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-09-26 | |||
| |||
 Management HA on Win2003 OK I've been got. My active management server died before I'd got it backed up. I'm running on the standby (promoted to active). I've copied all the checkpoint and fw files on the original server to another drive, then reinstalled Windows Server 2003 and Checkpoint. However I'm getting a GUI client error. I've read that I should have backed up a registry key Win32: HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\SIC Can I copy this key from by standby server? I'm reluctant to reset SIC on the rebuilt machine as it will mean resetting SIC on all the enforcement modules.  |
| 2006-09-26 | |||
| |||
| Re: Management HA on Win2003 Sorry to follow-up my own post, but I've been doing some more reading. If I do an upgrade_export from my standby server (now the active one) can I import that into the rebuilt server? Will this use the "old" SIC strings? Will it set the rebuilt server into active straight away, or will I have to promote it? |
| 2006-10-10 | |||
| |||
| Re: Management HA on Win2003 Danesis, the best way if you have mgmt in ha is: reinstall the primary ( as a new primary installion) do a sync from the secondary ( promoted primary) . remember that the secondary smartcenter has all the ca ( of the primary) informations... regards, maurox |
| 2006-12-11 | |||
| |||
| Re: Management HA on Win2003 Unfortunately the secondary doesn't recognise the primary as, having reinstalled the primary, it now has a new CA. According to Checkpoint's website the secondary is a clone of the primary, so I tried copying the Internal CA files from the secondary to the primary, but then I got an error message saying there were inconsistencies in the certificate path. |
| 2006-12-14 | |||
| |||
| Re: Management HA on Win2003 I had an old document from checkpoint regarding this point, hope this helps :) Here is a copy/paste of the procedure : Follow this procedure in order to recover a Primary SmartCenter Server by promoting a Secondary SmartCenter Server to become the Primary SmartCenter Server. 1 Select either an existing or a newly created Secondary SmartCenter Server and synchronize it with your other SmartCenter Servers. From the Secondary Smart Center Server perform the following manipulations: 2 Stop all running Check Point services by running the cpstop command. 3 Manually adjust the objects_5_0.C file as follows: A Edit the former Primary Object definitions:4 Run the cpprod_util FwSetPrimary 1 command to change the registry thereby setting this Server to the Primary Server. 5 Remove the $FWDIR/conf/mgmtha* files. They contain information about the current Secondary settings. These files will be recreated when you start the Services. 6 Make sure you have the mgmtha license on the newly promoted SmartCenter Server and run the cpstart command. 7 Via SmartDashboard, remove all occurrences of the old Primary Management object using the Where Used utility (right click on the object and select Where Used). Delete the old Primary Management Object 8 Check the definitions of Masters and Loggers according to the configuration; either Centrally Managed or Locally Managed. 9 Synchronize your other servers from the newly promoted SmartCenter Server. Last Update -- 12/8/03 |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
