Secondary mgmt console not synchronized

[katmandu]

Hi guys,

I have built a 2nd management console according to checkpoint's documentation and followed all the steps.
I am now unable to sycnhronize the consoles, in the sunch screen it says in the "note" field "There is no CA DB".
Nat is working fine, I can install the user database onto both consoles, they both have host files with correct hosts. any ideas?

thanks in advance.

[zepperdude]

I am getting this as well. Any ideas?

[kva.kva]

There is sk26032 - "Error: "Failed to Synchronize me. Reason: Internal: Status NOT-OK. Error restoring CA DB" - https://secureknowledge.checkpoint.c...do?lid=sk26032
May be it's your case.

[zepperdude]

Can't see the article in SecureKnowledge - Still waiting for renewal of my support contract (mgmt red tape). Any additional info?

[kva.kva]

This SK for FP3 HF2, but the idea is not bad, I think.
cpstop, then replace files on Secondary Management server from Primary Management server:
$FWDIR/conf/InternalCA.*
$FWDIR/conf/ica.*
Don't forget about backup.

Also confirm that files $FWDIR/conf/scheme.C are identical on both SmartCenter Servers.

[zepperdude]

tried - got rid of the CA NO DB error - but still doesn't sync.

[kva.kva]

You can try to reinstall secondary smartcenter, for example on vmware server, and try to sync smartcenters for testing.

[zepperdude]

The new HFA_19 fixed the issue. Do not know what specific fix did it - but it now works!

[kva.kva]

It's good.
There is only one fix in Release notes for HFA19.
"CP Management: Management High Availability
The move files protocol executed during the HA process releases a file descriptor when it unexpectedly terminates in the middle of forwarding files."

[canghel]

Same problem here:

Primary SmartCenter: NGX R61 (build 602000183)
Secondary SmartCenter: NGX 61 (build 602000183)

Cannot synchronize the two. Error message: "Failed to sychronize. Reason 'secondary_mgmt - Synchronization is not allowed when the SmartCenter Management Servers contain different Checkpoint products.'"

Checked installed software and it's the same on both servers.

[kva.kva]

Quote:

Originally Posted by canghel

Error message: "Failed to sychronize. Reason 'secondary_mgmt - Synchronization is not allowed when the SmartCenter Management Servers contain different Checkpoint products.'"

Which CP products did you install on both servers? Are they identical?
Did you ever install Eventia reporter on SmartCenter?

[canghel]

They are identical ...

SmartCenter (Primary / Secondary)
SmartConsole
Eventia Reporter add on

... but I noticed an extra line when running cpstart on the primary (see below in red):

cpstart: Starting product - SVN Foundation
The Check Point SVN Foundation service is starting.
The Check Point SVN Foundation service was started successfully.

cpstart: Starting product - VPN-1
The Check Point FireWall-1 service is starting.
The Check Point FireWall-1 service was started successfully.

cpstart: Starting product - SmartView Monitor
SmartView Monitor is disabled.

cpstart: Starting product - Eventia Reporter
Eventia Reporter SmartCenter Add-on running.

cpstart: Starting product - Edge Embedded Connector

[kva.kva]

Did you install Reporter's add-on on Secondary SC?
Try next, replace $FWDIR/conf/scheme.C on Secondary SC from Primary. Don't forget to backup file before replace.

[neela123456]

Hi
Can Any one please suggest Solution when Both SC are on Secure platform.
could not find Scheme.c in $FWDIR\conf

Thanks,
Neela