Management HA: can't synch

[hotice_]

Hi,
I'm currently getting alerts as to my secondary Smart Center Server can't synch with the main one.

23Jul2007 2:09:25 accept SERVER A< mail ObjectName: SERVER B; Operation: Synchronize Peer; Administrator: localhost; Machine: localhost; Subject: Management HA; Audit Status: Failure; Additional Info: Type: automatic, event: SCS-SYNCH. Error: Synchronization is not allowed: No license. Peer's mode: standby, status: Lagging.; Operation Number: 26; product: SmartCenter Server;

I resetted the License last Wednesday with a valid no expiration one from Checkpoint directly and SmartUpdate takes it perfectly.

[lammbo]

The license must be attached to the secondary SmartCenter via SmartUpdate (or manually). The most frequent mistake with licensing an HA SmartCenter is that the license must be for the IP of the Seconday server, not the primary.

Unlike most centrally managed licenses, that IP must be for the secondary server.

[hotice_]

Lammbo, thanks for the response


The licence on the 2ndary management server does INDEED have a central licence with its OWN IP address...


any other ideas? :)

[david]

Is it a HA license?
I had a similar problem a couple of years ago with NG FP3 & it turned out that the smart center license wasn't enabled for HA.

[lammbo]

Do you also have the HA license (attached to Primary)?

Are the EXCACT same components installed on both servers?
Example - I once had Eventia Reporter installed on my Primary, but not my secondary - HA failed and no more synching until I made them identical.

There was a file I even had to edit once I uninstalled Reporter to make it work again... If you have similar issues, look at sk31109 and sk31219 for the answers.

[hotice_]

Yeah the Primary HA has the ultimate licence that contains the HA module

The secondary HA also has the valid license, I double checked.

I also checked and

Primary HA:
(internal non-routable IP)
Log Server
SVN Foundation
Primary Log Server

Secondary HA:
(External routable IP)
Log Server
SVN Foundation
Secondary Log Server


I don't know what else to try at this point

[chillyjim]

Please post a cplic print from both of the system (hiding the IP addresses). I suspect you do not have:

A. The same license features on both systems
B. Do not have Management HA
C. Managed to put the same license (cert key) on both system.

[lammbo]

Ditto to chillyjim's post.

If you look and you truly believe that your licensing is correct and HA is setup correctly, get CP to generate a few 30 day temp licenses and apply 1 to each of your management servers. This will absolutely rule out any licensing issues.

Obviously, if it still doesn't work with a temp on each SmartCenter, you have config issues.

[hotice_]

Hi,

Here are the exports:

Main module (active)
[Expert@******]# cplic print
Host Expiration Features
[Non-Rout IP] never CPMP-VPG-XL-NGX CPVP-VPS-1-NGX CK-CEB9*****5B7
[Non-Rout IP] never CPMP-SCPRO-U-NGX CK-CEB9F*****B7


Secondary:
[Expert@*********]# cplic print
Host Expiration Features
[Routable IP] never CPMP-SCPRO-U-NGX CK-56EB9****6D5

[chillyjim]

Okay you win...

I would try to remove and replace the license from the command line.
Make sure the secondary SMC can reach the primary.
Call support.

The CPMP-SCPRO-NGX does include management HA so that shouldn't be an issue.

Did this ever work?

[hotice_]

Quote:

Originally Posted by chillyjim

Okay you win...

I would try to remove and replace the license from the command line.
Make sure the secondary SMC can reach the primary.
Call support.

The CPMP-SCPRO-NGX does include management HA so that shouldn't be an issue.

Did this ever work?

it never did actually...but I"ll try what you guys suggested again with a EVAL just to rule out every possible cause

Thanks for the help btw

[hotice_]

EVAL didn't do the trick either...

Checkpoint Support asked me to rebuild the secondary management server...

we'll see if this works

[hotice_]

well

I've rebuilt the server with the exact same licenses..and guess what it works!

Thanks all