sychronisation issues

[Peter Smith]

I have just changed the IP address of my primary SCS which has worked OK (after much trying!)
Does anyone know how I can get my secondary SCS to sync with the primary at the primary's new address? I'm guessing I have to reinstall the chekcpoint software on the secondary SCS. Any help would be greatly appreciated

(I have tried reinstalling the checkpoint software on the secondary SCS. I can sync OK with the primary, but if I then fail over to the secondary SCS and try to sync with the enforcement modules from the secondary SCS I get "internal SSL" errors even though the clocks are the same on the primary and secondary SCS's. I've tried resetting the clocks on the primary and secondary SCS's and re-establishing sic between the primary and secondary SCS's. I can sychronise OK but get the same "internal SSL" errors when trying to push policies from the secondary)

[mcnallym]

I would ask if the SCS was installed after the SIC was established to the gateways. I would hazard a guess and say that it was.

With the SCS installed, resic the gateways with the Primary. The problem I believe is that the gateways SIC doesn't know about tge SCS box so won't accept the connection from it.

Just try with one box first and see what happens.

[chuachongchee]

Quote:

Originally Posted by mcnallym

I would ask if the SCS was installed after the SIC was established to the gateways. I would hazard a guess and say that it was.

With the SCS installed, resic the gateways with the Primary. The problem I believe is that the gateways SIC doesn't know about tge SCS box so won't accept the connection from it.

Just try with one box first and see what happens.

If sync works ok, try to do a manual install of scs database... go to
Policy > Install Database

Try that if it works..

[Peter Smith]

thanks for your reply guys. I shall try this. Nice to hear from you again Mike!!

[Peter Smith]

Yes that worked fine, thanks again. Basically if you rebuild the secondary scs you can't sic from the secondary scs to an enforcement module until you've sic'd from the primary to he secondary and then re-sic'd from the primary to the enforcement module.

I wonder why the error message talked about clock settings?

[Thorpuse]

Most likely because the Secondary Management had a SIC certificate that was created earlier than the Primary (and is therefore invalid).

Or it could just be a generic error, because this is the most common mistake ppl make with this.