SIC problem

[vijukiran]

hi friends,

this is the error i am getting when i try to reinitialise the SIC with one of our fw module on mgmt server.

"unable to contact certification authority on the management server,please make sure the certification authority daemon is running"

how to check whether this particular service is running or not and also i am not able reinitialise the CA as it is greyed out. pl send suggestions as i required to resert the SIC.

thanks in advance

[mcnallym]

You would only reinitialise the CA on the management server if last resort.
You have to strip out all of your VPN certs and SIC certs before it can be done which is why will be greyed out.

Perform a test communications with an established connection to another working gateway module and see what they says.

Is this a remote gateway that connects to across teh Internet using NAT, if so are there other working gateways with a similar working SIC. Test one of those and confirm.

[vijukiran]

when i go to cluster gateway properties and click communication it gives the same error with the other fw module. autually these two fw modules in cluster.for your informaton this is not remote gateway. both the mgmt svr and enforement modules are directly connected through switch.

suggestions pl. thanks in advance

[mcnallym]

The SMARTCenter should be listening on 18264 for the Cert Services. Check that can telnet on that port to the SMARTCenter. You will just get a blank screen and no response if successful.

What platform is the Mgmt on. Are you getting any logs from the gateways at the moment?

[vijukiran]

I am not able to telnet on this port 18264 to the mgmt server from fw module and other way also.saying "connection refused". Logs are also not apperaing in smarttracker. mgmt server is running on win 2000 server.

suggestion pl. thanks in advance

[Danielpb]

Has this ever worked? In-other words do you have an active policy on the firewall module.

As you could unload the policy and then re-establish SIC, NOTE: only do this if the box as the all@all policy installed. Other wise you will remove the installed policy already on the module. Not good if you lose all your VPN's ect.

Other wise worth a try,

[vijukiran]

I have installed whole of the smartcentre software on a different machine and i made it as mgmt server.i have copied the conf and database folders from my previous installed smartcentre system and pasted in my new setup.i am able to login on smartcentre system and i am able to reset the SIC with fw module and it shows trust established. but when i test the SIC status. it is the giving the following error

SIC status for xxx.xxx.xxx not communicating
peer sent wrong DN:CN=xxx.xxx.xxx,O=xx.xxxxxx
**try to reset SIC at the peer and re-establish trust with peer**

suggestions pl.thanks in advance