Difference between revisions of "Management High Availability Synchronizaton failure"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
(Solution)
 
(7 intermediate revisions by one user not shown)
Line 17: Line 17:
 
  | Type| Name          | IP address      | FWM        | FWD      | CPD      | CPCA    |
 
  | Type| Name          | IP address      | FWM        | FWD      | CPD      | CPCA    |
 
  +-----+----------------+-----------------+------------+----------+----------+----------+
 
  +-----+----------------+-----------------+------------+----------+----------+----------+
  | MDS |        -      | 171.178.7.1    | up 3421    | up 3420  | up 3419  | up 3956  |
+
  | MDS |        -      | 192.168.1.1    | up 3421    | up 3420  | up 3419  | up 3956  |
 
  +-----+----------------+-----------------+------------+----------+----------+----------+
 
  +-----+----------------+-----------------+------------+----------+----------+----------+
  | CMA | cma-primary    | 171.155.44.74  | up 21716  | up 21715 | up 21705 | '''down'''    |
+
  | CMA | cma-primary    | 192.168.1.2    | up 21716  | up 21715 | up 21705 | '''down'''    |
  
 
== Solution ==
 
== Solution ==
 
* <p>Change the smart_center_backup parameter to true using dbedit, gui-dbedit or by editing the objects_5_0.C file.  
 
* <p>Change the smart_center_backup parameter to true using dbedit, gui-dbedit or by editing the objects_5_0.C file.  
One the primary cma...
 
1. stop cma
 
2. mdsenv cma-primary
 
3. rm $FWDIR/conf/mgha/*
 
4. start cma
 
5. Manually synchronized the secondary via SmartDashboard > Policy > Management HighAvailability
 
  
After the sync was successful, the cpca on the secondary cma should start on its own.
+
'''One the primary cma'''
 +
 
 +
# stop cma
 +
# mdsenv cma-primary
 +
# rm $FWDIR/conf/mgha/*
 +
# start cma
 +
# Manually synchronized the secondary via SmartDashboard > Policy > Management HighAvailability
 +
 
 +
 
 +
After the sync is successful, the cpca on the secondary cma should start on its own.
 +
 
 +
[Expert@provider-1]# mdsstat                            |
 +
+-----+----------------+-----------------+------------+----------+----------+----------+
 +
| Type| Name          | IP address      | FWM        | FWD      | CPD      | CPCA    |
 +
+-----+----------------+-----------------+------------+----------+----------+----------+
 +
| MDS |        -      | 192.168.1.1    | up 3421    | up 3420  | up 3419  | up 3956  |
 +
+-----+----------------+-----------------+------------+----------+----------+----------+
 +
| CMA | cma-primary    |  192.168.1.2    | up 21716  | up 21715 | up 21705 | '''up 21785''' |
 +
 
 +
Problem solved.
 +
 +
[[category:check point]]
 +
[[category:smartcenter]]

Latest revision as of 07:09, 21 May 2013

Problem description

  • Management HA is failing to sync the secondary CMA via SmartDashboard > Policy > Management High Availability
  • Error message: "Failed to receive current status. Reason: 'Management High Availability feature is not enabled.

chkp mgmt ha sync error.png

  • The smart_center_backup parameter in the objects_5_0.C is false when it should be true
[Expert@provider-1]# mdsenv cma-primary
[Expert@provider-1]# cpmiquerybin attr "" network_objects "management='true'" -a __name__,smart_center_backup
cma-primary true
cma-secondary       false
  • The secondary CMA is newly created and has never been synchronized. Synchronization during the CMA creating failed.
  • Error messages from cpca.elg of the secondary cma:
main: could not initiate the Certificate Authority. No Certificate Authority existing
  • The cpca process on the secondary CMA is down and fails to start.
[Expert@provider-1]# mdsstat                             |
+-----+----------------+-----------------+------------+----------+----------+----------+
| Type| Name           | IP address      | FWM        | FWD      | CPD      | CPCA     |
+-----+----------------+-----------------+------------+----------+----------+----------+
| MDS |        -       | 192.168.1.1     | up 3421    | up 3420  | up 3419  | up 3956  |
+-----+----------------+-----------------+------------+----------+----------+----------+
| CMA | cma-primary    |  192.168.1.2    | up 21716   | up 21715 | up 21705 | down     |

Solution

  • Change the smart_center_backup parameter to true using dbedit, gui-dbedit or by editing the objects_5_0.C file.

One the primary cma

  1. stop cma
  2. mdsenv cma-primary
  3. rm $FWDIR/conf/mgha/*
  4. start cma
  5. Manually synchronized the secondary via SmartDashboard > Policy > Management HighAvailability


After the sync is successful, the cpca on the secondary cma should start on its own.

[Expert@provider-1]# mdsstat                             |
+-----+----------------+-----------------+------------+----------+----------+----------+
| Type| Name           | IP address      | FWM        | FWD      | CPD      | CPCA     |
+-----+----------------+-----------------+------------+----------+----------+----------+
| MDS |        -       | 192.168.1.1     | up 3421    | up 3420  | up 3419  | up 3956  |
+-----+----------------+-----------------+------------+----------+----------+----------+
| CMA | cma-primary    |  192.168.1.2    | up 21716   | up 21715 | up 21705 | up 21785 |
Problem solved.