Difference between revisions of "Management High Availability Synchronizaton failure"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
(Solution)
(Solution)
Line 24: Line 24:
 
* <p>Change the smart_center_backup parameter to true using dbedit, gui-dbedit or by editing the objects_5_0.C file.  
 
* <p>Change the smart_center_backup parameter to true using dbedit, gui-dbedit or by editing the objects_5_0.C file.  
  
[['''One the primary cma''']]
+
'''One the primary cma'''
  
 
# stop cma
 
# stop cma

Revision as of 07:03, 21 May 2013

Problem description

  • Management HA is failing to sync the secondary CMA via SmartDashboard > Policy > Management High Availability
  • Error message: "Failed to receive current status. Reason: 'Management High Availability feature is not enabled.

chkp mgmt ha sync error.png

  • The smart_center_backup parameter in the objects_5_0.C is false when it should be true
[Expert@provider-1]# mdsenv cma-primary
[Expert@provider-1]# cpmiquerybin attr "" network_objects "management='true'" -a __name__,smart_center_backup
cma-primary true
cma-secondary       false
  • The secondary CMA is newly created and has never been synchronized. Synchronization during the CMA creating failed.
  • Error messages from cpca.elg of the secondary cma:
main: could not initiate the Certificate Authority. No Certificate Authority existing
  • The cpca process on the secondary CMA is down and fails to start.
[Expert@provider-1]# mdsstat                             |
+-----+----------------+-----------------+------------+----------+----------+----------+
| Type| Name           | IP address      | FWM        | FWD      | CPD      | CPCA     |
+-----+----------------+-----------------+------------+----------+----------+----------+
| MDS |        -       | 171.178.7.1     | up 3421    | up 3420  | up 3419  | up 3956  |
+-----+----------------+-----------------+------------+----------+----------+----------+
| CMA | cma-primary    | 171.155.44.74   | up 21716   | up 21715 | up 21705 | down     |

Solution

  • Change the smart_center_backup parameter to true using dbedit, gui-dbedit or by editing the objects_5_0.C file.

One the primary cma

  1. stop cma
  2. mdsenv cma-primary
  3. rm $FWDIR/conf/mgha/*
  4. start cma
  5. Manually synchronized the secondary via SmartDashboard > Policy > Management HighAvailability
After the sync was successful, the cpca on the secondary cma should start on its own.