https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173050#M31441 <P>Dear All</P><P>&nbsp;</P><P>I want to ask related my case, and may be anyone know about this issue can give me advise or solution</P><P>&nbsp;</P><P>Currently we are using RA Vpn with certificate internal for authentication&nbsp; and now we find issue related RA VPN certificate distribution , when we try to distribute certificate and send email to our user, the registration key is failed to send with capture below,&nbsp;</P><P>and for additional information,<BR />1.we use 2 gateways as vpn on different site (1pdc, 1HQ) and connected in 1 same fw mgmt for ex 10.1.1.1<BR />2.we use 2 jump host/ terminal server (1pdc, 1drc) for access our smart console</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19835i9091135C6E7F6545/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>3.we already deploy and use this ra vpn for 4 month and working properly for send cert and access</P><P>but now we have problem in 1 jump host in drc make we strange, when we try to send / distribute certificate from fwm 10.1.1.1, its always failed with this info,</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19834i13A176E104D862C5/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>But if we try with our jump host in pdc, its normal, even though it uses the same fwm 10.1.1.1 like on jump host drc</P><P>and we already try to reinstall our smart console in drc, but still failed, as i think the process distribution and send mail is should do by fwm right ? not from jump host or endpoint we open smart console.<BR /><BR />CMIIW and Thanks&nbsp;<BR /><LI-PRODUCT title="remote-access" id="remote-access"></LI-PRODUCT></P> Tue, 28 Feb 2023 17:41:30 GMT rdinata01 2023-02-28T17:41:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173050#M31441 <P>Dear All</P><P>&nbsp;</P><P>I want to ask related my case, and may be anyone know about this issue can give me advise or solution</P><P>&nbsp;</P><P>Currently we are using RA Vpn with certificate internal for authentication&nbsp; and now we find issue related RA VPN certificate distribution , when we try to distribute certificate and send email to our user, the registration key is failed to send with capture below,&nbsp;</P><P>and for additional information,<BR />1.we use 2 gateways as vpn on different site (1pdc, 1HQ) and connected in 1 same fw mgmt for ex 10.1.1.1<BR />2.we use 2 jump host/ terminal server (1pdc, 1drc) for access our smart console</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19835i9091135C6E7F6545/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>3.we already deploy and use this ra vpn for 4 month and working properly for send cert and access</P><P>but now we have problem in 1 jump host in drc make we strange, when we try to send / distribute certificate from fwm 10.1.1.1, its always failed with this info,</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19834i13A176E104D862C5/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P><P>But if we try with our jump host in pdc, its normal, even though it uses the same fwm 10.1.1.1 like on jump host drc</P><P>and we already try to reinstall our smart console in drc, but still failed, as i think the process distribution and send mail is should do by fwm right ? not from jump host or endpoint we open smart console.<BR /><BR />CMIIW and Thanks&nbsp;<BR /><LI-PRODUCT title="remote-access" id="remote-access"></LI-PRODUCT></P> Tue, 28 Feb 2023 17:41:30 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173050#M31441 rdinata01 2023-02-28T17:41:30Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173073#M31450 <P>Pretty sure this all happens through management (not SmartConsole machine).<BR />What version/JHF level?</P> Tue, 28 Feb 2023 19:18:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173073#M31450 PhoneBoy 2023-02-28T19:18:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173098#M31456 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;<BR /><BR />Currently our fwm using R80.40 T77</P><DIV class=""><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19840iCF30F53BD5D6E23D/image-size/medium?v=v2&amp;px=400" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19839i878EC1C75B7DC41A/image-size/large?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span></P> Wed, 01 Mar 2023 05:31:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173098#M31456 rdinata01 2023-03-01T05:31:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173246#M31488 <P>I just want to make sure I understand your problem correctly.<BR />You are using numerous "jump hosts" (presumably via RDP) to access the same management server (10.1.1.1)<BR />Not a management server with the same address, but the exact same management server in both cases.<BR />When you attempt to perform this task from one of the jump posts, you get the problem described.<BR />When you attempt to perform this task from the other jump hosts, the operation succeeds.<BR />Am I restating the problem correctly?</P> <P>In any case, I recommend the following:</P> <UL> <LI>Install the latest Recommend JHF for R80.40 (Take 77 is more than two years old):&nbsp;<A href="https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/R80.40-List-of-all-Resolved-Issues.htm" target="_blank">https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/R80.40-List-of-all-Resolved-Issues.htm</A>&nbsp;</LI> <LI>Install the latest R80.40 SmartConsole on the relevant jump hosts:&nbsp;<A href="https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40_SC/R80.40/R80.40_Downloads.htm?tocpath=_____2" target="_blank">https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40_SC/R80.40/R80.40_Downloads.htm?tocpath=_____2</A>&nbsp;</LI> </UL> <P>If you're still having issues after doing these things, I recommend a TAC case.</P> Wed, 01 Mar 2023 17:45:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Failed-Distribution-Certificate-RA-VPN/m-p/173246#M31488 PhoneBoy 2023-03-01T17:45:14Z