cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
ED
Silver

SMS lost connection to all

Hi,

SMS connection has lost connection to all GW's that it manages. Red x on all objects under "Gateway & Servers" and message "Connection with '(name of object) ' is lost".

Installation of policy failed with 

What could have caused this suddenly? 

0 Kudos
8 Replies
Nüüül
Silver

Re: SMS lost connection to all

Hi!

is sms service running on the gateway?  How to debug SofaWare Management Server (SMS) daemon on Check Point Management Server 

What version is the Management running on?

Did you recently upgrade the management?

daniel

0 Kudos
ED
Silver

Re: SMS lost connection to all

No upgrade recently. Was away for 11 days and came back to this problem. Unable to open anything under "Gateway & Servers" in SmartConsole. 

0 Kudos
Nüüül
Silver

Re: SMS lost connection to all

Can you open GAiA Web UI on the Managment Server? And the Managment Server object in Console?

What is there stated for SIC? / WebUI : System Managment-->Certificate Authority

On management server CLI check cert expiration:

How to determine an SIC Certificate's expiration date 

do you have access to the gateways?

0 Kudos
ED
Silver

Re: SMS lost connection to all

Certificate Authority Status is Established on the Web UI for the management server. I can not open the management object in SmartConsole. 

On the mgmt server I ran the command: cpca_client lscert -kind SIC

Not sure how to understand the output when I have several lines of CN names that are same. Here is an example for the same CN name for a gateway object:

Yes I have access to GW's trough Web UI.

0 Kudos
Nüüül
Silver

Re: SMS lost connection to all

hmm... what does 

cp_conf sic state

on the gateways say?

As you are not able to open even the management server object in GUI, i´d open up a SR

 

0 Kudos
ED
Silver

Re: SMS lost connection to all

Trust State: Trust established. 

0 Kudos
Highlighted
ED
Silver

Re: SMS lost connection to all

Hi Daniel,

Just wanted to update you on this case and thank you for your help. I found sk113744 which solved the problem. One of my co-workers got a "certificate revoked" error which lead me to this sk. I did not get that error.

Here are the symptoms for this problem:

  • Login to the Security Management server via R80 SmartConsole fail with error: "Certificate revoked".
  • The "cpca_client lscert -stat Valid" command run on the Security Management server shows valid "cp_mgmt" certificates.
  • The "cpwd_admin list" command shows all processes are running.
  • All statuses are showing X sign.

Solution:

# cd $CPDIR/conf

# mv $CPDIR/conf/sic_cert.p12 /var/log/

# cpca_client revoke_cert -n "CN=cp_mgmt"

# cpca_client create_cert -n "CN=cp_mgmt" -f sic_cert.p12

# cpstop; cpstart

Re: SMS lost connection to all

I will test this,I seem to have all the symptoms since even my sic status says  "Established" and I have not had any certificates revoked.

Just to clarify,did you have the certificates revoked error? I didn't have that error but I seem to have all the symptoms

0 Kudos