Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kb1
Collaborator

Smartconsole mgmt server issue

smartconsole doesnot detect the primary mgmt server.

Tried restarting checkpoint services on both the mgmt servers also tried reboot on both but it does not seem to work, will attach the screenshot of the error.

Created a service request with checkpoint but in the mean time before they call me it would be great if i could get some other troubleshooting tips.

Will be attaching the screenshot as well.

And also im able to connect to the mgmt server using putty, also just recieved a mail from the proficio team (its a siem tool) that they cannot connect to the mgmt server as well which is probably related to this issue.

Thank you.Capture.PNG

0 Kudos
6 Replies
Tal_Paz-Fridman
Employee
Employee

Hi

fdcfwmgmt01 is the Primary Management Server? Are you able to login to it using SmartConsole?

If so, can you check SIC status between the Primary and Secondary Management Servers?

 

0 Kudos
David_C1
Advisor

I would:

1. Make sure you see the fwm process running on your primary management server (ps -auxxx | grep fwm)

2. Check the CA status of your primary management server ("cpca_client lscert -dn 'cn=cp_mgmt' -stat Valid | grep found"). There should be only one cert and it should be valid

 

Dave

0 Kudos
kb1
Collaborator

so here are the outputs-

[Expert@FW-MGMT01:0]# ps -auxxx | grep fwm
admin 4600 0.0 0.1 145424 36832 ? Ss 13:43 0:00 fwm
admin 5748 0.0 0.0 2604 556 pts/2 S+ 13:50 0:00 grep --color=au to fwm
[Expert@FW-MGMT01:0]# cpca_client lscert -dn 'cn=cp_mgmt' -stat Valid | grep found
2 certs found.


now looks like fwm is running but there are 2 certs, how do i check the validity of those certs?
And do i need to remove one of them and how?
0 Kudos
kb1
Collaborator

no thats also an issue, cannot login to smartconsole for 01.and i checked sic status through cli from 02 and it says trust established (used cpconfig and option 6) now what? do i reinitialise sic? and if i do that will it happen quickly or will it bring down both management servers for a few minutes or something?
0 Kudos
David_C1
Advisor

I would wait for TAC guidance at this point.

Dave
0 Kudos
kb1
Collaborator

the only issue with tac is they are so slow with their responses, i did get a reply and he asked me to run a bunch of commands-

cpprod_util FwIsActiveManagement

for active standby and it seems thats fine since 01 is active and 02 is standby but for the command below-

$MDS_FWDIR/scripts/cpm_status.sh

it shows initialising for 02 (up and running for 01) that means there is an issue with 02 so he said if it shows intialising then he asked to have a session to troubleshoot, now who knows when he will respond again, meanwhile i looked up an sk for this "initialising" issue and came across something (something to do with the presence of elg files and permissions ) and it seems theres no problems following the sk as well so no idea what is going on with the 02 server.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events