Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sushantjoshi
Contributor

Failed to update Internal CA Database

Anyone faced similar issue in Checkpoint Management High Availability Environment? I saw an SK81360 as well. Safe to delete those ICA_File and regenerate it as mentioned in the SK? 

What does those ICA_File do ? 

 

 

CA DB ISSUE.png

 

 

0 Kudos
5 Replies
the_rock
Legend
Legend

Im fairly positive it would fix your issue. I had 2 clients do this in the past and it worked just fine, BUT...PLEASE make sure you backup those files before deleting them. I hope you wont need them, but better be safe than sorry later, as it has to do with internal certificate authority, aka ICA,, because once you delete them and dont back them up, once they are gone, they are gone, thats it.

Andy

(1)
sushantjoshi
Contributor

Hi @the_rock  now I am facing another issue where Failed to Synchronize peer "NGM Failed to import data "

0 Kudos
sushantjoshi
Contributor

@the_rock the issue has now been resolved. It took sometime to completely synchronize across.

Just for anyone who looks across this post in future. The certificate will be generated in your current active box that means if you Secondary SMS is active during the failure the ICA will get generated in in the Secondary Active SMS box not in the Primary Standby box

0 Kudos
the_rock
Legend
Legend

Awesome job!

Andy

0 Kudos
the_rock
Legend
Legend

@sushantjoshi Just for the context and I know I said this probably 50 times about this subject, but some people still mey get confused about it...

So, primary will ALWAYS be primary and secondary will ALWAYS be secondary, unless rebuilt, of course.

Either one can be ative/standby, so you can have below scenarios:

1)primary/active

2)pimary/standby

3)secondary/active

4)secondary/standby

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events