This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martijn
Advisor
Advisor
‎2022-03-03 06:57 AM

MDM synchronization issues

Hi All,

I need to perform sk164002 on a MDM setup for one of our customers. Version is R80.30 take 237.
I am able to perform this in a lab setup with the customer's MDM database so I don't mess with the production environment.

I have created a Secondary MDM server and am able to connect this Secondary MDM server to the Primary MDM server.
Synchronization for the Global Domain is working and when I perform a manual sync, this works fine.

The problem is the Domain Servers. I can succesfully create the Secondary Domain Server within the domain and the automatic full sync after creating the Secondary Domain Server is working fine. When I login both Domain Server, I can see all objects, gateways and policy. All is OK in 'Gateways and Servers'.

But in the Domain overview in MDM I can see an exclamation mark besides both Domain Server.

- The Primary Domain Server is telling me there is no communication with the Secondary server. They are in the same network and can 'see' each other.
- The Secondary Domain server is telling me there is no active server present. But the Primary server is the active server.

When I try to perform a manual sync, I get the message 'ngm failed retrieve last publish time'. When I try to make the Secondary Domain Server active, the Primary Domain Server will not go to Standby.

Involving TAC is not an option, so I hope someone has seen this before and has a solution or an idea where to look for. There are not much knowledge base articles about the mentioned messages.

I have created a lab setup with clean installed MDM servers and all is working right out of the box. So there is something in the customer's database. 

So any help, tips and tricks are welcome. We would like to upgrade to R81.10, but we would like to do that with a correct MDM database.

Regards,
Martijn

Labels
0 Kudos
4 Replies
the_rock
Legend
Legend
‎2022-03-03 09:28 AM

I had seen one customer while back have this issue and it was fixed with below sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Martijn
Advisor
Advisor
‎2022-03-03 10:25 AM
In response to the_rock

Hi,

I also found that article, but the 'NeverSynced' value is already 0 in our environment.

Regards,
Martijn

0 Kudos
the_rock
Legend
Legend
‎2022-03-03 10:51 AM
In response to Martijn

And if you try make standby active, does it give an error or it just does not work?

Andy

0 Kudos
Martijn
Advisor
Advisor
‎2022-03-08 10:08 PM

Andy,

When I try to make the Standby server active with SmartConsole, I get an error telling me there is no Active server and the Standby server does not change to active. 

I have tried to force the Standby server to active with the mgmt_cli make-active-server --force and this works. But then I get a message telling me not all Active servers went to standby.

Somehow communication between the two servers is not correct. There are in the same network and the initial sync after creating the Secondary Domain Server works. But after that...

Regards,

Martijn

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events