Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor
Jump to solution

Rename Multi Domain Management Server

Hi,

For a customer I am migrating a MDM server to new hardware. The new server has a new IP-address and a new hostname. When importing the database with the migration tools the old hostname is shown in SmartConsole. I can see the new IP-address.

When I try to change the hostname, I am unable to because SIC is still configured and the MDM server has a certificate with the old name. 

Is it possible to rename the MDM server in SmartConsole so it is the same as the hostname of the server? If yes, what is the correct and supported procedure?

Regards,
Martijn

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

From what it looks like, this will require a complete reset of SIC.
See: https://support.checkpoint.com/results/sk/sk164055 

View solution in original post

(1)
Martijn
Advisor
Advisor

Dameon,

Thanks. Used the SK you mentioned, but is is a littlie bit different for renaming a MDM server. This is what I did:

1. Log into MDM SmartConsole and edit the MDM server object at the top of the Domain lists.
2. Revoked the SIC certificate and accepted the warning.
3. Clicked OK and opened the MDM server object again so I could change the name.
4. Publish changes in MDM SmartConsole.

Now all Domains where disconnected because the certificate was revoked.

5. With SSH I performed a 'fwm sic_reset' which was successful.
6. Create a new CA with 'mdsconfig'. This was also successful.
7. Restarted all services with 'mdsstop / mdstart'.

MDM server and all Domain got up-and-running and I could could connect to all Domains with SmartConsole. It all looks good.

Performing this in my lab and SIC reset is not a concern for me. I would like to migrate a MDM server with only the Global Policies and Globale Objects. TAC told me 'migrate_global_policies' is not supported for R80.40 to R81.20 migrations, so my plan was to migrate the complete server, delete all Domains and then create them from scratch. Also we are building new VSX clusters so SIC is no problem there.

Regards,
Martijn

 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

From what it looks like, this will require a complete reset of SIC.
See: https://support.checkpoint.com/results/sk/sk164055 

(1)
Martijn
Advisor
Advisor

Dameon,

Thanks. Used the SK you mentioned, but is is a littlie bit different for renaming a MDM server. This is what I did:

1. Log into MDM SmartConsole and edit the MDM server object at the top of the Domain lists.
2. Revoked the SIC certificate and accepted the warning.
3. Clicked OK and opened the MDM server object again so I could change the name.
4. Publish changes in MDM SmartConsole.

Now all Domains where disconnected because the certificate was revoked.

5. With SSH I performed a 'fwm sic_reset' which was successful.
6. Create a new CA with 'mdsconfig'. This was also successful.
7. Restarted all services with 'mdsstop / mdstart'.

MDM server and all Domain got up-and-running and I could could connect to all Domains with SmartConsole. It all looks good.

Performing this in my lab and SIC reset is not a concern for me. I would like to migrate a MDM server with only the Global Policies and Globale Objects. TAC told me 'migrate_global_policies' is not supported for R80.40 to R81.20 migrations, so my plan was to migrate the complete server, delete all Domains and then create them from scratch. Also we are building new VSX clusters so SIC is no problem there.

Regards,
Martijn

 

0 Kudos
Bob_Zimmerman
Authority
Authority

I don't believe there is a way to do this without resetting SIC with EVERYTHING. All the certificates descend from the MDSs' ICA, which is signed to its name and which must match the object name.

(1)
the_rock
Legend
Legend

I think guys are right, SIC reset is definitely needed.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events