Re: SIC issue between the SMS and the log server

OmarDafiri · ‎2024-02-23

Hello everyone,

I hope all is well.

I am facing an issue regarding the communication between a SMS and a dedicated log server. After performing an upgrade to R81.20, I lost SIC communication between the two compenents.

I'd like to re-initialize the SIC again, but I don't know how to do it in the log server, is there any helpful command ? (for example: in the SGs I can run the cpconfig command in the CLI and choose option number 5 then put a new SIC OTP)

Thanks in advance guys.

the_rock · ‎2024-02-23

Thats odd, cause on mine, you get below when running cpconfig...

Andy

Configuration Options:
----------------------
(1) Licenses and contracts
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) Random Pool
(6) Secure Internal Communication
(7) Certificate's Fingerprint
(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Best,
Andy

OmarDafiri · ‎2024-02-23

Thanks the_rock for your reply,

However, the log server was installed in the first hand as secondary management server, that's why i think the cpconfig command is not working in my case

the_rock · ‎2024-02-23

I see, got it. So if you type cpconfig, does it not give any options at all?

Best,

Andy

Best,
Andy

OmarDafiri · ‎2024-02-23

Here is the result of cpconfig command:

This program will let you re-configure
your Check Point Security Management Server configuration.

Configuration Options:
----------------------
(1) Licenses and contracts
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) Random Pool
(6) Certificate Authority
(7) Certificate's Fingerprint
(8) Automatic start of Check Point Products

(9) Exit

Regards,

the_rock · ‎2024-02-23

You can try below.

Andy

https://support.checkpoint.com/results/sk/sk86521

Best,
Andy

OmarDafiri · ‎2024-02-26

Hi Andy,

thank you for your response.

Unfortunately, it didn't work.

it says you cannot run sic commands on this machine

Regards,

the_rock · ‎2024-02-26

So based on what @AmirArama sent you, it is absolutely correct, you canNOT do it if its primary.

Best,

Andy

Best,
Andy

AmirArama · ‎2024-02-23

Did you do cpuse upgrade or clean install? If it's clean install blink image, i assume in the first time wizard you havn't given a choice to select secondary mgmt hence the log server was installed as a primary mgmt.

Is that sounds like your case?

OmarDafiri · ‎2024-02-26

Hello AmirAmara,

Thank you for your email.

Indeed, we did advanced upgrade, so we performed a fresh install using the blink image, however, during the initial wizard, it didn't specify where to put the SIC OTP, so when the upgrade is completed, the trust between SMS and log server isn't established.

AmirArama · ‎2024-02-26

Yes, because it installed it as primary.

you can verify with

grep Primary $CPDIR//registry/HKLM_registry.data

:Primary ("[4]1") means this is the primary

:Primary ("[4]0") means this is the secondary

https://support.checkpoint.com/results/sk/sk148112

personally i'm not familiar with any way to convert it to secondary except from reinstall the server (no blink) and select it in First time wizard. but maybe someone else knows better than me.

OmarDafiri · ‎2024-02-26

Hello AmirAmara,

Thank you for your response.

Indeed, it shows :Primary ("[4]1"). so it's declared as primary management server I presume.

Josh28 · ‎2024-02-26

Hi, funny I had an issue after upgrading a smartEvent recently too, mine was the TCP port 8211 wasn't opened between the Smart Event and the CMA (my post https://community.checkpoint.com/t5/General-Topics/SmartEvent-Error-CPSEMD-not-running/m-p/205054#M3...). Perhaps there is a port missing in your case too. Good luck 🙂

Are you a member of CheckMates?

SIC issue between the SMS and the log server