Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Polina_1
Participant

SIC on Secondary Management Server

Hello

Could you please advise me on this question?

We have Secondary Management Server on version 77.30. Previously it was connected to mds server. But mds server was shut down. We put secondary SMS in active mode and we were able to connect to it using Smart Dashboard.

It happened that the SIC on secondary SMS was reset (via cpconfig). At the moment we cannot connect to the Secondary SMS using Smart Dashboard. Do I understand correctly that without initializing SIC with primary SMS, we will not be able to work with Secondary SMS?

 

0 Kudos
8 Replies
Tal_Paz-Fridman
Employee
Employee

SIC should have an impact. When you connect to the Secondary using SmartDashboard you should be given an option to change it from Standby to Active. When it becomes Active it will work like the original Primary Management Server.

BTW - it is highly recommend you upgrade from R77.30. We have stopped supporting it completely in 2019 and future issues will not be handled by TAC.
https://www.checkpoint.com/support-services/support-life-cycle-policy/#software-support

 

0 Kudos
Gojira
Collaborator
Collaborator

You will probably have to promote it first:

 

https://support.checkpoint.com/results/sk/sk114933

 

 

the_rock
Legend
Legend

I agree with @Gojira . By the way, just so its clear, primary will ALWAYS be primary and secondary will ALWAYS be secondary, unless they are rebuilt. Either one can be active or standby, so primary can be standby and secondary can be active, or other way around.

Best,

Andy

Polina_1
Participant

After the SIC on Secondary SMS was reset, we got this error as shown in the screenshot.
After that we did the procedure described in sk114933. But it did not give any result.

As now we don't have primary SMS, will we be able to work normally with Secondary SMS (connect SmartDashboard, install policies, etc.)?

I see only one solution in this case - clean installation of Secondary SMS and initializing it as primary. But maybe there are some other ways to save the current Secondary SMS. Do you know of any?

Polina_1_0-1705555472969.png

 

0 Kudos
the_rock
Legend
Legend

Can you even ssh into that server? If so, run api status and also watch -d $FWDIR/scripts/./cpm_status.sh (ctrl+c to stop)

Otherwise, if its fialing, verify fwm process, but I would call TAC to confirm the best option.

Andy

0 Kudos
emmap
Employee
Employee

It's R77, that script doesn't exist.

0 Kudos
emmap
Employee
Employee

With it being a secondary and with SIC reset, unless you have a backup from before the SIC reset you may have lost the data on the server. How concerned are you about retrieving the policies and such? If you need a recovery effort, your local PS team might be able to help. 

If you don't need to recover anything, then for sure do a clean install to a supported version and start fresh.

0 Kudos
Polina_1
Participant

Thank you for your reply.
We decided to do a clean install of the management server. However, first we decided to test the database migration from Secondary SMS R77.30 to primary SMS R77.30 in a lab environment. We plan to use the migration tool. As we need to keep the policies on the Management Server.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events