Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bebertjack
Contributor

failed to import SMS to a new Domain

Hello,

We are moving some SMS into a multi-domain server and for the new one (this is the 5th one we're migrating) we have an issue because the import is stopped by the error :

comments" : "Failed: Domain XXXXXXXX already exists. Importing the same domain more than once isn't supported.",

Problem the domain name in the import command is not the one we see in the error comments.

has anyone ever had the same error?
are there any commands for debugging an import?

 

Version R81.20 Jumbo HotFix Take 54

MDM is a Checkpoint Appliance (Smart-1 6000-XL) in HA

 

Thanks

bebertjack

 

0 Kudos
9 Replies
G_W_Albrecht
Legend Legend
Legend

Do you have an SR# with CP TAC open already ?

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
bebertjack
Contributor

Hello,

No, not yet.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would suggest to do that asap - i doubt that other CheckMates can help much here...

Logs of the migrate_server command can be found here:$FWDIR/log/cpm.elg

 

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
bebertjack
Contributor

hello,

Yes I'll open a case but I think we have found something: seven years ago it seems we have split a SMS into two different SMS and now we try to add the two SMS into two domain in our MDM. The domain in the the error is one of the two SMS and is already in the MDM. Today I try to import the second one and it was a failure.

In the KB about import/export Domain Migration in versions R80.20 and higher (checkpoint.com) there is some limitation about the integration of the same SMS twice.

I will open the case to have Checkpoint point of view and I hope some advice to be able to import our SMS.

Thanks 

0 Kudos
the_rock
Legend
Legend

There is definitely lots of logic into that reason, I agree. Lets us know what TAC says. Btw, I also searched for that error on support site, nothing comes up, except this post, unless there is an internal sk we dont have access to.

Andy

0 Kudos
bebertjack
Contributor

CASE open, I'll come back when TAC would have find out

the_rock
Legend
Legend

For sure do let us know mate.

Andy

0 Kudos
bebertjack
Contributor

Hello,

Reply form TAC

ICA is not the only problem, the main issue is due to the database - i.e. this is still the same DB, with the same SMS object and other objects with the same UID.

So It seems that even in MDM environnement UID must be unique.

Now we search for a solution to import the remaining SMS. I'll update when we will find a way and test it.

Regards

bebertjack

0 Kudos
bebertjack
Contributor

Hello,

Some news, we will use the latest upgradetools (version 997000802) to export import our SMS. The new version will do an import with a cloning like SK sk180631 with the same drawback except for the domain name and IP address.

The biggest issue is the rebuild of the Gateway network part (interface, IP and topology) and the SIC, so to ensure a smooth transition we will change the IP address for the new domain and migrate one by one all the cluster.

By adopting this approach, we limit the impact on production and the risk of losing a GW, but we add extra work for the integration teams, who will have to make the policy changes twice until the end of the migration.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events