Gabriel Briones

R80.10 Management Synchronization is not working

Discussion created by Gabriel Briones on Nov 18, 2018
Latest reply on Nov 19, 2018 by Dameon Welch-Abernathy


Check Point Management Version (R80.10 with HFA 70)


1. Primary/Active management's lv_current partition utilization becomes 100%

2. Secondary/Standby management was promoted to Secondary/Active and we've been using the secondary management to create firewall rules since.

3. Clear up files on Primary/Active (now Primary/Standby).

4. Tried synchronizing the Secondary/Active with Primary/Standby but fails with error "Synchronization error: NGM failed to retrieve last publish time"

5. Situation has been like this for a couple of months now and we can't synchronize the management.

6. A couple of steps has been carried out as advised by Check Point support including the following but none of them works
clear Smart Console Cache
clear $FWDIR/conf/mgha/*
reset SIC
install policy/database
cpstop and cpstart

7. Check Point support advised us to rebuild the primary which we did, we install a fresh R80.10, apply the relevant HFA and restore the database. Unfortunately migrate export on Secondary Management is not supported so we need to use what ever is the last backup on the primary. Tried synchronizing again but we still face the same issue.

8. Currently, we can still use the now Secondary/Active management but we can't create a backup of the database and it just a matter of time before this active management encounters issue.
9. From Gaia, i've created a snapshot of the secondary/active management and restore it in my lab setup, install another R80.10 management which acts as a primary and I've managed to replicate the issue.

10. On the lab, I've tried doing a "promote_util" on the Secondary/Active management but it keeps on generating a core dump. Tried resetting the SIC, clear cache, revoke certificate but none of them works. I even install the latest HFA (Take 154) and repeat all the steps I could think of to restore the synchronization but it doesn't work as well

11. The case is now with the R&D and we're still waiting for a possible solution to our issue. An OVF template of both the primary and secondary management has also been provided.

12. I seems to be running out of options and would like to seek some help from this forum