High Availability Troubleshooting

These error messages show in the High Availability Status window when synchronization fails:

Not Communicating

Solution:

  1. Check connectivity between the servers.

  2. Test SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server..

Collision or HA Conflict

More than one management server is configured as active.

Solution:

  1. From the main SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. menu, select Management High Availability.

    The High Availability Status window opens.

  2. Use the Actions button to set one of the active servers to standby.

    Warning - When this server becomes the Standby, all its data is overwritten by the active server.

Sync Error

Solution:

Do a manual sync.

Unlocking the Administrator

In a High Availability environment, if an administrator is locked on the Standby Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., the administrator is not locked and does not appear as locked on the Active Management Server. Therefore, you cannot unlock the administrator on the Active Management Server.

To unlock the administrator:

Use the API command unlock-administrator on the Standby Management Server. See the Check Point Management API Reference.