Support Center > Search Results > SecureKnowledge Details
"CRLs failed to be downloaded" error in SmartConsole when trying to connect to a Security Management Server / SmartEvent Server Technical Level
  • "CRLs failed to be downloaded" error in SmartConsole when trying to connect to a Security Management Server / SmartEvent Server.


    This may also occur if users connect immediately after an upgrade, while the upgrade processes have not yet completed.

Make sure the server is not busy starting up. This message can appear when the cpm process is still starting up and not yet fully started. Wait a few minutes and try again. 

This problem was fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version.

If the updated SmartConsole build does not resolve the issue, there are a few other possible causes:

  1. Potential privilege problem when running on Windows operating system. Right-click on the SmartConsole icon and select - "Run as Administrator".
  2. SmartConsole cannot communicate with the server on the required ports. Make sure you check netstat and see that the server is listening to these ports:
    • 18190
    • 18264
    • 19009
  3. The server is a Secondary Security Management Server / SmartEvent / Log Server and SIC was not yet established with the Primary Security Management Server.
  4. If the server is a Primary Security Management server, verify that the CRL file exists in $FWDIR/conf/crls/ICA_CRL0.crl and access it in a web browser in this URL: http://<MGMT_IP>:18264/ICA_CRL0.crl
  5. The Windows device IP address is not an allowed GUI Client.
  6. Try to mdsstop_customer;mdsstart_customer the Management Server.


If none of the above applies, please collect the following debug files on your Windows device and submit a ticket to Check Point Support:

Note: These debug files are special files for the CRL downloading scenario. None of the other scenarios of using SmartConsole need these files. Typically for collecting more information for the SmartConsole application, completely other files are needed. This is because the library which initiates the download of CRL's, writes to different files.

1. Open command-line on your Windows client and make it navigate to the folder where SmartConsole.exe resides, typically "C:\Program Files (x86)\CheckPoint\SmartConsole\<VERSION>\PROGRAM\" (or other versions). 

2. Launch SCConfigManager.exe from the command-line window.

3. This command-line utility displays a list of options. Choose option "(3) TDERROR - Configure TDERROR debug level" by typing "3"

4. The next step asks whether to turn TDERROR option on or off - type "on".

5. From the command-line window, launch SmartConsole.exe

6. Attempt to login and have the problem reproduced. 

7. Close the SmartConsole application

8. Repeat steps 3-4 but this time turn the TDERROR option "off".

9. The files are added to %localappdata%\Check Point\[version name] , or if you use SmartConsole in Portable Mode, to the "Output" sub-folder right next to the SmartConsole.exe executable file.

Please include such files with your Support Ticket.

Give us Feedback
Please rate this document