Support Center > Search Results > SecureKnowledge Details
Cannot assign global policy after running cma_migrate
Symptoms
  • Cannot assign global policy on Domains Servers hosted by Secondary Multi-Domain Server after running cma_migrate on the Primary Multi-Domain Server
Cause

When performing cma_migrate there are not any audit logs. As a result, when the IPS domain is updated with a new IPS version, it is not updated in other machines.


Solution

This problem was fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Cluster / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).

 

Also the following workaround is available: Perform full sync on the Global Domain.

To avoid this and other potential failures, it's highly recommended to stop the Mult-Domain Server processes during the cma_migrate in following way:

  1. Run mdsstop
  2. Run mdsstart -m
  3. Run the cma_migrate for the newly created Domain
  4. Run mdsstart
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • PMTR-12050 , PMTR-13198

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment