The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Secondary MDS and MLM are unable to renew certificate
Technical Level
Solution ID
sk164732
Technical Level
Product
Multi-Domain Security Management
Version
R80.10 (EOL), R80.20, R80.30, R80.40
OS
Gaia
Date Created
17-Jan-2020
Last Modified
24-Mar-2021
Symptoms
Secondary MDS or MLM can't renew management certificate.
If MDS/MLM failed to renew a management certificate until end of graceful renewal period, the clients trying to connect to MDS/MLM in question would get error: "Certificate is revoked".
cpd.elg shows:
[CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] sicRenew: SIC Renewal: Cannot renew SIC certificate. Failed to initialize renewal protocol with the ICA.
[CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] sicRenew: Try to restart all Check Point processes.
[CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] Renew_SIC_Cert_cb: CPD failed to renew sic certificate. status = 3, rc - -1.
[CPD 11247 4145886928]@Mds-Secondary[14 Jan 20:54:09] Renew_SIC_Cert_cb: Will try again in 1 hour.
'sicRenew -d' shows:
[16 Jan 22:39:07] Get_mngmt_IP: Running on a standby management will look for active one.
[16 Jan 22:39:07] CreateStrList: Invalid list size, 0.
[16 Jan 22:39:07] RenewSICCert: Failed getting management IP list.
[16 Jan 22:39:07] SIC Renewal: Cannot renew SIC certificate. Failed to initialize renewal protocol with the ICA.
