"SIC error 117" when trying to establish SIC

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk167758
Technical Level
Product	Quantum Security Management, Multi-Domain Security Management
Version	R80 (EOL), R80.10 (EOL), R80.20, R80.30, R80.40
OS	Gaia
Platform / Model	All
Date Created	01-Jul-2020
Last Modified	05-Jul-2020

Symptoms

When trying to establish SIC foloowing error is received:
SIC Status for GW: Not Communicating SIC is not initialized at the peer [error no. 117] Check that peer SIC is configured, and that it has a valid SIC certificate
Telnet on port 18191/18211 is working
When attempting to reset the SIC on the SmartConsole, the error appears immediately :
"The SIC was not initialized, cannot continue"
If the ICA name for the CLM/CMA was changed, you can review the registry file for this specific customer under the customers folder in the respective CLM/MDS.
On the Management server this file is on the $CPDIR/registry/HKLM_registry.data you can see that the old name is still there.
Attempting to copy/create a new file in the registry folder is denied with the following:
cp: cannot create regular file 'HKLM_registry.data.backup': Permission denied

Cause

The registry folder or files under the $CPDIR/registry are attributed with the 'i' flag (Immutable - Prevents any change to file's contents or metadata: file/directory cannot be written to, deleted, renamed, or hard-linked).

This is rarely caused by a failed backup/MDS_backup but is mostly due to human error.

This will not allow the new cert to write the SIC name to the registry file properly on the machine you fail to initiate SIC with. (not on the Management server.)

When the scenario is on Multi-Domain Server/Multi-Log Management, you can see the issue on the customers context:
# mdsenv <CLM/CMA_IP>
# mcd
# cd /opt/CPmds-R80.xx/customers/<CMA_NAME>/CPshrd-R80.xx/registry

To confirm the issue run the following command in the path according to your version:
# lsattr /opt/CPshrd-R80.xx/registry/HKLM_registry.data

The output is, for example in a correct situation:
/opt/CPshrd-R80.xx/registry/HKLM_registry.data

Verify the same on the directory itself:
# lsattr /opt/CPshrd-R80.xx/registry

Solution

Note: To view this solution you need to Sign In .