Support Center > Search Results > SecureKnowledge Details
"Failed to update Internal CA DB" error on synchronization failure in Management High Availability configuration Technical Level
Symptoms
  • "Failed to update Internal CA Database" error in SmartDashboard on synchronization failure in Management High Availability configuration.

  • The CPCA process is down on the secondary Domain Management server.

  • "Collision" or "Lagging" status in SmartDashboard for Management HA Servers / Domain Management Servers (R77.x versions)

  • The following messages are printed in $FWDIR/log/cpca.elg*:
    [cpca 27848 4121188160] cpFileCopy: failed to fopen source file
    [cpca 27848 4121188160] fwCA::CopyDb: error copying /opt/CPsuite-R80.20/fw1/conf/InternalCA.C to /opt/CPsuite-R80.20/fw1/log/mgha/41e821a0-3720-11e3-aa6e-0800200c9fde/ica{9066FAB0-7CB6-484F-A63A-CE7FD0EE06C7}/InternalCA.C
Cause
  • Internal Certificate Authority files have become corrupt on the Secondary Security Management Server / Secondary Domain Management Server

    OR

  • Size of some $FWDIR/conf/hit_count_rules_tables.sqlite_* files on the problematic Primary / Secondary Security Management Server / Primary Domain Management Server.

    OR

  • A large sized cp.contract file (> 15MB) created a bottleneck and prevents the synchronization between Domain Management Servers from completing (R77.x versions).
  • The user might have run the solution mentioned in sk99130 on the Secondary Security Management server. The solution mentioned in sk99130 removes the ICA related files and needs to be executed on the Security Gateway only, and not on the Primary or Secondary Security Management server (R77.x versions).

Solution
Note: To view this solution you need to Sign In .