|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Error: Peer sent wrong dn?
Hello, I've done the following successfully numerous times on NG's running on Solaris, never done the Win2K stuff though. Module: Reset SIC using cpconfig (requires stop, restart) MGMT station: close gui $cpstop edit objects_5_0.c (backup before trying this obviously) remove MGMT certificate manually $fwm sic_reset (if this fails you need to try delete it as above properly!) $cpconfig reset CA $cpstart Sometimes you'll need to try manually delete the certificate in the gui first but I find it doesnt actually remove it from the likes of ojects_x.c. this needs to be done manually. Hope this proves helpful. -Paul Grapendaal -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Roelandts, Guy Sent: Friday, July 04, 2003 11:46 AM To: [email protected] Subject: Re: [FW-1] Error: Peer sent wrong dn? Joseph, What/How did you move the configuration files over?? If you use the upgrade_export/import tool from CheckPoint you should have no issues, provided the fqdn name remains the same, I have done it several times and it worked like a charm. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSE-NG Hewlett-Packard Belgium B.V.B.A./S.P.R.L. E-mail : [email protected] Tel: +32(02)729.85.61 Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== -----Original Message----- From: Campisi, Joseph [mailto:[email protected]] Sent: 03 July 2003 20:52 To: [email protected] Subject: Re: [FW-1] Error: Peer sent wrong dn? Thanks for you reply. I followed checkpoint's article but unfortunately that didn't work. I even formatted the new management server again and started from a clean rule base. I still get the same error. It seems that the module is not resetting the sic properly. Can I do a brutally reset sic on the module? Thanks for you help! Joe -----Original Message----- From: Frank Darden [mailto:[email protected]] Sent: Thursday, July 03, 2003 8:38 AM To: [email protected] Subject: Re: [FW-1] Error: Peer sent wrong dn? Your management stations internalCA is corrupted. You will need to follow Check Points procedure for brutally resetting SIC in order to get back up and running. Unfortunately the instructions are part of the subscription based Check Point Knowledge base, so I cannot post them here. If you search CP's site for brutally reset sic you will find your answer. Frank -----Original Message----- From: Campisi, Joseph [mailto:[email protected]] Sent: Thursday, July 03, 2003 7:07 AM To: [email protected] Subject: [FW-1] Error: Peer sent wrong dn? Hi All, I currently have 2 modules running NG FP3 on win2k sp3, and management station running NG FP3 on winnt 4.0 sp6a. I bought a new management server and I basically want to transfer from one to the other. I put NG FP3 and win2k sp3 on the new server. I kept the same ip address and machine name so I don't have to worry about changing licensing, and I also copied the /conf directory over. Then I disconnected the old server and connected the new one. Under Smartview Status the modules are shown as untrusted. So I try and reset the SIC on both management and module. The trust gets initialized, but when I click on test SIC status I get the following error: "Sic status for (module) Not Communicating. Peer send wrong dn: Try to reset SIC at the peer and re-establish trust with peer.: I'm more testing, it seems that the module never really releases the old SIC. As a test I reset the SIC on the new management server and module with a different password. When I re-connected the old management station, and did a test SIC status, everything came back ok! If I reset the module with a different password, how is the old management station still communicating with it? Any ideas? Thanks, Joe Campisi ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
