KB Article | Forcepoint Support

Problem Description

After you install Security Management Center, you restore a management server backup. However, the log server does not work; its status is unknown and the color of the element is gray.

Resolution

Cause

The management server backup contains the internal certificate authority (CA) and internal certificate for the management server component only. The log server is a separate component and the SMC backup does not contain a certificate for that; only the management server certificate is included in a management server backup.

The management server is expecting the log server to have a certificate signed by the CA that is included in the backup, but instead the log server certificate is signed by the CA that was created during the fresh installation. For these reasons, the log server status is Unknown and the element is grayed out in SMC.

Solution

You can create a backup from an old log server and select the option to include the log files. This log server backup can then be restored separately to the log server and the log server will start to work. 

If you do not have a log server backup, you can re-certify the existing log server with the now-restored management server. This process will generate a new certificate for the log server and enable it to work with the restored management server.

NOTE: The most recent instructions for re-certifying the log server can always be found in the SMC documentation for your release.

To re-certify the log server:
  1. Stop the log Server:
    • For Windows: Stop the Log server service in the Windows Control Panel Services list.
    • For Linux, run the script <installation directory>/bin/sgStopLogSrv.sh.
       
  2. Request the certificate:
    • For Windows, run the script <installation directory>/bin/sgCertifyLogSrv.bat.
    • For Linux, run the script <installation directory>/bin/sgCertifyLogSrv.sh.
       
  3. Enter the credentials for an SMC administrator account with unrestricted (superuser) privileges.
     
  4. If there are Domains configured and the Log Server does not belong to the Shared Domain, enter the name of the Domain.
     
  5. Wait for the certification to finish and start the Log Server again:
    • For Windows, start the Log Server service through the Services list.
    • For Linux run the sgStartLogSrv.sh script or use the init script to start as a daemon: /etc/init.d/sgLogServer start.


Keywords: management communication; log server; management server backup restore; unknown status; certificate error

Article Feedback



Thank you for the feedback and comments.