Log server fails and displays a status of unknown when you install Security Management Center and restore only a management server backup
- Article Number: 000010074
- Products: Next Generation Firewall (NGFW)
- Version: 6.8, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0, 5.10
- Last Published Date: June 12, 2020
After you install Security Management Center, you restore a management server backup. However, the log server does not work; its status is unknown and the color of the element is gray.
The management server backup contains the internal certificate authority (CA) and internal certificate for the management server component only. The log server is a separate component and the SMC backup does not contain a certificate for that; only the management server certificate is included in a management server backup.
The management server is expecting the log server to have a certificate signed by the CA that is included in the backup, but instead the log server certificate is signed by the CA that was created during the fresh installation. For these reasons, the log server status is Unknown and the element is grayed out in SMC.
You can create a backup from an old log server and select the option to include the log files. This log server backup can then be restored separately to the log server and the log server will start to work.
If you do not have a log server backup, you can re-certify the existing log server with the now-restored management server. This process will generate a new certificate for the log server and enable it to work with the restored management server.
NOTE: The most recent instructions for re-certifying the log server can always be found in the SMC documentation for your release.
To re-certify the log server:
Keywords: management communication; log server; management server backup restore; unknown status; certificate error