I was unable to find any information on it anywhere so I thought my solution may help someone. Or if you have better solution let me know.
I had recently worked on re-generating certificates for CUIC and Finesse servers. I had no problems with loading tomcat certicates on all 16 servers. Ipsec, however, gave me problems updating ipsec-trust on 2 paired servers.
I followed the standard process,
1. Open the CUIC OS Administration Security page
2. Click on ipsec.pem and then regenerate
3. Ipsec.pem was successfully generated but the ipsec-trust was not. (I did 7 other paired servers which had ipsec-trust updated almost immediately)
4. I deleted the ipsec-trust on both the primary node and secondary node
5. I restarted DRF local and DRF master services on primary node and DRF local on secondary node which has no effect
6. Still no luck, the ipsec-trust was not generated
7. At next attempt I logged on to primary node and downloaded the ipsec.pem certificate
8. Then I uploaded the saved ipsec.pem as a new ipsec-trust on both the primary and secondary nodes.
9. I restarted DRF Local and Master services as before
10. Now the problem was solved and the Disaster Recover System was accessible.
Now my problem is that I still do not know why ipsec-trust was not generated automatically as it did on all the other servers.
I did not want to reboot the servers as they run 24/7.
Has anyone seen this issue and had better solution?