I was unable to find any information on it anywhere so I thought my solution may help someone. Or if you have better solution let me know.

I had recently worked on re-generating certificates for CUIC and Finesse servers. I had no problems with loading tomcat certicates on all 16 servers. Ipsec, however, gave me problems updating ipsec-trust on 2 paired servers.

I followed the standard process,

1. Open the CUIC OS Administration Security page

2. Click on ipsec.pem and then regenerate

3. Ipsec.pem was successfully generated but the ipsec-trust was not. (I did 7 other paired servers which had ipsec-trust updated almost immediately)

4. I deleted the ipsec-trust on both the primary node and secondary node

5. I restarted DRF local and DRF master services on primary node and DRF local on secondary node which has no effect

6. Still no luck, the ipsec-trust was not generated

7. At next attempt I logged on to primary node and downloaded the ipsec.pem certificate

8. Then I uploaded the saved ipsec.pem as a new ipsec-trust on both the primary and secondary nodes.

9. I restarted DRF Local and Master services as before

10. Now the problem was solved and the Disaster Recover System was accessible.

Now my problem is that I still do not know why ipsec-trust was not generated automatically as it did on all the other servers.

I did not want to reboot the servers as they run 24/7.

Has anyone seen this issue and had better solution?