sftunnel failed- RPC status :Failed

QW_netzwerk · ‎03-10-2022

Hello,

We have a ha-pair 1120 FTD, where the active FTD shows disable on FMC. After logging in to the disabled FTD, we found a certificate error, and the time also shows wrong. So it was found out that somebody blocked the DNS and NTP and TCP port 8305 rule at the corporate firewall for that FTD pair. But even though the backup FTD was in normal mode. So after allowing the ports, the active FTD shows still in disable mode. So the comm channel is restarted on the FTD and FMC; the time and certificate error are gone. But it didn't change the status. So the log has been saved while restarting the comm channel.

I add the log files.

So is there any other way to fix this issue without re-register the FTD with FMC? The only problem is that we cannot remember the registration key with the FMC. If the HA-pair is broken and restart the active FTD and then register it with FMC with a new registration key, whether anything has to be taken under consideration while doing the ha pair.

Thanks

Rob Ingram · ‎03-10-2022

@QW_netzwerk you can determine the registration key by checking the sftunnel.conf file. From the FTD CLI run expert to login to expert mode, type sudo tail -f /etc/sf/sftunnel.conf to display the manager registration information

This post has some troubleshooting steps

QW_netzwerk · ‎03-11-2022

Hi Rob,

thanks for the information. Here is the output:

uuid 4d1a60c6-6ffd-11e9-a8b9-73505109e95d;
priority 0;
}
}
peers_pending
{
}
peers_routed
{
}