B Troubleshooting70Policy Server Suggested SolutionReceived a “Cannot start RMIRegistry” message whenstarting the Policy ServerThis message usually indicates the RMI port specified in the Windows registry underMyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\3Com\EFW\rmiport is being used by anotherapplication. If you can identify the application using the port, you can resolve the problem by stoppingthe application and restarting the Policy Server. Alternatively, you can change the RMI port registrysetting (2074 by default) to specify a different port to avoid the conflict in the future.NOTE: If you change the setting of the RMI port, users must specify this port when using theManagement Console to connect to the server (the Management Console uses port 2074 by default).Received a “Cent server won'tstart” message when startingthe Policy ServerThe Policy Server contains an embedded certificate server used to secure connections to theManagement Console and remote servers. Failure in starting this component can result in other systemcomponents being unable to communicate with the Policy Server. Therefore, anytime you receive thismessage, you should restart the Policy Server and verify that the message does not re-appear. If it doesappear, two common scenarios can cause this message to occur repeatedly. The Policy Server may not have properly terminated the last time it was stopped. When thishappens, the previous instance of the Policy Server continues to tie up the Certificate Server port.To determine if this is the problem, use the Service Control Manager to stop the EmbeddedFirewall Policy Server service. Then use the Task Manager to determine whether a mysqld-ntprocess is still executing. If so, reboot the Policy Server machine to clear this condition. The PolicyServer automatically restarts on reboot. Some other application may be bound to the Certificate Server's port. To determine if this bindingis the problem, stop the Policy Server and use the netstat command to determine whether anyapplications are bound to the Certificate Server’s port. The port is set during installation and is 1higher than the Admin port. The default Admin port is 2072, so the default Certificate Server portis 2073. If another application is using this port, stop the other application before you start thePolicy Server. If the other application and the Policy Server consistently conflict on this port, youneed to reconfigure them to use different ports. The Certificate Server port is specified by thefollowing registry entry:MyComputer\HKEY_LOCAL_MACHINE\SOFTWARE\3Com\EFW\certserverportPolicy Servers are out ofsynchronization When the status bar at the bottom of the Management Console window displays Check ServerSynchronization, it may indicate a transient condition due to network connections. You can checkthe synchronization of each Policy Server in the domain by clicking on each Policy Server in thetree-view frame to view its status. If any of the Policy Servers displays a Not Responding status,the true synchronization status is not known. You need to re-establish connectivity between thePolicy Servers and then check the statuses again (see “Policy Server-to-Policy ServerCommunication Check” on page 77). When a Policy Server’s status in the Policy Server information window indicates a synchronizationproblem, either the Policy Server to which you are connected or the Policy Server reporting theproblem missed an update that was made to the other. Intervention is required only if thesynchronization problem is reported continuously for several minutes. If this happens, click oneach Policy Server in the tree to determine the status of each Policy Server. Connect to each PolicyServer to determine which one has the correct data. Then, restart the Policy Server that hasincorrect data. During the start-up, the Policy Server attempts to automatically synchronize withthe other Policy Servers. When the Policy Server is started, its status should display as Normal.If the synchronization failed, a window is displayed allowing you to manually resynchronize thePolicy Servers. You have 90 seconds to choose the direction in which to synchronize data. If youdo not make a choice within 90 seconds, then the Policy Server remains in an unsynchronizedstate until you restart it again. Replication between Policy Servers does not occur between Policy Servers that are Out ofSynchronization. Consequently, the longer you wait to resynchronize the Policy Servers, thefurther out of synchronization they can become. When you resynchronize the Policy Servers, thePolicy Server with incorrect data is completely overwritten by the Policy Server with correct data.If each Policy Server is missing updates that were made to the other Policy Server, some data islost. To mitigate this risk, try to avoid making updates when Policy Server connectivity orsynchronization problems are present.NOTE: Any NIC registrations that are lost due to a manual resynchronization are automaticallyrecovered by the system at the next wake-up or heartbeat of these NICs.(continued)