Error "Login failed as the serial numbers do not match" when adding a unit to GMS.

03/26/2020 1037 12223

DESCRIPTION:

RESOLUTION:

The error ‘Login failed as the serial numbers do not match’ may occur when GMS tries to acquire the appliance.  During unit acquisition, the GMS Agent (Scheduler service) logs into the appliance, downloads the settings file, parses the settings file, then uploads the settings to several tables in the SGMSDB database.  If the ‘Login failed as the serial numbers do not match’ error occurs, try the following:

1. If the unit is to be managed via site-to-site VPN or Management SA, then enable Fragmentation on the managed unit at VPN | Advanced, but DISable ‘Ignore DF Bit’.
2. Enable Fragmentation on the GMS Gateway at VPN | Advanced, but DISable ‘Ignore DF Bit’.
3. Enable Fragmentation on the managed unit at Network | Interfaces - WAN Interface, but DISable ‘Ignore DF Bit’.
4. Enable Fragmentation on the GMS Gateway at Network | Interfaces - WAN Interface, but DISable ‘Ignore DF Bit’.
5. Enable NTP on the managed unit at System | Time.
6. Enable NTP on the GMS Gateway at System | Time.
7. At System | Administration, the default Firewall Name is the serial number of the appliance.  The error above can occur if the Firewall Name was changed to something other than the serial number.  This can happen if a prefs file was exported from one appliance and imported onto another appliance; the Firewall Name will be the serial of the original appliance.  Change the Firewall Name to the correct serial number of the appliance, and make sure it matches the serial shown at System | Status.
8. Agents using management tunnels to acquire and manage even a single firewall cannot share a GMS Gateway.  
   Agents not using management tunnels to manage devices can instead use the NAT Device option during role configuration.
   Note:  A GMS Gateway is not the same as a Default Gateway.  A Default Gateway is needed for networking purposes. A GMS Gateway has additional roles.  Check the GMS Administrator’s Guide for details.  
   If two Agents are behind one GMS Gateway and one is not configured to use NAT Device for its gateway setting the error above can occur, preventing unit acquisition.  To correct this, do one of the following:

• Select NAT Device for the gateway setting (System interface under Deployment > Roles) on one of the agents NOT managing any devices via the Management Tunnel method.
• Install a GMS Gateway for the second Agent, so that each Agent has its own GMS Gateway.

Once the steps above have been taken and corrected, restart the GMS services then add the unit to GMS again.