Issue
If your Management Server has a missing or corrupt serial file, the CA will fail to sign new certificates.
When this occurs, you cannot log in to the Management Server and any connected Firebox that needs a new certificate from the Management Server shows in a Pending state. Connections to WatchGuard Server Center with your admin login will succeed, and you can start, stop, and perform a backup or restore of the Management Server.
In the ap_wgca log messages, you can see a message like msg="Error (8229), unable toprocess wgca.get_cert request (name not found in database)"
To confirm this issue, locate the file C:\ProgramData\WatchGuard\wgca\serial. If the text of this file is anything other than a number, such as 08, the file is corrupt.
Workaround/Solution
Follow these steps to resolve this issue:
1. In WatchGuard Server Center, right-click Management Server and select Stop Server.
2. Open File Explorer, and browse to C:\ProgramData\WatchGuard\wgca\.
3. Find and delete the file named serial. You need administrator privileges to complete this step.
4. Copy the file serial.old, and rename the copy serial.
5. Open the new serial file with a text editor, and increment the number by 1. For example, if the number is 36, change it to 37.
6. Save the file.
7. Use WatchGuard Server Center to start the Management Server again.
