Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 6920 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Original SEC Server failed and had to be replaced

Jim Murray

If you didn't originally have a Secondary server update source, and you lost your primary, is there a way to update the clients to point to a NEW Sophos server that replaced the original (crash and burn) as the Secondary server update source?  Is there someplace on the client machine that can be updated to point to another server as it's secondary server update source, or update the clients to accept a new Primary server having a new SSL certificate that is now incompatible with the Sophos management console? 



This thread was automatically locked due to age.
  • 0

    Hello Jim Murray,

    so you didn't have a backup of the old one (just asking, don't intend to rub it in).

    Please see the How to redirect article.
    As a quick workaround so that your endpoints can at least update you can add an alias (NetBIOS or DNS) for your new server. You just have to make sure that the share/path is the same as the old one.

    Christian

  • 0 in reply to QC

    I did not.. had a raid 6 datastore where the virtual server was on.. lost 3 drives within an hour.  Was a month away from putting it on HA.. what are those odds.. LOL

    I had documented all of the original steps, passwords, etc. and when I had the raid restored, setup a new Windows 12 server, updated, loaded Sophos and used "almost" all of the settings per my documentation.  However when I tried to use "MY" password to install, it would not work, and I had to use the initial password with the license. Not sure if that mattered.  But the server is on the same VM blade, has the same hostname, IP address as the one that died.  I read the active directory into it, and tried to have the clients update to it and got a message about the SSL certificate was incompatible.

  • 0 in reply to Jim Murray

    Hello Jim,

    not sure about the certificate message, is this what you mean? Name, IP, whatever don't really matter in the endpoint-server relationship, the important stuff is the certificate that is generated during the first install and should be imported on a replacement server.

    If it has the same name the endpoints should update successfully, "only" reporting and management will fail. Shouldn't be too hard in a domain environment to run the reInit on the endpoints.

    Christian

  • 0 in reply to QC

    Failed original server... It died, can't import from it.  So all the clients that were attached to it are looking for the original SEC, and its not there.  I had to build a new one, as I said.  Used all of the original passwords etc that I had used originally, used the same Server IP and Hostname.  Now I need to somehow get the original SEC certificate on the NEW server, or somehow update the existing clients from the old SEC to see the new.  and yes, domain environment is easy to deploy.  However when they are making production parts, and have to be shut down again to reinstall a product just a few months old, getting production to lose $$$$ to do so means I have to wait for an opening to do so.  Didn't want to do that.  I would think that an admin account on the clients should be able to run a script that would change the cert and server where it would get its new updates, and be then managed by the new "replacement" server.  Does Sophos have a script that can do this?

  • 0 in reply to Jim Murray

    Hello Jim,

    the redirect article I've mentioned in my first post describes how to create the required script.

    Christian

  • 0 in reply to QC

    Thanks Christian!   I had looked there, but had only printed out the part that says to migrate from - to part... from an active "from" to point to the new "to"!!  I'll give that a try.

Unfiltered HTML