This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration

Morning all,

 

One of our newer clients has just had their server die and, whilst almost everything else is back up and running as smooth as you'd like, we have a slight issue with Sophos.

It was installed in a VM, so no drama there but it was on a different domain. Upon switching the domains, and looking at the settings in the Sophos clients on the machines, it seems the account that was being used to access the update server has been lost, which we never actually given the password for, anyway.

 

Is there any way for us to manually go around each machine and change the username/password in the primary location settings to the new sophos user we've created on this new domain, or would we have to remove the client and reinstall?

 

Thanks,

Sam



This thread was automatically locked due to age.
Parents
  • Hello Sam,

    looking at the settings in the Sophos clients
    first of all, what means is back up and running w.r.t. to SEC? Installed from scratch or anything restored from the dead installation?

    on a different domain
    is this a single domain environment, or something more complex? Are the endpoints in the same domain now or?

    Christian

  • QC said:

    Hello Sam,

    looking at the settings in the Sophos clients
    first of all, what means is back up and running w.r.t. to SEC? Installed from scratch or anything restored from the dead installation?

    on a different domain
    is this a single domain environment, or something more complex? Are the endpoints in the same domain now or?

    Christian

     

     

    Hiya Christian,

     

    Probably didn't explain myself that well so - all of the machines are configured onto the new domain and are working fine, with all but Sophos - the installations on the machine are still there as all we did to get them to the new domain was switch the domains, without wiping the machine or anything like that as it was the fastest and painless solution.

     

    We went from a dual domain environment to a single domain network, making it as simple as possible. Before hand the Sophos server was on one domain, sending updates out across both networks over a VLAN, but now it's all one network

     

    Hope that makes more sense,

    Sam

Reply
  • QC said:

    Hello Sam,

    looking at the settings in the Sophos clients
    first of all, what means is back up and running w.r.t. to SEC? Installed from scratch or anything restored from the dead installation?

    on a different domain
    is this a single domain environment, or something more complex? Are the endpoints in the same domain now or?

    Christian

     

     

    Hiya Christian,

     

    Probably didn't explain myself that well so - all of the machines are configured onto the new domain and are working fine, with all but Sophos - the installations on the machine are still there as all we did to get them to the new domain was switch the domains, without wiping the machine or anything like that as it was the fastest and painless solution.

     

    We went from a dual domain environment to a single domain network, making it as simple as possible. Before hand the Sophos server was on one domain, sending updates out across both networks over a VLAN, but now it's all one network

     

    Hope that makes more sense,

    Sam

Children
  • Hello Sam,

    I assume the SEC console is still empty (i.e. no endpoints) except for the management server itself? Please note that the actual challenge is not the update location but to take over management. Without a reinstall endpoints will not communicate with the new server even when they are updating from it.

    I a domain environment you should be able to use Protect Computers. You'd have to import the list of computer from AD or detect them by one of the other methods. Deploying with a GPO would be another option though the logic would have to be amended to factor in the existing "old" installation. Last but not least there's the Endpoint Migration Utility.
    No uninstall is necessary with either method.

    Christian

  • QC said:

    Hello Sam,

    I assume the SEC console is still empty (i.e. no endpoints) except for the management server itself? Please note that the actual challenge is not the update location but to take over management. Without a reinstall endpoints will not communicate with the new server even when they are updating from it.

    I a domain environment you should be able to use Protect Computers. You'd have to import the list of computer from AD or detect them by one of the other methods. Deploying with a GPO would be another option though the logic would have to be amended to factor in the existing "old" installation. Last but not least there's the Endpoint Migration Utility.
    No uninstall is necessary with either method.

    Christian

     

     

    Hiya Christian,

     

    The SEC Console has the machine in there but, and correct me if im wrong, with it being on a different subnet & domain it'll cause confusion with the SEC Console?

     

    I will look into both of them, thank you! It seems like it's probably an easier process than I'm currently making it hahahah

     

    Cheers,

    Sam

  • Hello Sam,

    The SEC Console has the machine in there ... on a different subnet & domain
    You've lost me now. Did you install a new SEC or is this the restored old one?

    Christian

  • QC said:

    Hello Sam,

    The SEC Console has the machine in there ... on a different subnet & domain
    You've lost me now. Did you install a new SEC or is this the restored old one?

    Christian

     

     

    thought I'd explained this in the original post but, basically the Console was in it's own VM on their own DC. I've pulled the VHD off and put it in a new Hyper-v instance and it's working on their new network, but i just need to change the settings in the client to point at the new hostname with username/password

  • Hello Sam,

    wasn't sure ...
    The resurrected SEC is still in one of the old domains with "its" DC and it managed endpoints from two domains? Did the endpoints from the "other" domain find the server by IP or FQDN?
    What is the new hostname - as the server where SEC is installed should neither have its name nor its domain changed? And how has the account that was being used to access the update server been lost? A local account should not disappear, a domain account should belong to the domain the SEC server is a member of.

    Christian

  • QC said:

    Hello Sam,

    wasn't sure ...
    The resurrected SEC is still in one of the old domains with "its" DC and it managed endpoints from two domains? Did the endpoints from the "other" domain find the server by IP or FQDN?
    What is the new hostname - as the server where SEC is installed should neither have its name nor its domain changed? And how has the account that was being used to access the update server been lost? A local account should not disappear, a domain account should belong to the domain the SEC server is a member of.

    Christian

     

     

    Hiya Christian,

     

    The old SEC is now on the new domain - same VM, but switch the domain. From what I've seen on a small sample of a few machines, it's via FQDN. The Hostname has stayed the same as I didn't want to risk changing it and have everything fall apart, in fairness. So it went from AVSERVER.Old-Domain.local to AVSERVER.New-Domain.local. Genuinely not sure, but I can't seem to find record of it on that machine. For all I know it's still there and just doing it's business but it's not in the list of local users. 

     

    Cheers

    Sa,

  • Hello Sam,

    I'd have suggested a clean install on the new domain reusing SEC's credentials.

    switch the domain
    the mentioned article suggests this could break things - most likely with the service accounts if they aren't local. It might work though.

    So the console doesn't show any endpoint as connected except the server itself?
    Please open ReportData.xml (in %ProgramData%\Sophos\Remote Management System\3\Router\NetworkReport\) on an endpoint. Does any of the Parent addresses point/resolve to the server? If all endpoints are disconnected then likely not. If I understand correctly one of the addresses should be AVSERVER.Old-Domain.local.  Adding this FQDN as ALIAS for AVSERVER.New-Domain.local enables the endpoints to communicate with the server again. Once the endpoints start connecting amend the policies as necessary. You probably have to create a new updating account.

    Christian