Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 13885 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration Error

lazzerini

Hello dear All,

I`m facing a huge problem on my environment. I lost my original SQL and CONSOLE (two differentes box). I restored my database to a new SQL CLUSTER and installed one clean console.

I just install a new SQL and Console, all my SUM`s is the same. I used the same certificate,mso from old environment. I reinstall all my SUMs (they are updating correctly). When I re-installed the SUM all nodes that point to this server appears on my console, but, out-of-date.

I tried to use the EMU to generate a script to point the nodes, but, it`s not working.

Does anybody know how can I fix my environment without reinstall the agent (we are talking about 8000 nodes)?

Thank you so much



This thread was automatically locked due to age.
Parents
  • 0

    Hello lazzerini,

    do the endpoints appear as connected (with the green  symbol) or disconnected ( with the red x)? Are at least some connected or only the management server itself (or not even this one)?
    When reinstalling the lost [management server] - did you use the old name and/or IP (likely not, as you wouldn't need the EMU if you've used the old certificates)? Thus - are all [your] SUM`s also message relays and did you use the applicable mrinit.conf

    Christian

  • 0 in reply to QC
    The nodes are in the MANAGED session, but, with red X (disconnected) Waiting Policy Transfer (I tried to update comply policies without success).

    I did not use the same name and IP from old server, but I used the same Certificate. In the EMU I inserted the new name.

    All my SUM`s I configured as SUM and MR using the mrinit.conf. My SUM is receiving the updates and communicate with my console server. The problem is the nodes is not communicating and receive updates from SUM.

    I tried to configure the nodes pointing to CONSOLE and SUM. The both conf do not work.

    :o(
  • 0 in reply to lazzerini

    Hello lazzerini,

    MANAGED session, but, with red X
    after restoring the database you have the information from the backup before the loss. If the communication with the endpoints is not or can't be reinstated they will appear as disconnected.

    If you change the name/IP of the management server there are three distinct parts affected:
    1) the Source for the SUMs (unless they are configured to update from Sophos directly)
    2) the Primary/Secondary Server for the endpoints updating from the main server
    3) communication (RMS) - for endpoints which communicated directly with the main server RMS needs to be reconfigured using the new mrinit.conf (top part in the EMU), for endpoints using an MR only the MR need to be reconfigured with the correct mrinit.conf (mrinit.conf in the CIDs on the SUMs/MRs must of course be updated when the management server's address changes) but the endpoints don't need reconfiguration as they continue to use their MR

    Thus I'd make sure communication and configuration of the CIDs is correct. The management server should see itself as connected. SUMs/MRs are next - mrinit.conf in the CIDs they are hosting and updating from must be amended and the MRs reprotected (or reconfigured). All endpoints using an MR should then be able to communicate (indirectly) with the management server.
    Once communication is reestablished the endpoints can be told to comply with the new policies.

    Christian 

  • 0 in reply to QC
    1) the Source for the SUMs (unless they are configured to update from Sophos directly)
    R: My source can update all SUMs that I have. I received my UPDATE from Sophos on my central console and all my SUMs receive a UPDATE from my central console, this is working fine (I reinstall the SUM on the servers, the name and IP of SUM is the same)

    2) the Primary/Secondary Server for the endpoints updating from the main server
    R: I use my CENTRAL CONSOLE as Primary server. My second Server is SOPHOS directly (for notebooks purpose). All my endpoints updating from the SUMs and someone else from PRIMARY, in both case the endopoint do not update.

    3) communication (RMS) - for endpoints which communicated directly with the main server RMS needs to be reconfigured using the new mrinit.conf (top part in the EMU), for endpoints using an MR only the MR need to be reconfigured with the correct mrinit.conf (mrinit.conf in the CIDs on the SUMs/MRs must of course be updated when the management server's address changes) but the endpoints don't need reconfiguration as they continue to use their MR
    R: Could you me explain if I need to put ENFORCE on this EMU? What this option do? I`m trying to create another SCRIPT.

    Thank you
  • 0 in reply to lazzerini

    Hello lazzerini,

    I'm not sure I understand your setup correctly (or that we use the same terms for the same things). Thus I'll try to describe what I understand so far using symbolic names. Let's assume your CENTRAL CONSOLE (I prefer the unambiguous term Management Server) is called CENTRAL, the lost one CENTRAL-OLD, the SUMs are called SUM## (i.e. SUM01, SUM02, ...).

    So you did a clean install on CENTRAL.
    After that you reinstalled all your SUMs - did you uninstall first? As you use the SUM## as message relays - did you follow Deploying a message relay and SUM (i.e. copy the SUMInstallSet , edit mrinit.conf changing the ParentRouterAddress values from those of CENTRAL to those of the respective SUM##)?
    In the console's Update managers view you saw the SUMs as connected, you edited their configuration setting \\CENTRAL\SophosUpdate as Source? And they show a recent time under Last updated?

    In the Endpoints view, did you edit the updating polices which contained \\CENTRAL-OLD\SophosUpdate so that they point to \\CENTRAL\SophosUpdate?

    At this point CENTRAL, all SUM##, and all endpoints updating from and using a SUM## as message relay should have had a status of connected (provided they were turned on, naturally). Only the endpoints updating from and connecting directly to CENTRAL would have needed EMU.

    Either you've deviated from the above scenario or something hasn't worked as it should.
    endpoints do not update
    They are out-of-date in the console (this is expected if they are not connected and their Last message time is in the past) or you see Updating failed on the endpoints (also expected if they are using the old policies)?
    On an endpoint open %ProgramData%\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml (the Network Communications Report) with a browser. Note the Parent addresses (Indirizzi padre) - should contain SUM## or CENTRAL but not CENTRAL-OLD - and the actual parent (Indirizzo padre corrente). Viewing this .xml on a SUM you should see CENTRAL in the Parent addresses, RMS router type (Tipo del router RMS) should be message relay (relay dei messaggi) - not Endpoint.
    So - what does the Network Communications Report say on your endpoints and SUMs? Did you create just one script with the EMU for all your endpoints (and executed it on all of them)? I want to make sure that you use EMU and create the scripts correctly (and apply it only where necessary).

    Christian

Reply
  • 0 in reply to lazzerini

    Hello lazzerini,

    I'm not sure I understand your setup correctly (or that we use the same terms for the same things). Thus I'll try to describe what I understand so far using symbolic names. Let's assume your CENTRAL CONSOLE (I prefer the unambiguous term Management Server) is called CENTRAL, the lost one CENTRAL-OLD, the SUMs are called SUM## (i.e. SUM01, SUM02, ...).

    So you did a clean install on CENTRAL.
    After that you reinstalled all your SUMs - did you uninstall first? As you use the SUM## as message relays - did you follow Deploying a message relay and SUM (i.e. copy the SUMInstallSet , edit mrinit.conf changing the ParentRouterAddress values from those of CENTRAL to those of the respective SUM##)?
    In the console's Update managers view you saw the SUMs as connected, you edited their configuration setting \\CENTRAL\SophosUpdate as Source? And they show a recent time under Last updated?

    In the Endpoints view, did you edit the updating polices which contained \\CENTRAL-OLD\SophosUpdate so that they point to \\CENTRAL\SophosUpdate?

    At this point CENTRAL, all SUM##, and all endpoints updating from and using a SUM## as message relay should have had a status of connected (provided they were turned on, naturally). Only the endpoints updating from and connecting directly to CENTRAL would have needed EMU.

    Either you've deviated from the above scenario or something hasn't worked as it should.
    endpoints do not update
    They are out-of-date in the console (this is expected if they are not connected and their Last message time is in the past) or you see Updating failed on the endpoints (also expected if they are using the old policies)?
    On an endpoint open %ProgramData%\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml (the Network Communications Report) with a browser. Note the Parent addresses (Indirizzi padre) - should contain SUM## or CENTRAL but not CENTRAL-OLD - and the actual parent (Indirizzo padre corrente). Viewing this .xml on a SUM you should see CENTRAL in the Parent addresses, RMS router type (Tipo del router RMS) should be message relay (relay dei messaggi) - not Endpoint.
    So - what does the Network Communications Report say on your endpoints and SUMs? Did you create just one script with the EMU for all your endpoints (and executed it on all of them)? I want to make sure that you use EMU and create the scripts correctly (and apply it only where necessary).

    Christian

Children
No Data
Unfiltered HTML