Multiple domain environment: Push install via "Protect New Computers" is not working

Question

We're new to Sophos. We took our test/trial server to production and are would like to fix some of the things that we hadn't had working during the trial. SEC 4.5.1.0 is installed on Windows Server 2003 SP2

When we right-click a computer in a group and go through the Protect Computers wizard, I'll enter in credentials (either domain\username or domain.full\username) and send it on its way. Unfortunately nothing happens... no green or orange arrows, etc.

On a target machine, I have verified the following:

The following services must be started:
- Task Scheduler Service
- Remote Registry Service
- Server Service
- Computer Browsing service
- Workstation Service
These services are usually started by default. However, in certain environments, this may not be the case.
An administrative C$ share must exist on the target computer.
The account specified during when you run the 'Protect computers wizard' must have administrative rights over the target computer.

I disabled Simple File Sharing and verified that the File and Printer sharing component was enabled. Firewalls are disabled across the network but I made exceptions for 8192, 8193, and 8194 on the target machine anyway.

I've created packages using the Deployment Packager using the GUI and the CLI but I would still like the option of installing/uninstalling via SEC.

Any help would be greatly appreciated!

This thread was automatically locked due to age.

jak · Accepted Answer

HI,

Sorry for the delay... How about:

1. Download DebugView from Microsoft and save it to the server: http://technet.microsoft.com/en-us/sysinternals/bb896647

2. Close the SEC if open. 
 3. Stop the Sophos Management Service. From running "services.msc" 
 4. Add the following keys to the management server:

==

REGEDIT4 
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Trace\{60FDEEE1-49BD-4B2A-AAE6-9BF39C10662E}] 
 @="TraceEEComputerInstall" 
 "ErrorLevel"=dword:00000003 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Trace\{744B5D77-474B-412e-8116-21B05159F407}] 
 @="TraceEEcomputerSearchImpl" 
 "ErrorLevel"=dword:00000003 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Trace\{2B607C2C-C19D-426c-81EA-2F1B03C01A7A}] 
 @="TraceEEComputerDiscovery" 
 "ErrorLevel"=dword:00000003 
 
 == 
 5. Start the Sophos Management Service again using Services.msc 
 6. Open DebugView as an Administrator (right click on it and do a "run as administrator") and ensure that "Capture Global Win32" and "Capture Win32" are checked from the "Capture" menu if they both exist. 
 7.Launch SEC, go into the protect wizard. 8. Start capturing in DebugView, and attempt a deployment. You should see all the tracing appear. I'm not sure if you need all those trace guids, you might have to play around but hopefully the trace might throw a windows error or an error message to put you in the right area. Regards, 
 Jak :10859

heyheyash · Answer

RESOLUTION!!!

Here was the problem.

Under the Updating Policy, I set up a web CID for the Primary Server which I correctly configured using one of the Sophos guides. The problem was under the "Initial Install Source" tab. By default, the box "use primary server address" was checked which then appended the \CIDs/S000/SAVSCFXP path onto my Web CID which resulted in a bogus address. I changed that to the UNC Sophos share and I was good to go.

So, I was able to keep my web CID but I had to set the Initial install source to UNC.

Thank you very much for your help, jak. I highly doubt I would've found that if it weren't for your other troubleshooting steps which, by the way, are totally foreign to me but I could understand the result. If you can recommend a resource that I can more about leveraging Dbgview, that would be awesome. It was like magical logging.