Changing 'parent router' IP address

Hi,

As a bit of background mrinit.conf is a file created at install of the server and placed into the distribution points/CIDs for the clients to find the server and a few other settings such as ports.  If the server has a static IP address, the parent address in the file contains:

<IP>,<FQDN>,<NETBIOS>

If the server is DHCP, it takes the format:

<FQDN>,<NETBIOS>

The file is copied down to the client (into the program files RMS directory) by setup.exe as the machine is bootstrapped.

As the MSI of the RMS package is installed by AutoUpdate, a custom action runs an installer helper called clientmrinit.exe which finds this file to configure the Router.  The values are put into the registry and used from there from then on, I.E.:

HKLM\software\Sophos\messaging system\router\

ParentAddress

So you could change this registry key to drop the IP part and restart the router.

However:

1. Future clients protected from the distribution point would still copy down the mrinit.conf with the wrong IP address in.

2. If the RMS package was updated, clientmrinit.exe would re-read the local mrinit.conf file and re-apply the original settings.

That being said, to make things permanent I suggest:

Edit all mrinit.conf files on the server to remove the ip address (or put the new IP address in but not if it is going to change again :) ).  Search in Program files and the UpdateManager folders within application data.  The most important are the ones in the distribution points/CIDs.

You can then be sure that newly protected machines will be correct, and if you install additional SUMS, they distribute the correct mrinit.conf files also.

For the existing clients you can then do the following:

1. Re-protect the clients, not a great solution for many machines but depending on the number of clients\number of machines that are on it could be an option.

2. Add a custom mrinit.conf with the correct values into the distribution points\CIDs the clients are using and then re-checksum the distribution points\CIDs.  To do this: copy the correct mrinit.conf into the rms subdirectory of the distribution point\CIDs the clients are using and then run configcid on them.  On the next update the clients will bring down the mrinit.conf in the CID and the clients will be re-configured with the correct address.

Something similar to:

http://www.sophos.com/support/knowledgebase/article/14635.html

but you're not configuring relays.  This article does mention using configCID.exe and where to put the custom mrinit.conf.

I hope this helps,

Jak

Hi,

As a bit of background mrinit.conf is a file created at install of the server and placed into the distribution points/CIDs for the clients to find the server and a few other settings such as ports.  If the server has a static IP address, the parent address in the file contains:

<IP>,<FQDN>,<NETBIOS>

If the server is DHCP, it takes the format:

<FQDN>,<NETBIOS>

The file is copied down to the client (into the program files RMS directory) by setup.exe as the machine is bootstrapped.

As the MSI of the RMS package is installed by AutoUpdate, a custom action runs an installer helper called clientmrinit.exe which finds this file to configure the Router.  The values are put into the registry and used from there from then on, I.E.:

HKLM\software\Sophos\messaging system\router\

ParentAddress

So you could change this registry key to drop the IP part and restart the router.

However:

1. Future clients protected from the distribution point would still copy down the mrinit.conf with the wrong IP address in.

2. If the RMS package was updated, clientmrinit.exe would re-read the local mrinit.conf file and re-apply the original settings.

That being said, to make things permanent I suggest:

Edit all mrinit.conf files on the server to remove the ip address (or put the new IP address in but not if it is going to change again :) ).  Search in Program files and the UpdateManager folders within application data.  The most important are the ones in the distribution points/CIDs.

You can then be sure that newly protected machines will be correct, and if you install additional SUMS, they distribute the correct mrinit.conf files also.

For the existing clients you can then do the following:

1. Re-protect the clients, not a great solution for many machines but depending on the number of clients\number of machines that are on it could be an option.

2. Add a custom mrinit.conf with the correct values into the distribution points\CIDs the clients are using and then re-checksum the distribution points\CIDs.  To do this: copy the correct mrinit.conf into the rms subdirectory of the distribution point\CIDs the clients are using and then run configcid on them.  On the next update the clients will bring down the mrinit.conf in the CID and the clients will be re-configured with the correct address.

Something similar to:

http://www.sophos.com/support/knowledgebase/article/14635.html

but you're not configuring relays.  This article does mention using configCID.exe and where to put the custom mrinit.conf.

I hope this helps,

Jak