Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 3113 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote site takeover with SEC

MawfTech

Hi all, need some suggestions please.

Got a remote site that's had a standalone SEC 3.1 deploying v7.6 SAV to a CID and then clients in that office that update from that. All is well with this and running fine.

Obviously, I now want to migrate these to v9.5 as v7.6 is end of life shortly. The local server is not man enough for (and I don't want it to be destroyed by)  SEC4.x console and UM so I've deployed a CID from HQ down to the branch office via our own SEC 4.0 installation. The CID works fine and I can install new installations from it without any problem.

Now, the bit that's stumped me. From my SEC 4 console, I can 'find' machines in the branch office and they appear in the unassigned section. I've created a new group for this branch and configured updating pointing at my shiney new v9.5 CID. Only problem I have is that when I drag a machine from unassigned to the relevant group and it auto runs 'protect', feed in sufficient credentials........nothing :( Machine continues to update and inform the local SEC. Even if I remove the machine from the local SEC prior, a protect is simply ignored. I can happily protect machines that have never been part of that branch office SEC but I cannot grab control of a machine that has already seen the local SEC.

Without wanting to simply uninstall each client and reinstall from the new CID, is there an easy way to redirect a machine to the HQ SEC? Tech support are working on this too but at the moment seem dumbstruck by the question - guess I have to wait for it to escalate to get anywhere there.

Matt

:5975


This thread was automatically locked due to age.
Parents
  • 0

    Ok, more information....

    After several exchanges of ideas with tech support, their option was to remove keys from registry along the lines of Jak and then deposit a new mrinit.conf and cac.pem into the RMS folder and run the setup from the central CID. Was going to take ages to do this and although I could script it, I found a significantly easier method:

    To move a machine from one managed SEC to another, you need to grab a copy of mrinit.conf and cac.pem from a new CID from the new SEC and place these files in the client RMS folder. Then, I manually edited the client autoupdate configuration file iconn.cfg which is in c:\program files\sophos\autoupdate\config (xp) or c:\programdata\sophos\autoupdate\config (vista/7) and changed the update location (ConnectionAddress) in the primary section to point to the new CID location created in the new SEC. Once this was set, go to the original SEC console and 'kick' the client to do an update ('update now'). It downloads the updates from the new CID and jumps right over to the new SEC. Once you've done one, just get a copy of the three file mrinit.conf.cac.pem and iconn.cfg and copy to the next client and the next and the next etc.

    Just did this on one branch office and sucessfully took over 20 clients. The only issue I had is that the move also upgraded clients from v7.6 to v9.5 and as a result on or two had an issue reinstalling AU but this is soved by rebooting the client and then creating a task to install again from the CID or manually having the user run the setup themselves. Now got a larger branch to do so I'll script that task and probably shoot it over in a logon task.

    Matt

    :6207
Reply
  • 0

    Ok, more information....

    After several exchanges of ideas with tech support, their option was to remove keys from registry along the lines of Jak and then deposit a new mrinit.conf and cac.pem into the RMS folder and run the setup from the central CID. Was going to take ages to do this and although I could script it, I found a significantly easier method:

    To move a machine from one managed SEC to another, you need to grab a copy of mrinit.conf and cac.pem from a new CID from the new SEC and place these files in the client RMS folder. Then, I manually edited the client autoupdate configuration file iconn.cfg which is in c:\program files\sophos\autoupdate\config (xp) or c:\programdata\sophos\autoupdate\config (vista/7) and changed the update location (ConnectionAddress) in the primary section to point to the new CID location created in the new SEC. Once this was set, go to the original SEC console and 'kick' the client to do an update ('update now'). It downloads the updates from the new CID and jumps right over to the new SEC. Once you've done one, just get a copy of the three file mrinit.conf.cac.pem and iconn.cfg and copy to the next client and the next and the next etc.

    Just did this on one branch office and sucessfully took over 20 clients. The only issue I had is that the move also upgraded clients from v7.6 to v9.5 and as a result on or two had an issue reinstalling AU but this is soved by rebooting the client and then creating a task to install again from the CID or manually having the user run the setup themselves. Now got a larger branch to do so I'll script that task and probably shoot it over in a logon task.

    Matt

    :6207
Children
No Data
Unfiltered HTML