Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1843 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Group & AD Synchronisation

Yabusame

Hi all,

I've been playing with a Sophos group that I have synchronised with an OU container.  I was hoping that if a machine is added to the OU container then it would automatically get Sophos installed (that is what I have ticked in the Synchronisation Properties page).  As you can imagine, this isn't happening.  The group is being populated with the one machine that is in that OU container but it remains greyed out.  I have a domain admin account configured to do the install (likewise, on the Synchronisation Properties page).  Are there any additional steps I am missing?

The machine is on the same network (IP range) as the Sophos server to rule out comms problems through firewalls whilst I play.

Thanks in advance!

:12783


This thread was automatically locked due to age.
Parents
  • 0

    Hello Neil,

    I've mentioned it some time ago, initially SEC (in version 3.0 IIRC) attempted the install until the machine reported completion. If the sync interval was too short for the install to complete it was re-initiated over and over and never succeeded. Thus the logic has been changed to attempt the automatic install only once. Stumbled over it during the last Beta tests when SEC refused to install. Here's part of the response from Support: Automatic protection will only function for new machines to the domain. If the machine is in the database as having been protected (or even attempted) previously it will not retry. Turned out that although deleted and not visible in SEC the machine was known.

    As it doesn't register with SEC the standalone version (which is, I think, not third party) shouldn't have any effect on the attempt - it might cause the install to fail but this should result in an error. Any chance that a client with the same name existed at some time?

    If you find a matching entry or matching entries deleting them from the database (you don't have to move the computer out of the OU) should restart the cycle, i.e. detection by sync and subsequent automatic protection.   

    Christian

    :12815
Reply
  • 0

    Hello Neil,

    I've mentioned it some time ago, initially SEC (in version 3.0 IIRC) attempted the install until the machine reported completion. If the sync interval was too short for the install to complete it was re-initiated over and over and never succeeded. Thus the logic has been changed to attempt the automatic install only once. Stumbled over it during the last Beta tests when SEC refused to install. Here's part of the response from Support: Automatic protection will only function for new machines to the domain. If the machine is in the database as having been protected (or even attempted) previously it will not retry. Turned out that although deleted and not visible in SEC the machine was known.

    As it doesn't register with SEC the standalone version (which is, I think, not third party) shouldn't have any effect on the attempt - it might cause the install to fail but this should result in an error. Any chance that a client with the same name existed at some time?

    If you find a matching entry or matching entries deleting them from the database (you don't have to move the computer out of the OU) should restart the cycle, i.e. detection by sync and subsequent automatic protection.   

    Christian

    :12815
Children
No Data
Unfiltered HTML