This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC missing computer details and unable to apply policies

We recently had a hard drive failure on our Windows 2003 Sophos Enterprise Console 4.5 server and discovered that our backup was corrupt. The server has been rebuilt (same host/doman and IP address) and I've installed SEC 4.7.

Existing client computers are unable to pickup definition updates. I can see them SEC, but am not able to not collect computer details or send them policies (greyed out).

On one client computer I uninstalled the Antivirus, Updater and Management components, restarted, then reinstalled using a command line to the Sophos server share. It is able to pickup updates, but no computer details are showing and I am unable to send it policies.

Windows Group Policy is opening the three standard Sophos ports (UDP & TCP) on the client computers.

This thread was automatically locked due to age.

Parents

0 jak over 12 years ago

Hi,

After running the script, has the client received its certificates from the server?

Note; ensure that the Certification Manager service on the server is started.

The client should have the following 4 registry keys:

Router:
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\Private \pkc
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\Private \pkp

Agent:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private \pkc

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private \pkp

Without these keys the client will be unable to message the server.

Also as a check, on the server, the registry keys values for:

HKLM\sotware\[wow6432node]\sophos\Certificaiton Manager\CerAuthStore\DelegatedManagerKey

HKLM\sotware\[wow6432node]\sophos\Certificaiton Manager\CerAuthStore\ManagedAppKey

HKLM\sotware\[wow6432node]\sophos\Certificaiton Manager\CerAuthStore\RouterKey

should match the strings in the mrinit.conf that you seleted. That is also worth checking to ensure the server and client are in sync with regards to the certificate identity keys.

Whilst you're in this server key (certauthstore), the cac key value should match that on the client, which is stored in:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System \cac

Regards,

Jak
:15645
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 12 years ago

Hi,

After running the script, has the client received its certificates from the server?

Note; ensure that the Certification Manager service on the server is started.

The client should have the following 4 registry keys:

Router:
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\Private \pkc
HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\Private \pkp

Agent:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private \pkc

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private \pkp

Without these keys the client will be unable to message the server.

Also as a check, on the server, the registry keys values for:

HKLM\sotware\[wow6432node]\sophos\Certificaiton Manager\CerAuthStore\DelegatedManagerKey

HKLM\sotware\[wow6432node]\sophos\Certificaiton Manager\CerAuthStore\ManagedAppKey

HKLM\sotware\[wow6432node]\sophos\Certificaiton Manager\CerAuthStore\RouterKey

should match the strings in the mrinit.conf that you seleted. That is also worth checking to ensure the server and client are in sync with regards to the certificate identity keys.

Whilst you're in this server key (certauthstore), the cac key value should match that on the client, which is stored in:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System \cac

Regards,

Jak
:15645
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data