Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 51583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure message relay in ver 5.2.2

PBJ_Family

I am having trouble configuring a message relay in ver 5.2.2.  I followed the instructions here:

http://www.sophos.com/en-us/support/knowledgebase/14635.aspx

It does not list ver 5.2 on that page but I cannot find any instructions anywhere that do.

The issue I have is that according to the video on that page, the ConnectionCache registry value is supposed to be 20512 to indicate that the machine has converted to a message relay.  The value is 10.

Everything else seems to indicate that it worked, although currently I have no endpoints setup to use that relay yet.  But on the relay machine itself I see that the mrinit.conf located in C:\Program Files (x86)\Sophos\Remote Management System is the one I modified and does list itself as the "ParentRouterAddress".  I understand this is how you would confirm that an endpoint had pulled its configuration from this machine.

:56262


This thread was automatically locked due to age.
Parents
  • 0

    I am suspecting a failure in the install package somewhere.  I have UAC turned off by GPO so I wonder if that has anything to do with it.  I do not see logs indicating that clientmrinit.exe was ever run on either MainServer or RelaySever.  For purposes of this conversation lets say that MainServer is in site A and RelayServer is in site B. 

    Site B now has two more protected servers, one is running Server 2012 R2 and one is running Server 2008 R2.  Both of them have log files indicating that clientmrinit.exe was run successfully however the log files may be indicating a problem on RelayServer itself.  Here is the log from the Server 2008 R2 server.

    12.03.2015 14:12:33 0CD0 I SOF: C:\Windows\TEMP/ClientMRInit-20150312-201233.log
    12.03.2015 14:12:33 0CD0 D ClientMRInit installing
    12.03.2015 14:12:33 0CD0 D mrfile=`MRInit.conf`
    cafile=`cac.pem`
    filepath=`C:\Program Files (x86)\Sophos\Remote Management System"`
    rtrname=`Router`
    logpath=`C:\Windows\TEMP`
    12.03.2015 14:12:33 0CD0 I Opening initialisation file: C:\Program Files (x86)\Sophos\Remote Management System/MRInit.conf
    12.03.2015 14:12:33 0CD0 I Opening root certificate initialisation file: C:\Program Files (x86)\Sophos\Remote Management System/cac.pem
    12.03.2015 14:12:33 0CD0 I Intelligent updating is: Off
    12.03.2015 14:12:33 0CD0 E MRInitData failed with exception: CAccessFailureException:CACertificate not found
    12.03.2015 14:12:33 0CD0 D Old certificate not present, using new.
    12.03.2015 14:12:33 0CD0 T New Message Router identity key is present.
    12.03.2015 14:12:33 0CD0 T New Managed Application identity key is present.
    12.03.2015 14:12:33 0CD0 T New Management Agent identity key is present.
    12.03.2015 14:12:33 0CD0 D CheckParentAddress( `*** NOT SET ***`->`192.168.112.7,RelayServer.MyDomain.local,RelayServer` )
    12.03.2015 14:12:33 0CD0 D IsThisComputer[192.168.112.7,RelayServer.MyDomain.local,RelayServer]
    12.03.2015 14:12:33 0CD0 D Found 3 addresses
    12.03.2015 14:12:33 0CD0 D Just use new parent
    12.03.2015 14:12:33 0CD0 I Parent router IOR port: 8192
    12.03.2015 14:12:33 0CD0 I New router IOR port: 8192
    12.03.2015 14:12:33 0CD0 I Setting router service arguments: "-ORBListenEndpoints iiop://:8193/ssl_port=8194"
    12.03.2015 14:12:36 0CD0 I ClientMRInit successful exit

    :56284
Reply
  • 0

    I am suspecting a failure in the install package somewhere.  I have UAC turned off by GPO so I wonder if that has anything to do with it.  I do not see logs indicating that clientmrinit.exe was ever run on either MainServer or RelaySever.  For purposes of this conversation lets say that MainServer is in site A and RelayServer is in site B. 

    Site B now has two more protected servers, one is running Server 2012 R2 and one is running Server 2008 R2.  Both of them have log files indicating that clientmrinit.exe was run successfully however the log files may be indicating a problem on RelayServer itself.  Here is the log from the Server 2008 R2 server.

    12.03.2015 14:12:33 0CD0 I SOF: C:\Windows\TEMP/ClientMRInit-20150312-201233.log
    12.03.2015 14:12:33 0CD0 D ClientMRInit installing
    12.03.2015 14:12:33 0CD0 D mrfile=`MRInit.conf`
    cafile=`cac.pem`
    filepath=`C:\Program Files (x86)\Sophos\Remote Management System"`
    rtrname=`Router`
    logpath=`C:\Windows\TEMP`
    12.03.2015 14:12:33 0CD0 I Opening initialisation file: C:\Program Files (x86)\Sophos\Remote Management System/MRInit.conf
    12.03.2015 14:12:33 0CD0 I Opening root certificate initialisation file: C:\Program Files (x86)\Sophos\Remote Management System/cac.pem
    12.03.2015 14:12:33 0CD0 I Intelligent updating is: Off
    12.03.2015 14:12:33 0CD0 E MRInitData failed with exception: CAccessFailureException:CACertificate not found
    12.03.2015 14:12:33 0CD0 D Old certificate not present, using new.
    12.03.2015 14:12:33 0CD0 T New Message Router identity key is present.
    12.03.2015 14:12:33 0CD0 T New Managed Application identity key is present.
    12.03.2015 14:12:33 0CD0 T New Management Agent identity key is present.
    12.03.2015 14:12:33 0CD0 D CheckParentAddress( `*** NOT SET ***`->`192.168.112.7,RelayServer.MyDomain.local,RelayServer` )
    12.03.2015 14:12:33 0CD0 D IsThisComputer[192.168.112.7,RelayServer.MyDomain.local,RelayServer]
    12.03.2015 14:12:33 0CD0 D Found 3 addresses
    12.03.2015 14:12:33 0CD0 D Just use new parent
    12.03.2015 14:12:33 0CD0 I Parent router IOR port: 8192
    12.03.2015 14:12:33 0CD0 I New router IOR port: 8192
    12.03.2015 14:12:33 0CD0 I Setting router service arguments: "-ORBListenEndpoints iiop://:8193/ssl_port=8194"
    12.03.2015 14:12:36 0CD0 I ClientMRInit successful exit

    :56284
Children
No Data
Unfiltered HTML