Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 51593 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure message relay in ver 5.2.2

PBJ_Family

I am having trouble configuring a message relay in ver 5.2.2.  I followed the instructions here:

http://www.sophos.com/en-us/support/knowledgebase/14635.aspx

It does not list ver 5.2 on that page but I cannot find any instructions anywhere that do.

The issue I have is that according to the video on that page, the ConnectionCache registry value is supposed to be 20512 to indicate that the machine has converted to a message relay.  The value is 10.

Everything else seems to indicate that it worked, although currently I have no endpoints setup to use that relay yet.  But on the relay machine itself I see that the mrinit.conf located in C:\Program Files (x86)\Sophos\Remote Management System is the one I modified and does list itself as the "ParentRouterAddress".  I understand this is how you would confirm that an endpoint had pulled its configuration from this machine.

:56262


This thread was automatically locked due to age.
Parents
  • 0

    Hello PBJ_Family,

    good work - and you've spotted the problem.

    Indeed Location Roaming (AKA Intelligent Updating) prohibits any RMS reconfiguration (didn't think of it). As the endpoint will only update from a CID managed by the same console - why this restriction? The obvious downside is that an endpoint might not be able to communicate with the console while it is "out of town". One harmful scenario though is that at the remote site Location Roaming is not enabled. The endpoint would then configure RMS and its updating policy for the remote location. Returning, it would not only fail to update but due to the inappropriate RMS configuration unable to contact the console and receive the correct policy. Any RMS reconfiguration also means that in a migration scenario the endpoints won't pick up the changes to mrinit.conf.    

    Rereading Enterprise Console: configuring message relay computers I wonder if  you've enabled Location Roaming because of the note in paragraph 2? Dunno if Sophos intends to change the AutoUpdate logic as RMSNT is never downloaded from location Sophos and thus there's no risk that the RMS configuration could be changed when the endpoint updates from Sophos. 

    Christian 

    :56293
Reply
  • 0

    Hello PBJ_Family,

    good work - and you've spotted the problem.

    Indeed Location Roaming (AKA Intelligent Updating) prohibits any RMS reconfiguration (didn't think of it). As the endpoint will only update from a CID managed by the same console - why this restriction? The obvious downside is that an endpoint might not be able to communicate with the console while it is "out of town". One harmful scenario though is that at the remote site Location Roaming is not enabled. The endpoint would then configure RMS and its updating policy for the remote location. Returning, it would not only fail to update but due to the inappropriate RMS configuration unable to contact the console and receive the correct policy. Any RMS reconfiguration also means that in a migration scenario the endpoints won't pick up the changes to mrinit.conf.    

    Rereading Enterprise Console: configuring message relay computers I wonder if  you've enabled Location Roaming because of the note in paragraph 2? Dunno if Sophos intends to change the AutoUpdate logic as RMSNT is never downloaded from location Sophos and thus there's no risk that the RMS configuration could be changed when the endpoint updates from Sophos. 

    Christian 

    :56293
Children
No Data
Unfiltered HTML