This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

message relay changed to endpoint

Hello all

 

We have just set up our new Sophos Environment with 2 Servers.
1x SEC Server in LAN, 1x Message Relay Server in DMZ.
Everything worked fine but now we have a strange problem:

Our message relay Server changed into an endpoint.

Any ideas how we can revert this behaviour?

thx



This thread was automatically locked due to age.
Parents
  • Hello Tommy Rohner,

    is the MR also a SUM?
    You say changed - so it has been a relay for how long? If not a SUM, does it update from the correct CID (it should naturally do so even if it is a SUM but a SUM wouldn't reconfigure RMS)?

    Christian

  • Hi QC

    thx for your feedback.

    Yes the MR is also a SUM. both servers are SUM (SEC and MR).

    it has been a relay for about 1 week or even longer.

    i guess it changed back because we didn't place the mrinit.conf file in the rms subfolder.

    but how can we now change the endpoint to an MR again?

     

  • Hello Tommy Rohner,

    the SEC server isn't involved. Is there an RMS Install log with contents similar to those I've posted? If not, could you try to change mrinit.conf (changing the case of one or more letters in one of the hostnames is safe and sufficient) and check if a log is created?

    Not a solution but a workaround is modifying the registry keys to match the values (near the end under Technical information) in configuring message relay computers.

    Christian

  • yeah i've found a log, but it's already a few days old:

    Install from:[C:\ProgramData\Sophos\AutoUpdate\cache\rms]
    Install to  :[(null)]
    RMS: Current product is not installed.
    TP: Successfully requested Sophos Endpoint Defense disable tamper protection of RMS.
    MsiPackagePath: [C:\ProgramData\Sophos\AutoUpdate\cache\rms\Sophos Remote Management System.msi].
    Result of loading C:\Program Files (x86)\Sophos\AutoUpdate\SAUConfigDLL.dll is: [71bf0000]
    Installation canceled - RMS will be managed only by the SUM installer.
    CopyPrerequisite(from=C:\ProgramData\Sophos\AutoUpdate\cache\rms\,                 to  =C:\Program Files (x86)\Sophos\Remote Management System,                 file=mrinit.conf)
    Missing source file `C:\ProgramData\Sophos\AutoUpdate\cache\rms\mrinit.conf`

    Restoring backup `C:\Program Files (x86)\Sophos\Remote Management System\mrinit.conf.orig`
    Applying MrInit.conf settings: [ClientMRInit.exe] [-logPath "C:\WINDOWS\Temp" -filePath "C:\Program Files (x86)\Sophos\Remote Management System"]
    TP: Successfully registered for tamper protection with Sophos Endpoint Defense.

  • Hello Tommy Rohner,

    was the server protected before you installed SUM? The mrinit.conf.orig is usually created when the CID an endpoint updates from is configured with a custom mrinit.conf. If later the endpoint updates from an unconfigured CID it falls back to the original mrinit.conf.

    Nevertheless, just modified mrinit.conf another time and the MR/SUM created a new RMS Install log. If your doesn't I wonder whether it is updating from the correct CID?

    Christian

  • yes, the Server was protected by our old Sophos Environment.

    I first uninstalled every Sophos product and then i installed the new SUM.

     

    after modifying mrinit.conf, no RMS Install.log has been created. i've just tested this 5 minutes ago. but as i mentioned before, rms is not installed on the Server.

    how can i check if the Server is updating from correct CID?

    we have 2 cids on each Server (total 4).

    Clients are updating from MR and MR is updating from SEC.

  • Hello Tommy Rohner,

    how can i check
    several ways (assuming you know which is the right CID [:)]): the console's Endpoints view, tab Update Details; the local Sophos GUI on the MR updating configuration; or (preferred) its Updating log which will show the location actually used.

    MR is updating from SEC
    please note that an endpoint running SUM has two distinct update processes: the regular AutoUpdate for the Endpoint software and SUM's product update. Also note that the contents of a CID are important, not where it's hosted. Normally a SUM/MR hosts the CIDs configured with an mrinit.conf that has the MR in the ParentRouterAddress. In order to recognize itself correctly as an MR the MR must update from such a CID.
    You can have both a (MR-)configured and an unconfigured CID on one or both servers. Why two CIDs - different subscriptions?

    Christian 

  • I'll try to explain a little bit better what our Scenario Looks like:

    We have 2 Servers.

    Server1 is SEC/SUM in LAN.
    Server2 is MR/SUM in DMZ.
    Server 2 has an internal and an external IP with Split DNS.
    SUM on Server 1 gets Updates from Sophos.
    SUM on Server 2 gets Updates from Server 1.

    MRInit.conf in CIDs on Server 1 contain:
    "MRParentAddress"="Server1"
    "ParentRouterAddress"="Server1"

    MRInit.conf in CIDs on Server 2 contain:
    "MRParentAddress"="Server1"
    "ParentRouterAddress"="Server2"

    we have 2 Update Policies:
    Default: for all Clients -> Primary update path: \\server2\SophosUpdate\...
    SOPH: for the both Servers -> Primary update path: \\server1\SophosUpdate\...

    for Updates we use WebCID (http).

    we have 2 CIDs because we need previous recommended (for all Clients) and recommendend (for test Clients) Software Updates.
    the 2 CIDs on Server 1 are identical with the 2 CIDs on Server 2, only the MRInit.conf files are different.

     

     

     

  • Hello Tommy Rohner,

    seems almost correct, but only almost.

    If all endpoints update from \\server2 then all would use server2 as message relay - probably not what you really want

    If server2 updates from server1 it would use the mrinit.conf with "ParentRouterAddress"="Server1". The logic is as follows: If RMS finds its host's IP or name in at least one of the MRParentAddresses it knows it's on the management server. If there's a match with at least one of the ParentRouterAddresses it configures itself as relay. Otherwise it's on an endpoint and uses ParentRouterAddress as upstream router.

    So if I understand you correctly - it is clear why the SUM/MR acts as endpoint.

    Christian

  • yes, all clients using server2 as MR is exactly what i want :)

    oh okay, thank you for the explanation. i see the problem now.
    but when i set server2 to use the same update policy as all other clients it should be correct, right?

    I've done that but now server 2 shows up as disconnected (red cross) in SEC console.
    and reportdata.xml still shows "endpoint" on server 2.

  • Hello Tommy Rohner,

    there should be an associated RMS Install log and if the service has been restarted reportdata.xml should have been updated. Apparently RMS has "downgraded", can't say if it works or should work in the other direction (upgrade to an MR) as well. Don't have a SUM/MR server to test.

    If you restart the service the Router log should show potential issues in the first few dozen lines.

    Christian

  • i can't see any issues in that logfile.

    but apparently the clients are still communicating with the MR.

    the only problem i have is that the MR can't communicate with the SEC.

    so None of the Clients is up to date..

    i'm gonna reinstall Server 2 and hope this will fix it.

Reply
  • i can't see any issues in that logfile.

    but apparently the clients are still communicating with the MR.

    the only problem i have is that the MR can't communicate with the SEC.

    so None of the Clients is up to date..

    i'm gonna reinstall Server 2 and hope this will fix it.

Children
No Data