Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 3689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with mrinit.conf on air gapped network

Tommy123

Hi All,

I am currently installing SEC 5.1 on an air gapped network, the installation has gone fine and I have created the locations for maual updating etc (with a SophosUpdateManager folder as detailed in a Sophos KB).

I have a problem with the mrinit.conf file though......

I originally copied the CID folder from another domain as there was no way for this SEC to get its own copy, when I protect a computer I have noticed that they do not talk back to the SEC. Upon looking at the mrinit.conf file I can see details from the domain I copied the CID folder from.

Is there anyway I can get SEC to re-create mrinit.conf and cac.pem based on the new server's details (IP's, identity keys etc....)

Cheers

Tom

:36733


This thread was automatically locked due to age.
Parents
  • 0

    Hello Tom,

    you won't be able to successfully manage your computers in your "isolated" network unless you have configured the management server properly (I assume you did not use the same certificates for the air-gapped server).

    If you have created the "source share" as outlines in the article and copied your Warehouse to it you should then configure SUM and make sure it is updating from this location (please see also the recent threads started by Garry). You should also empty the CID(s) as SUM will build them anyway if everything works (and with the correct supporting files).

    Once it works as it should you can then protect the clients (including the ones where this has already been done).

    Christian

    :36739
  • 0 in reply to QC

    Quick follow-up:

     

    Once that the values from an erroneous mrinit.conf has been erroneously deployed to a air-gapped client from an air-gapped update source/SEC, to rectify, is it the best practice to simply to edit the mrinit.conf in-place on the client?

    Or do a full re-deploy to the client?

  • 0 in reply to Brian Seklecki

    Hi  

    Please refer to this article which provides a solution to redirect the client to correct SEC. The script will do the necessary changes to replace the new Mrinit.conf file.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Reply Children
Unfiltered HTML