This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration SEC from Server 2008R2 to Server 2016

Hi community,

I have to migrate my SEC from Server 2008R2 to Server 2016 without changing the database, because the database is on an other database server. So the Sophos documentation for migration is not equal for my case. In chapter 6.3 "save data, registration and secure store" there is written to make a backup with databackuprestore.exe -action=backup . I can't do this, because the database is on a separte database server. How can I do the steps, there a written in this chapter und restore it on the new server? I have done the migration without saving the data and the SEC is starting on Server 2016, but I can´t do anything, because SEC is doing nothing. I can´t minimize the window, at the task manager there 0 % CPU for SEC. 

Can someday explain me the migration to Server 2016 without any changes on the database server?

Klaussophos



This thread was automatically locked due to age.
  • Hello Klaussophos,

    How can I do the steps, there a written in this chapter und restore it on the new server
    DataBackupRestore.exe has an -ExcludeDB switch that lets you back up everything except the database (you should nevertheless take a backup of the databases). You'd then skip Chapter 7 and steps 3. and 4. in Chapter 8 of the Migration Guide. Specify the existing SQL DB instance and the necessary credentials in Ch.9, step 3.c.

    Christian

  • Hello Christian,

    thanks for your help. Everything went fine, except that the path names was different on my system. After installing backup and starting databackuprestore -action=restore -datastoretype=SecureStore, everything was o.k. I start the sophos services SEC and I see the Console, but the Console ist not replying. I can´t do nothing, so step 12 configuration the new Update Manager is impossible to start. What´s wrong with my installation? Can you help me?

    Klaussophos

  • Hello Klaussophos,

    the 2008 is still stopped, isn't it? And before the retry with DataBackupRestore you uninstalled the SEC components (or reset the 2016)?

    I assume that it fails to put itself in place of the old server. Maybe there's some information in the sophos-management-services.log in %ProgramData%\Sophos\Sophos Endpoint Management\log\. Are the Sophos services started - if not there should be events in the Windows Event log.

    Christian

  • Hello Christian,

    the 2008 is stopped. I installed SEC once again? How can I reset the 2016? 

    After all doing that I got the following messages in sophos-management-services.log:

    2018-06-18 15:47:24,613 [19] INFO {Sophos.Management.Services.ClientServicesCore.Initialise} ==> First use of this service core - initializing
    2018-06-18 15:47:24,957 [17] INFO {Sophos.Management.Services.Sddma.ServerDataMonitor.GetData} ==> Received data request for 1 servers.
    2018-06-18 15:47:24,957 [17] INFO {Sophos.Management.Services.Sddma.ServerDataMonitor.GetData} ==> Some server identity tags were not found, so refreshing the server data monitor cache.
    2018-06-18 15:47:24,957 [17] INFO {Sophos.Management.Services.Sddma.ServerDataMonitor.RefreshCache} ==> Begin refreshing server data monitor cache.
    2018-06-18 15:47:24,957 [17] INFO {Sophos.Management.Services.Sddma.ServerDataMonitor.RefreshCache} ==> Cacheing data for all servers.
    2018-06-18 15:47:25,238 [17] WARN {Sophos.Management.Common.TranslationTable.GetTranslationValue} ==> Translation not found for token 'SupplementsTotalFailure' in group 'SUMStatus' and of value type 'short'.
    2018-06-18 15:47:25,254 [17] INFO {Sophos.Management.Services.Sddma.AuthoritativeServerSelector.SelectCandidateAuthoritativeServer} ==> Selecting the server 'OLDSERVER' with the endpoint address 'Router$OLDSERVER' as the authoritative server.
    2018-06-18 15:47:25,894 [17] WARN {Sophos.Management.Common.TranslationTable.GetTranslationValue} ==> Translation not found for token 'SupplementsTotalFailure' in group 'SUMStatus' and of value type 'short'.
    2018-06-18 15:47:26,098 [23] WARN {Sophos.Management.Services.Sddma.MessageReceiver.SaveDefaultShareCredentialsAndReplaceWithTickets} ==> The password to access the default share of the existing server d0c42be6-6c38-4eec-a65c-59b424e6f9e2 has changed.
    2018-06-18 15:47:26,144 [23] INFO {Sophos.Management.Services.Sddma.PredefinedSubscriptionsProvider.RetrieveReleaseIdByTag} ==> Checking ReleaseId for: SophosMA
    2018-06-18 15:47:26,144 [23] INFO {Sophos.Management.Services.Sddma.PredefinedSubscriptionsProvider.RetrieveReleaseIdByTag} ==> Found ReleaseId for: SophosMA
    2018-06-18 15:47:26,144 [23] WARN {Sophos.Management.Services.Sddma.StatusMonitor.HandleStatus} ==> Could not or did not extract self-update information.
    2018-06-18 15:47:26,144 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.ScanStatusForErrors} ==> Scanning status message from server NEWSERVER for updating errors.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.ScanServerForErrors} ==> Scanning for indication of updating errors in the status message.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.CreateError} ==> Adding error of type ProgramsTotalFailure, application SDDM, group SUMStatus, received from endpoint 2292.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.ScanServerForErrors} ==> Found 1 programs update errors.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.CreateError} ==> Adding error of type SupplementsTotalFailure, application SDDM, group SUMStatus, received from endpoint 2292.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.ScanServerForErrors} ==> Found 1 supplements update errors.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.ScanServerForErrors} ==> Scanning for indication of distribution errors in the status message.
    2018-06-18 15:47:26,269 [23] INFO {Sophos.Management.Services.Sddma.ServerFailureHandler.ScanServerForErrors} ==> Found a total of 0 distribution errors.
    2018-06-18 15:47:26,738 [19] INFO {Sophos.Management.Services.Sddma.ServerDataMonitor.GetData} ==> Received data request for 1 servers.
    2018-06-18 15:47:26,738 [19] INFO {Sophos.Management.Services.Sddma.AuthoritativeServerSelector.SelectCandidateAuthoritativeServer} ==> Selecting the server 'OLDSERVER' with the endpoint address 'Router$OLDSERVER' as the authoritative server.
    2018-06-18 15:47:31,581 [17] WARN {Sophos.Management.Common.TranslationTable.GetTranslationValue} ==> Translation not found for token 'SupplementsTotalFailure' in group 'SUMStatus' and of value type 'short'.

    What can I do to finish my installation?

    Klaussophos

     

  • Hello Klaussophos,

    so the console does open, you see everything (dashboard, endpoints) there but it's completely unresponsive?

    Christian

  • Hello Christian,

    exactly, I see everything (all endpoinsts), but the console is completely unresponsive. 

    Klaussophos

  • Hello Klaussophos,

    there seems to be some inconsistency. This looks similar to an old migration problem.

    One course of action is to contact Support, have them look into, and they should be able to come up with a solution.
    Another way - if you have a backup of the database right before migration - is to stop all Sophos services, restore the database, then start the services. This might solve the problem.

    Guess there are two rows in the SDDMServers table - though I don't suggest hacking the database on your own.

    Christian

  • Hello Christian,

    sorry for the delay. I tried the solution of your link  and this solved the problem. We deleted in table SDDMServers the old server. We have now access to the SEC on the new server. Update Service is o.k. and now  we want to configure our 400 clients with the description of sophos kb . We build the sophosReInit.vbs file and try it on two clients, but nothing happend, the old server is the update server. Than we tried manually update with the setup.exe in the release path \\newserver\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe. We got an error message like this: can´t copy cac.pem into C:\program files\sophos\remote management system, we can do this with the old server. Yes we did this with Admistrator rights. We had this problem on old clients (where they have sophos antivirus client) and on new clients, where they have no installation of Sophos Antivirus. Now we are in trouble, because no client got updates. Do you have an idea, what is the problem?

    Klaussophos

  • What's in the re-init log file under \windows\temp\ after running the generated VBScript?  I wonder if Tamper Protection (specifically the sophosed.sys driver which is part of Endpoint Defesne) is blocking the copy.  Is it enabled?

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\
    SedEnabled = 1

    Regards,

    Jak

  • Hello Klaussophos,

    67456 (the article from your second link) isn't about endpoint configuration.
    SophosReInit.vbs, if built correctly, should make the endpoints talk to the new server. nothing happend - did you check the logs? Which parent is listed in the Network Communications Report?

    an error message like [...] this problem [...] on new clients
    like is in most cases not of much help when it comes to error messages. The exact message (which perhaps contains an error code as well) or ideally the complete log would be preferable.

    Christian