Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Subscribers 4 subscribers
  • Views 13526 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration SEC from Server 2008R2 to Server 2016

Klaussophos

Hi community,

I have to migrate my SEC from Server 2008R2 to Server 2016 without changing the database, because the database is on an other database server. So the Sophos documentation for migration is not equal for my case. In chapter 6.3 "save data, registration and secure store" there is written to make a backup with databackuprestore.exe -action=backup . I can't do this, because the database is on a separte database server. How can I do the steps, there a written in this chapter und restore it on the new server? I have done the migration without saving the data and the SEC is starting on Server 2016, but I can´t do anything, because SEC is doing nothing. I can´t minimize the window, at the task manager there 0 % CPU for SEC. 

Can someday explain me the migration to Server 2016 without any changes on the database server?

Klaussophos



This thread was automatically locked due to age.
  • 0 in reply to QC

    Hi Christian and jak,

    my key is the following:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\
    SedEnabled = 0

     

    The log file from sophosreinit is:

    20.06.2018 12:06:58 INFO: Starting Script
    20.06.2018 12:06:58 INFO: Options:
    20.06.2018 12:06:58 INFO: blnForceRMSRun : Falsch
    20.06.2018 12:06:58 INFO: blnForcePatchRun : Wahr
    20.06.2018 12:06:58 INFO: blnReconfigurePatch : Falsch
    20.06.2018 12:06:58 INFO: blnReconfigureRMS : Wahr
    20.06.2018 12:06:58 INFO: strSECGroupPathOut :
    20.06.2018 12:06:58 INFO: intPauseForServiceInSeconds : 10
    20.06.2018 12:06:58 INFO: blnWriteCacToSAUCache : Wahr
    20.06.2018 12:06:58 INFO: strLogPath : C:\windows\temp\SophosReInit.txt
    20.06.2018 12:06:58 INFO: strReInitLog : C:\windows\temp
    20.06.2018 12:06:58 INFO: strManagementServerPort :
    20.06.2018 12:06:58 INFO: strManagementServer :
    20.06.2018 12:06:58 INFO: --> Is64()
    20.06.2018 12:06:58 INFO: Platform is 64-Bit
    20.06.2018 12:06:58 INFO: <-- Is64()
    20.06.2018 12:06:58 INFO: --> MarkerFound()
    20.06.2018 12:06:58 INFO: Script not already run.
    20.06.2018 12:06:58 INFO: <-- MarkerFound()
    20.06.2018 12:06:58 INFO: --> ServerClassRouter()
    20.06.2018 12:06:58 INFO: Router is a client, ok to run
    20.06.2018 12:06:58 INFO: <-- ServerClassRouter()
    20.06.2018 12:06:58 INFO: Running Patch in force mode
    20.06.2018 12:06:58 INFO: --> FixRMS()
    20.06.2018 12:06:58 INFO: --> GetRMSPath()
    20.06.2018 12:06:58 INFO: RMS Path is C:\Program Files (x86)\Sophos\Remote Management System\
    20.06.2018 12:06:58 INFO: <-- GetRMSPath()
    20.06.2018 12:06:58 INFO: --> CreateFile()
    20.06.2018 12:06:58 INFO: --> Creating file cac.pem in C:\Program Files (x86)\Sophos\Remote Management System\
    20.06.2018 12:06:58 INFO: <-- CreateFile()
    20.06.2018 12:06:58 INFO: --> CreateFile()
    20.06.2018 12:06:58 INFO: --> Creating file mrinit.conf in C:\Program Files (x86)\Sophos\Remote Management System\
    20.06.2018 12:06:58 INFO: <-- CreateFile()
    20.06.2018 12:06:58 INFO: --> DeleteOrig()
    20.06.2018 12:06:58 INFO: C:\Program Files (x86)\Sophos\Remote Management System\mrinit.conf.orig does not exist, carrying on.
    20.06.2018 12:06:58 INFO: <-- DeleteOrig()
    20.06.2018 12:06:58 INFO: --> DeleteCacInSAUCache()
    20.06.2018 12:06:58 INFO: --> GetSAUCache()
    20.06.2018 12:06:58 INFO: SAU 'Cache' directory is C:\ProgramData\Sophos\AutoUpdate\
    20.06.2018 12:06:58 INFO: <-- GetSAUCache()
    20.06.2018 12:06:58 INFO: C:\ProgramData\Sophos\AutoUpdate\\Cache\cac.pem exists. Will delete...
    20.06.2018 12:06:58 INFO: Writing cac.pem to SAU cache...
    20.06.2018 12:06:58 INFO: --> CreateFile()
    20.06.2018 12:06:58 INFO: --> Creating file cac.pem in C:\ProgramData\Sophos\AutoUpdate\\Cache
    20.06.2018 12:06:58 INFO: <-- CreateFile()
    20.06.2018 12:06:58 INFO: <-- DeleteCacInSAUCache()
    20.06.2018 12:06:58 INFO: --> StopService()
    20.06.2018 12:07:09 INFO: Return code for stopping service: Sophos Agent : 0
    20.06.2018 12:07:09 INFO: <-- StopService()
    20.06.2018 12:07:09 INFO: --> StopService()
    20.06.2018 12:07:19 INFO: Return code for stopping service: Sophos Message Router : 0
    20.06.2018 12:07:19 INFO: <-- StopService()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\cac
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\CertificationIdentityKeys\CertificationIdentityKey
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private\pkc
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private\pkp
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\CertificationIdentityKeys\ManagedApplication
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\CertificationIdentityKey
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\pkc
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\pkp
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> RunClientMRInit()
    20.06.2018 12:07:19 INFO: Running command: C:\Program Files (x86)\Sophos\Remote Management System\ClientMRInit.exe
    20.06.2018 12:07:19 INFO: C:\Program Files (x86)\Sophos\Remote Management System\ClientMRInit.exe -logpath C:\windows\temp -filepath "C:\Program Files (x86)\Sophos\Remote Management System\" Completed OK. Exit code 0
    20.06.2018 12:07:19 INFO: --> RunClientMRInit()
    20.06.2018 12:07:19 INFO: --> CreateMarker()
    20.06.2018 12:07:19 INFO: Created marker key (ReInitRMSMarker).
    20.06.2018 12:07:19 INFO: <-- CreateMarker()
    20.06.2018 12:07:19 INFO: --> StartService()
    20.06.2018 12:07:20 INFO: Return code for starting service: Sophos Message Router : 0
    20.06.2018 12:07:20 INFO: <-- StartService()
    20.06.2018 12:07:20 INFO: --> StartService()
    20.06.2018 12:07:20 INFO: Return code for starting service: Sophos Agent : 0
    20.06.2018 12:07:20 INFO: <-- StartService()
    20.06.2018 12:07:20 INFO: <-- FixRMS()
    20.06.2018 12:07:20 INFO: Ending script
    20.06.2018 12:07:20 INFO: --> CloseLog() - No function exit logged

     

    In the Network Communications Report there is the following content:

    <?xml version='1.0' encoding='UTF-16' ?>
    <?xml-stylesheet type='text/xsl' href='transform.xslt' ?>
    <RMS_status_report>
    <string msg='explanation' />
    <sections>
    <section name='DNS'>
    <string msg='OK' />
    </section>

    <!-- And another -->
    <section name='Certification'>
    <string msg='OK' />
    </section>

    <!-- And another -->
    <section name='Incoming'>
    <string msg='OK' />
    </section>

    <!-- And another -->
    <section name='Outgoing'>
    <alert><problem>
    <string msg='outgoing_comm_error' />
    </problem>
    <summary>
    <string msg='communication_failure' />
    </summary>
    <cause>
    <string msg='communication_failure_cause' />
    </cause>
    <action>
    <string msg='communication_fix' />
    </action>
    <more_info>
    outgiong_KB_number
    </more_info>
    </alert>
    </section>

    <!-- And another -->
    </sections>
    <computer_data>
    <language>
    de_DE
    </language>
    <local_time>
    Mittwoch, 20. Juni 2018 12:19:04
    </local_time>
    <GMT>
    Mittwoch, 20. Juni 2018 10:19:04
    </GMT>
    <computer_name>
    SNR9LLYNN
    </computer_name>
    <domain>
    domainname
    </domain>
    <router_name>
    <string msg='not_available' />
    </router_name>
    <IOR_port>8192</IOR_port>
    <SSLIOP_port><string msg='not_available' /></SSLIOP_port>
    <parent_addresses>
    newserver.domain.local,newserver
    </parent_addresses>
    <actual_parent>
    <string msg='not_available' />
    </actual_parent>
    <router_type>
    endpoint
    </router_type>
    </computer_data>
    </RMS_status_report>

     

    What is the IOR_port 8192? During building the sophosreinit.vbs we take port 80. Should we take port 8192 for that?

     

    Klaussophos 

  • 0 in reply to Klaussophos

    Hello Klaussophos,

    the IOR_port is correct, endpoints communicate over ports 8192 and 8194, i.e. the must be able to connect to these two ports on the server. It looks like they can't - are these ports open on the new server, is there perhaps a network firewall that blocks these two ports?

    The failed communication should be logged in the Router log (%ProgramData%\Sophos\Remote Management System\3\Router\Logs).

    Christian

  • 0 in reply to QC

    Hi Christian,

    we opened on the windows firewall these both ports, but the result is the same. 

    We installed with setup.exe on one client the software again und we got the following router.log:

    20.06.2018 15:56:38 09D0 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20180620-135638.log
    20.06.2018 15:56:38 09D0 I Sophos Messaging Router 4.1.1.127 starting...
    20.06.2018 15:56:38 09D0 I Setting ACE_FD_SETSIZE to 138
    20.06.2018 15:56:38 09D0 I Initializing CORBA...
    20.06.2018 15:56:38 09D0 I Connection cache limit is 10
    20.06.2018 15:56:39 09D0 E Router::Start: Caught CAccessFailureException:CACertificate not found
    20.06.2018 15:56:39 09D0 I Restarting...

    It seems there is problem with a CACertificate. Can we solve the problem or should we go back to the old server?

    Klaussophos

  • 0 in reply to Klaussophos

    Hello Klaussophos,

    perhaps turning on verbose logging for the Sophos Message Router will give some detail for the not found.
    RMS is apparently installed, please check the ClientMRInit-2018.....log in %windir%\Temp\. Is the cac.pem in%ProgramFiles(x86)%\Sophos\Remote Management System\? You said the copy failed - not sure where this is logged, might be the Sophos ES setup.log in your user's (the user who ran setup.exe) %temp% directory.

    Christian

  • 0 in reply to QC

    Hello Christian,

    sorry for late reply. After the next day the problem was away (I don´t know why?), we had access to SEC and now we are updating the clients to the new sophos Server.

    Thanks for your help.

    Klaussophos

Unfiltered HTML