Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 5445 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC Updating only RMS on clients

Klaussophos

Hello community,

I have written some threats for our update Scenario. Most of our Clients we have updated through the deployment share from our sophos Server \\server\sophosupdate\cids\s000\savscfxp\setup.exe . Everything is o.k., but we have some Clients, where are in far destinations with a very, very slow bandwidth, so updating through our favorite way is impossible. Is there a easy way only updating the RMS Client Software with the new cac.pem and mrinit.conf files? The Software at the Clients have the Version 10.8 but they have a wrong Connection to the sophos Server, because we have changed from Windows Server 2008 R2 to Windows Server 2016 with a new Name and a new IP address. I have wrote some discussions, but our Problem is not solved. Has anybody the same constellation?

Klaussophos



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Barb@Sophos

    Hallo Barb@sophos,

    Thanks for the advice. Unfortunately our Problem is not solved properly. In the Router log-file at programdata\sophos\rms\3\router\logs there is written the correct sophos Management Server, but when I open at the Client the sophos endpoint security and control program I see at "updates configure" the old name from our former sophos Management Server. In this property window, where the old Name is listed and this can't be Changed. Following you see an extract from router log-file:

    02.08.2018 08:33:25 0C74 I Successfully validated parent router's IOR
    02.08.2018 08:33:25 0C74 I Accessing parent
    02.08.2018 08:33:25 0C74 I SSL handshake done, local IP address = 192.168.7.126
    02.08.2018 08:33:25 0C74 I Parent is Router$rz01-sophos-11 (correct Name of Sophos Server)
    02.08.2018 08:33:25 0AB0 I Writing router table file
    02.08.2018 08:33:25 0AB0 I Creating ORB runner with 4 threads
    02.08.2018 08:33:25 0AB0 I Compliant certificate hashing algorithm.
    02.08.2018 08:33:25 0AB0 I This computer is part of the domain "OUR DOMAIN"
    02.08.2018 08:33:25 0AB0 I This router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000400000000000000a8000000010102000f0000003136392e3235342e31392e3235350000012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572000000030000000000000008000000011d7f00004f41540100000018000000011d7f0001000100010000000100010509010100000000001400000008000000011da6008600022000000000a800000001010200100000003136392e3235342e3131352e32323100012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572000000030000000000000008000000011d7f00004f41540100000018000000011d7f0001000100010000000100010509010100000000001400000008000000011da6008600022000000000a4000000010102000e0000003139322e3136382e372e3132360001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572757465030000000000000008000000011d7f00004f41540100000018000000011d7f0001000100010000000100010509010100000000001400000008000000011da6008600022000000000a4000000010102000e0000003136392e3235342e332e3132380001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572000000030000000000000008000000014d7e00004f41540100000018000000014d7e0001000100010000000100010509010100000000001400000008000000014da60086000220
    02.08.2018 08:33:25 0AB0 I Successfully validated this router's IOR
    02.08.2018 08:33:25 0AB0 I Reading router table file
    02.08.2018 08:33:25 0AB0 I Host name: snpf0te2bs
    02.08.2018 08:33:25 0AB0 I Local IP addresses: 192.168.7.126
    02.08.2018 08:33:25 0AB0 I Resolved name: snpf0te2bs.OUR_DOMAIN
    02.08.2018 08:33:25 0AB0 I Resolved alias/es:
    02.08.2018 08:33:25 0AB0 I Resolved IP addresses: 192.168.7.126
    02.08.2018 08:33:25 0AB0 I Resolved reverse names/aliases: snpf0te2bs.OUR_DOMAIN
    02.08.2018 08:33:25 0AB0 I Waiting for messages...
    02.08.2018 08:33:25 08C8 I Getting parent router IOR from rz01-sophos-11.OUR_DOMAIN:8192
    02.08.2018 08:33:25 08C8 I Received parent router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a4000000010102000d0000003139322e3136382e302e3938000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001008b01004f4154010000001800000001008b01010001000100000001000105090101000000000014000000080000000100a60086000220
    02.08.2018 08:33:25 08C8 I Successfully validated parent router's IOR
    02.08.2018 08:33:25 08C8 I Accessing parent
    02.08.2018 08:33:26 08C8 I SSL handshake done, local IP address = 192.168.7.126
    02.08.2018 08:33:26 08C8 I Parent is Router$rz01-sophos-11
    02.08.2018 08:33:26 08C8 I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
    02.08.2018 08:33:26 08C8 I RouterTableEntry state (router, logging on): Router$rz01-sophos-11 is passive consumer, passive supplier
    02.08.2018 08:33:26 08C8 I Logged on to parent router as Router$snpf0te2bs:945583
    02.08.2018 08:33:26 08C8 I This computer is part of the domain OUR_DOMAIN
    02.08.2018 08:33:29 0604 E Attempt to get client interface from non-local caller
    02.08.2018 08:33:35 0F30 E Attempt to get client interface from non-local caller
    02.08.2018 08:33:40 0604 E Attempt to get client interface from non-local caller
    02.08.2018 08:33:45 0F30 E Attempt to get client interface from non-local caller
    02.08.2018 08:33:50 0604 E Attempt to get client interface from non-local caller

    the message "Attempt to get client interface from non-local caller" never Ends.

    Our old Server called rz01-sophos-11.

    I think it must small Thing to Change, that this Client can't connect the new Server. What is the Problem?

    Klaussophos

  • 0 in reply to Klaussophos

    Hi Klaussophos,

    Please try these articles and let us know the outcome:

    Sophos Endpoint Security and Control: Windows computer with multiple IP addresses or multiple network cards generates error logs
    Sophos Enterprise Console: What to do when installed on a computer with multiple IP addresses

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    Hello Barb,

    I tried to solve our Problem with your advice:

    Sophos Enterprise Console: What to do when installed on a computer with multiple IP addresses

    after doing Step one, the Sophos Message Router Service can't start. So I installed the Sophos Software from the deploying share. After that the both registry entries

    HKLM\SYSTEM\CurrentControlSet\Services\Sophos Message Router\ImagePath 

    HKLM\SOFTWARE\Sophos\Messaging System\Router\ServiceArgs

    are not existing in the registry. Strange ! The Client has now the new Software (after installing over 2 hours, because the bad bandwidth), but in the SEC it isn't visible.

    The best way will be installing the Software over the deploying share. It will be a sisphos work over more weeks, but I didn't see another Change to do that.

    Klaussophos

  • 0 in reply to Klaussophos

    Hi Klaussophos,

    If the problems persist, I think it would be best if you raised a case with Support for further assistance.

    Once you create the case, please send me a DM with the ticket number so that I can follow up.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Unfiltered HTML