Bandwidth consumption and others problems..

Question

Hello!. I have an installation with 9000 clients and approximately 150 SUM. The clients have a local SUM formed in every headquarters but I detect a great consumption of bandwidth in connections to the SEC. Some clients consume 200MB in 5 minutes. The SEC uses the port 8080. I have checked that the traffic is not for updates. The deployment has been realized by a complete package of installation and every SUM is formed as RMS of his own headquarters. The update policy is correct and I see that the clients take his own SUM as a update server. I observe that the configuration of the RMS is not correct because many clients have the SEC and not to his RMS (checking the registry key on the clients). I modified the mrinit.conf before installing every SUM...but I have followed the procedure to re-form the RMS modifying the mrinit.conf but it continues without happening at all. 
 Have I to re-protect the clients after modifying the mrinit.conf? Why so much bandwidth against the SEC? The SEC is in a server and the BD is SQL 2008 R2 in other one. Both Windows 2008 R2 SP1. 
 
 Thanks!

jak · Accepted Answer

Hi, 
 
So in this scenario I picture that a server at each site is running SUM, which is creating a local CID for the local clients. 
 
The local CIDs on the SUM servers should have a mrinit.conf file in the "rms" sub-directory of the CID(s) which has the SUM machine (IP, FQDN or NetBIOS or all 3) as the ParentAddress value. After doing so, you run configcid.exe ( www.sophos.com/.../13112.aspx) against the CID in order to add the custom mrinit.conf file to the catalog file (cidsync.upd) under the "rms" sub-directory. You can open cidsync.upd in the "rms" directory and search for mrinit.conf. This is not typically a file in the catalog as it is copied down to the client by setup.exe and not by AutoUpdate when not using relays or using the CID to configure RMS. 
 
When the SUM server updates from the CID, it pulls down the custom mrinit.conf file and as part of the RMS installer runs clientmrinit.exe, clientmrint.exe realises that this machine should be a message relay (based on the parent address being the same as the local computer) and configures itself with "upgraded" values for the connectioncache, numorbthreads, etc, as per the SEC server and the values as detailed at the bottom of article: www.sophos.com/.../14635.aspx . 
 
Important: You can't just set these registry keys to convert the computer to a relay as on the next update of RMS they will be lost, you have to configure the CID the relay updates from to be a relay CID. 
 
Having done the above, on the next update the clients at the site should also pull down the custom mrinit.conf, and store it in the RMS program files directory, rename the original mrinit.conf that points to the SEC server as mrinit.conf.orig. As part of the RMS setup, clientmrinit.exe will run and set the correct values in the registry, i.e. the ParentAddress value under the router key will end up pointing to the relay. 
 
There is one thing to note, clientmtinit.exe will not re-configure a client if location roaming, (updating policy) is enabled. This is to avoid the case where if a computer goes to a different site, discovers and updates from the local CID, pulls down the local CIDs mrinit.conf and start messaging via that. It will update via the local CID but will not re-configure it self to message through it as the RMS path from client to server should always remain the same. 
 
The log file of clientmrinit.exe can be found in \Windows	emp\ as it's typically run as SYSTEM when executed as part of the RMS installation as called by AutoUpdate. 
 
I hope that helps. 
Regards 
Jak