SEC migration from a DC

Hi tstan 

It is recommended that Enterprise Console is not installed on a Domain Controller. It is also likely that additional security settings have been configured on a DC which could prevent Enterprise Console installing one of which is listed in this article. You can refer to this migration guide for migrating Sophos Enterprise console from one server to another. 

Hi, thanks for the reply. I wasn't clear.

SEC is already installed on the 2008R2 DC. it has been on there for at least 7 years, it was server 2003 before that.

I want to migrate SEC from the old current DC to a new virtual server that wont be a DC. Are there likely to be any issues that anyone is aware of?

The migration literature only seems to mention that they should both not be a DC, but I cant find any info to say what to do if one of them already is a DC with SEC installed.

Thanks

Hi tstan 

Datacenter edition is supported for SEC 5.5.0, 5.5.1 and 5.5.2. Please go through the below screenshot.

Hi,

appreciate the help... a lot..

Reinstalling SQL and restarting the VM worked and the Build completed.

We continued the migration and are now in the process of protecting the endpoints from the new SEC.

It is all working on our Virtual 2016 server on our Hyper-V machine so I am not sure what wont work?

Hi tstan 

You're welcome.

Your scenario is completely supported and the build should be completed successfully as you are running Windows server 2016 may be standard edition VM on physical Hyper-V server.

Thanks for all the help with this..,, but...

Install completed and endpoints are gradually reappearing in the console.

We now want to upgrade from 550 to SEC 552.  on trying the install we get an error message on the pre check 

You don't have sufficient database rights.

I followed the /kb/en-us/124245 what to do and run the SQLCMD, the user account is in the list.

I tried to add it again and it says the server principal already exists...

this Sophos admin account is a member of Sophos DB Admins, Sophos DB Users, Domain Admins, Sophos Full and Sophos Console..

I was trying to run it from my desktop as a remote desktop session as its a VM. I ran the installer "Run as Administrator"

I also tried it on the Hyper-V server itself with the same result..

I disabled UAC through the registry with the same result.

The whole migration was done on this account..

Am I missing something else?

Hello tstan,

could you show the associated Sophos_bootstrapper log (please make sure that sensitive information is removed)? 

Christian

Hi, 

I have noticed something in this file that I missed first time..  

could this be it .. 

about a third of the way down.  On the error lines it shows SophopsServer and this should be SophosServer  I've typo'ed somewhere.

2/03/2020 13:08:02, INFO : Finished retrieving instances - Timeout
12/03/2020 13:08:17, ERROR : COM error. Connection string: Application Name=SEC Bootstrapper;Database=master;Provider=SQLNCLI11;Server=SophopsServer\SOPHOS;Trusted_Connection=Yes;DataTypeCompatibility=80; - Error: Unspecified error, Description: SQL Server Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF].
12/03/2020 13:08:17, INFO : Checking for presence of database: SOPHOSENC51 on instance: SophopsServer\SOPHOS...
12/03/2020 13:08:34, ERROR : COM error. Connection string: Application Name=SEC Bootstrapper;Database=master;Provider=SQLNCLI11;Server=SophopsServer\SOPHOS;Trusted_Connection=Yes;DataTypeCompatibility=80; - Error: Unspecified error, Description: SQL Server Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF].
12/03/2020 13:08:34, INFO : Installation value ID '29': ENCDBVERSION="0"

I will change the typo's in the registry and see what happens. 

Got past the first hurdle, but on to the next..

Hello tstan,

these are just warnings, simply proceed.

Christian

I did and it failed, just going through the log file now..

12/03/2020 14:15:04, INFO : Installation value ID '12': INSTALLDIR="C:\Program Files\Sophos" INSTALLDIR32="C:\Program Files (x86)\Sophos" SUM_INSTALLDIR="C:\Program Files (x86)\Sophos\Update Manager"
12/03/2020 14:15:04, INFO : Installation value ID '19': UPGRADE="1"
12/03/2020 14:15:04, INFO : Installation value ID '6': SERVER_COMPUTERNAME="SophosServer"
12/03/2020 14:15:04, INFO : Installation value ID '5': SERVER_PORT="80"
12/03/2020 14:15:04, ERROR : No Sophos Credential Store Service found: 80040154
12/03/2020 14:15:04, INFO : Installation value ID '1': SERVER_USERNAME="sophosadmin"
12/03/2020 14:15:04, INFO : Installation value ID '2': SERVER_USERNAMEDOMAIN="????"
12/03/2020 14:15:05, ERROR : No Sophos Credential Store Service found: 80040154
12/03/2020 14:15:06, INFO : Installation value ID '4': SERVER_USERNAMEPASSWORD="********"
12/03/2020 14:15:06, INFO : upn found: Administrator@?????????????
12/03/2020 14:15:06, INFO : Installation value ID '3': SERVER_UPN="Administrator@???????????"

12/03/2020 14:32:52, INFO : Verifying files in folder
12/03/2020 14:32:53, INFO : Target folder verification completed successfully
12/03/2020 14:32:53, INFO : About to install Database64.msi
12/03/2020 14:33:27, INFO : Processing INSTALLMESSAGE_TERMINATE message from MSI
12/03/2020 14:33:27, INFO : Ended installing Database64.msi
12/03/2020 14:33:29, INFO : Installation of Database succeeded
12/03/2020 14:33:29, INFO : Verifying files in folder
12/03/2020 14:33:29, INFO : Target folder verification completed successfully
12/03/2020 14:33:29, INFO : About to install CredStore.msi
12/03/2020 14:33:49, INFO : Processing INSTALLMESSAGE_TERMINATE message from MSI
12/03/2020 14:33:49, INFO : Ended installing CredStore.msi
12/03/2020 14:33:51, INFO : Installation of Sophos Credential Store Service succeeded
12/03/2020 14:33:51, INFO : Verifying files in folder
12/03/2020 14:33:52, INFO : Target folder verification completed successfully
12/03/2020 14:33:52, INFO : About to install Server64.msi
12/03/2020 14:33:53, INFO : Processing INSTALLMESSAGE_TERMINATE message from MSI
12/03/2020 14:33:53, INFO : Installation of Server64.msi failed with error code: 1603
12/03/2020 14:33:53, INFO : Ended installing Server64.msi
12/03/2020 14:33:55, INFO : Installation of Management Server failed with error code: 1603
12/03/2020 14:33:55, INFO : Deactivate state: Installing
12/03/2020 14:33:55, INFO : Activate state: Failed
12/03/2020 14:33:55, INFO : Entered Installation failed page.
12/03/2020 14:34:45, INFO : Opening logs folder: C:\ProgramData\Sophos\Management Installer
12/03/2020 14:36:14, INFO : Finished Bootstrapper
12/03/2020 14:36:14, INFO : Cleaned up socket.
12/03/2020 14:36:14, INFO : Uninitialized COM in main thread

I did and it failed, just going through the log file now..

12/03/2020 14:15:04, INFO : Installation value ID '12': INSTALLDIR="C:\Program Files\Sophos" INSTALLDIR32="C:\Program Files (x86)\Sophos" SUM_INSTALLDIR="C:\Program Files (x86)\Sophos\Update Manager"
12/03/2020 14:15:04, INFO : Installation value ID '19': UPGRADE="1"
12/03/2020 14:15:04, INFO : Installation value ID '6': SERVER_COMPUTERNAME="SophosServer"
12/03/2020 14:15:04, INFO : Installation value ID '5': SERVER_PORT="80"
12/03/2020 14:15:04, ERROR : No Sophos Credential Store Service found: 80040154
12/03/2020 14:15:04, INFO : Installation value ID '1': SERVER_USERNAME="sophosadmin"
12/03/2020 14:15:04, INFO : Installation value ID '2': SERVER_USERNAMEDOMAIN="????"
12/03/2020 14:15:05, ERROR : No Sophos Credential Store Service found: 80040154
12/03/2020 14:15:06, INFO : Installation value ID '4': SERVER_USERNAMEPASSWORD="********"
12/03/2020 14:15:06, INFO : upn found: Administrator@?????????????
12/03/2020 14:15:06, INFO : Installation value ID '3': SERVER_UPN="Administrator@???????????"

12/03/2020 14:32:52, INFO : Verifying files in folder
12/03/2020 14:32:53, INFO : Target folder verification completed successfully
12/03/2020 14:32:53, INFO : About to install Database64.msi
12/03/2020 14:33:27, INFO : Processing INSTALLMESSAGE_TERMINATE message from MSI
12/03/2020 14:33:27, INFO : Ended installing Database64.msi
12/03/2020 14:33:29, INFO : Installation of Database succeeded
12/03/2020 14:33:29, INFO : Verifying files in folder
12/03/2020 14:33:29, INFO : Target folder verification completed successfully
12/03/2020 14:33:29, INFO : About to install CredStore.msi
12/03/2020 14:33:49, INFO : Processing INSTALLMESSAGE_TERMINATE message from MSI
12/03/2020 14:33:49, INFO : Ended installing CredStore.msi
12/03/2020 14:33:51, INFO : Installation of Sophos Credential Store Service succeeded
12/03/2020 14:33:51, INFO : Verifying files in folder
12/03/2020 14:33:52, INFO : Target folder verification completed successfully
12/03/2020 14:33:52, INFO : About to install Server64.msi
12/03/2020 14:33:53, INFO : Processing INSTALLMESSAGE_TERMINATE message from MSI
12/03/2020 14:33:53, INFO : Installation of Server64.msi failed with error code: 1603
12/03/2020 14:33:53, INFO : Ended installing Server64.msi
12/03/2020 14:33:55, INFO : Installation of Management Server failed with error code: 1603
12/03/2020 14:33:55, INFO : Deactivate state: Installing
12/03/2020 14:33:55, INFO : Activate state: Failed
12/03/2020 14:33:55, INFO : Entered Installation failed page.
12/03/2020 14:34:45, INFO : Opening logs folder: C:\ProgramData\Sophos\Management Installer
12/03/2020 14:36:14, INFO : Finished Bootstrapper
12/03/2020 14:36:14, INFO : Cleaned up socket.
12/03/2020 14:36:14, INFO : Uninitialized COM in main thread

And errors in the Sophos_Server64MSi log

GetSumCredentialsFromCredStore: Initialized.
GetSumCredentialsFromCredStore: No Sophos Credential Store Service found: 80070005
GetSumCredentialsFromCredStore: Error 0x80004005: Failed to get username
CustomAction CredStore.GetSUMCredentials returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 14:33:53: CredStore.GetSUMCredentials. Return value 3.
Action ended 14:33:53: INSTALL. Return value 3.

Hello tstan,

is the Sophos Credential Store service running - assuming the Credential Store has been installed?

Something similar has been mentioned in the Upgrade fails thread but I'm not sure about the sequence of events in your case. First the bootstrapper refused to continue because of the database rights issue. With the next attempt it installed the 5.5.2 database and the new Credential Store and then failed installing the Server? Which Sophos components and versions are in Programs and Features?

Christian

Apologies, was called away on Friday.

Credential store is running.

now if I try and run the new installer, I get this..

I am about ready to scrap the whole thing, delete the serve and start from scratch..

Would the old migrated server still be usable if I redirect the endpoints back?

thanks

Hello tstan,

not surprisingly the versions of the components are different (I've mentioned it in the story of the second server) and there is an applicable article: Sophos Enterprise Console: Installer has detected different versions of the components installed. Your first screenshot shows that the Credential Store is installed but I assume you have checked that the service is indeed running. As it's not clear what the status was during your first attempt to upgrade a second attempt (after uninstalling the database component) might or might not succeed.

The old server should still be usable, naturally the changes and history done on and recorded by the new server aren't available on the old one.

Christian 

Hi, 

Followed the KB and uninstalled the DB.

Following an attempted reinstall -552.. Upgrade....  I now get this:

16/03/2020 09:32:49, INFO : Installation value ID '5': SERVER_PORT="80"
16/03/2020 09:32:49, ERROR : GetUsername operation results: 80131577
16/03/2020 09:32:49, INFO : Installation value ID '1': SERVER_USERNAME="sophosadmin"
16/03/2020 09:32:49, INFO : Installation value ID '2': SERVER_USERNAMEDOMAIN="????"
16/03/2020 09:32:49, ERROR : GetPassword operation results: 80131577
16/03/2020 09:32:49, INFO : Installation value ID '4': SERVER_USERNAMEPASSWORD="********"

16/03/2020 09:32:49, INFO : Finished retrieving instances - Timeout
16/03/2020 09:32:49, INFO : Obtaining remote SQL instances on network...
16/03/2020 09:32:50, INFO : Finished retrieving instances - Timeout
16/03/2020 09:33:05, ERROR : COM error. Connection string: Application Name=SEC Bootstrapper;Database=master;Provider=SQLNCLI11;Server=;Trusted_Connection=Yes;DataTypeCompatibility=80; - Error: Unspecified error, Description: Named Pipes Provider: Could not open a connection to SQL Server [2].
16/03/2020 09:33:05, INFO : Checking for presence of database: SOPHOSENC51 on instance: ...
16/03/2020 09:33:20, ERROR : COM error. Connection string: Application Name=SEC Bootstrapper;Database=master;Provider=SQLNCLI11;Server=;Trusted_Connection=Yes;DataTypeCompatibility=80; - Error: Unspecified error, Description: Named Pipes Provider: Could not open a connection to SQL Server [2].
16/03/2020 09:33:20, INFO : Installation value ID '29': ENCDBVERSION="0"
16/03/2020 09:33:20, INFO : SupportedOS isFatal: 1
16/03/2020 09:33:21, INFO : Entered Welcome page.
16/03/2020 09:33:30, INFO : Running System Property Check: User must be an administrator on this computer...
16/03/2020 09:33:30, INFO : System Property Check: User must be an administrator on this computer - PASSED
16/03/2020 09:33:30, INFO : Running System Property Check: All SEC components installed must be the same version...
16/03/2020 09:33:30, INFO : Found installed component: {FC2876E5-3698-4534-A126-52792C4F0350} version: 5.5.0
16/03/2020 09:33:30, INFO : Found MSI: \Console64.msi version: 5.5.2
16/03/2020 09:33:30, INFO : Found installed component: {9BCC5C9E-94B6-40CA-A025-2A33C78256C6} version: 5.5.0
16/03/2020 09:33:30, INFO : Found MSI: \Server64.msi version: 5.5.2
16/03/2020 09:33:30, INFO : Found MSI: \Database64.msi version: 5.5.2
16/03/2020 09:33:30, INFO : Found installed component: {2C7A82DB-69BC-4198-AC26-BB862F1BE4D0} version: 1.7.1.19
16/03/2020 09:33:30, INFO : Found MSI: SUM.msi version: 1.6.2.186
16/03/2020 09:33:30, INFO : System Property Check: All SEC components installed must be the same version - PASSED
16/03/2020 09:33:30, INFO : Entered Eula page.
16/03/2020 09:33:31, INFO : Accepted Eula.
16/03/2020 09:33:32, INFO : Running System Property Check: Support operating system version and service pack must be installed...
16/03/2020 09:33:32, INFO : SupportedOS: Version: 10.0.14393 SP: 0.0 Architecture: 64-bit Edition: 18 Name: Microsoft Windows Server 2016 Standard|C:\Windows|\Device\Harddisk0\Partition2 Type: 3

and Program and Features show: 551 instead of 552 for SDM..

Going back to the old server in preparation for deleting this VM and starting from scratch. thinking that might be a quicker solution? 

Hello tstan,

deleting this VM and starting from scratch
might indeed be quicker. In principle it is possible to skip the install and migration of 5.5.0 on the new server.

Christian

I really just wanted the policies so I didn't have to recreate them, but I guess I can open them both now and just reproduce them.

Thanks for all your help with this.

Hello tstan,

the policies are - like most data (groups, computers, their alerts and events, ...) - contained in the database. It's all that stuff or none of it.

Christian