This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Force a RMS connection?

Hi all.  Hopefully a quick answer, though a bit of googling didn't yeild much.

I'm pushing an additional relay server into an existing config of 1 x SEC and 2 x relays.  Been a while since I configured the original, so I'm re-remembering how to do it all.  I'm reasonably confident I've got it right, as with 'some' of the endpoints on the new Group (with new subscription, policies, rminit.conf etc) they are a) updating, b) talking via the correct relay (checking via the router logs).

Some of the boxes don't want to move over though.  Is there a way to force RMS to 'check now' for new config/messages?  I'm clicking update now to force a AU update, and am bouncing the RMS service, but sometimes nothing really seems to happen.

tar

Ash



This thread was automatically locked due to age.
Parents
  • Hello Ash,

    it's not RMS that checks by itself. When AutoUpdate detects that the \rms subfolder has changed (either because the endpoint has been redirected or mrinit.conf in the existing CID has been changed) it initiates an RMS "instal"  RMS checks whether is  mrinit.conf valid (same certificates) and applies it.
    If the update location is correct and the update successful then the ClientMRInit log in %windir%\Temp\. might have a hint.

    Christian

  • Hi Christian.  When a client 'has' moved to the correct relay, it's pretty laggy when I'm pushing a "run full system scan" command from SEC.  Sometimes it doesn't seem to trigger at all, which I'm putting down to a delay in RMS somewhere.  Is there a way to tell a client to 'check for messages now'?

    <edit>

    I just need to be patient.  Pulled the command through now.  It's not run it, but at least it pulled the envelope that was stuck waiting.

  • Hello Ash,

    Is there a way to tell a client to 'check for messages now'
    the chicken or the egg.

    I just need to be patient
    RMS uses one or two connections. Communication is initiated by the endpoint connecting to the server's port 8194. Once established the server tries to connect to the endpoint's 8194. If that fails the connection is endpoint push/pull. Whenever a message (status, alert, event) is generated on the endpoint it is immediately sent to the server. The endpoint then pulls the messages that have been enqueued for it. Assuming there are no events on the endpoint and considering that detection data updates (that would produce a status message) are infrequent it could take hours until a command like Full system scan is received and processed. Therefore the Router polls every 15 minutes for outstanding messages.
    Only if there is also the downstream connection the commands are sent immediately.  Normally a relay has a two-way connection with its parent but if not and it also can't connect back to the endpoint this will increase the latency.

    Christian 

  • I've got a funny feeling that you're either a) made out of or b) eat Sophos.  Fantastic advice, just what I needed, as ever.  Many thanks.

Reply Children
No Data