Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 8691 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC Server Reinstalling. No Backup from old server. Any tips / advice?

StephanieGelder

Hello.

OK. So I'm starting again. our Windows 2003 Server with SEC at one site died.. This was a while ago.  A colleague setup a new Sophos Server that never worked.  So I'm starting again.

The clients all have Sophos on that was set to talk to the old Server.

So... Do I give the new server the exact same Name as the old server so that the path to the SIDs is basically just the same \\servername\..........

So the plan is.

Reinstall Windows 2008 R2.

Ensuring the Server has the same name as the old server.

Reinstall all of Windows Updates

Install SEC 5.3.1

Scan the PC VLAN for Devices.  All them all to a Group and Right click and Protect Computers and that should in theory work?

The PC's all have Sophos from the old server, and with Sophos itself as the Secondary Update Source. They could all talk to the server before so it's not as if they have anything that's change at all.



This thread was automatically locked due to age.
Parents
  • 0

    Hello StephanieGelder,

    no backup 
    if this means no backup at all, not even the certificates from the registry, then RMS must be re-initialized on the endpoints. Reprotect is the recommended option.

    Sophos as Secondary
    fine, less pressure

    same name as the old server [...] They could all talk to the server
    once the server is set up and the CIDs are populated, the endpoints will update from there. You'll see errors (on the endpoints, not the console) as they'll refuse to update RMS due to mismatching certificates. Also they won't talk to SEC unless you reprotect them or use the Endpoint Migration Utility. From the endpoints' POV the changed certificates are what makes the server a new one (a new name or IP can be handled e.g. with a DNS-alias).

    Christian

  • 0 in reply to QC
    Thanks.

    When you say "reprotect is the recommended option"

    Is This .... www.sophos.com/.../116737.aspx

    ^^ So run the Endpoint Migration Utility.

    Doing this I should be able to associate them with the new server / certificate combination.

    Thanks for your help.
Reply Children
  • 0 in reply to StephanieGelder

    Hello StephanieGelder,

    same article, yes [:)]. For the future: Even if you don't care about the database (groups, policies, alert and event history) and don't want to back it up I'd recommend backing up the certificate store. Spares reinstall, reprotection, or reinit of endpoints (or if you ever have the need for more than one management server you can easily move at least the Windows - and now I think Linux as well - endpoints).

    Christian

Unfiltered HTML