This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deploying Sophos within a forest from one domain to another

I have a top level Windows 2008R2 domain which has Sophos Enterprise console installed (TEST.NET) and is pushing Sophos out to the servers and clients perfectly. We recently added a 2012R2 child domain (CHILD.TEST.NET), and i would like to use the existing Sophos set up to push Sophos AV to the servers and clients in the Child domain .

I can scan active directory and it finds the child domain computers. I have tried to push the installation from the Sophos Enterprise Console but i receive the 80070035 error, or 0000002e error. This is using an enterprise admin account test.net\administrator. I can however be on a server or client of the child domain and manually pull the installation. This works fine and once installed shows as normal in the SEC and will update fine etc.

All firewalls have been disabled.

Any thoughts please?



This thread was automatically locked due to age.
Parents
  • Hi,

    The account you use in the SEC protect wizard has to be able to logon to the management server and needs to be administrative over the target client.

    Some details here: www.sophos.com/deployment

    Given the scenario you mention in terms of computers:

    • sec.test.net
    • client.child.test.net

    I would probably enter the deployment credentials as:

    child\administrator

    ..assuming that at the client, the local administrators group has the necessary domain accounts references and everything there resolves.

    As a first test, on the management server I would run:

    runas /user:child\administrator cmd

    To prove that I could launch a command prompt using those credentials on the SEC server.

    If you're still having issues, contact support and enquire about the tracing logging of the management server. 

    Hope it helps.

    Regards,

    Jak

Reply
  • Hi,

    The account you use in the SEC protect wizard has to be able to logon to the management server and needs to be administrative over the target client.

    Some details here: www.sophos.com/deployment

    Given the scenario you mention in terms of computers:

    • sec.test.net
    • client.child.test.net

    I would probably enter the deployment credentials as:

    child\administrator

    ..assuming that at the client, the local administrators group has the necessary domain accounts references and everything there resolves.

    As a first test, on the management server I would run:

    runas /user:child\administrator cmd

    To prove that I could launch a command prompt using those credentials on the SEC server.

    If you're still having issues, contact support and enquire about the tracing logging of the management server. 

    Hope it helps.

    Regards,

    Jak

Children
No Data