Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 7509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving clients to a new server with A NEW name from a 2003 server to 2012

nigel parker

we want to move from our Sophos enterprise console to another machine this will have a new Name

the old one must keep running until we have all the clients moved to the new server ID DONT WANT THE HISTORY we want to start again!

Installed the new server as per the KB articles

All seemed well but the clients seem to have an issue, I deployed the client from the new console Over the top of the old managed server client it reinstalled but came back with this error

 

   Sophos AutoUpdate status                Date/time            Code      Description                            
                                           17/01/2017 11:56:44  0000006b  Download of Sophos Endpoint Defense failed from server \\NEW SERVER\SophosUpdate\CIDs\S000\SAVSCFXP\

If I uninstall the Sophos Av from the client and remove all reg entries and left over dll files then deploy from the new server I do not get this error it works ok !

help would be appreciated I tried goggling the description error but haven't found anything useful

so its just How to redirect windows endpoints to a new server

I followed this KB even trying the scripted routes but it still fails with the same error



This thread was automatically locked due to age.
Parents
  • 0

    Hello nigel parker,

    Sophos Endpoint Defense is new with 10.6.4. Looks like you've subscribed to Preview on the old server. If you re-protect with 10.6.3 the associated information for AutoUpdate isn't cleared, subsequently it's searching for the product but fails.

    Christian

  • 0 in reply to QC

    Hi

    thanks the new server is showing its running

    sophos enterprise console 5.4.1 if I go help about

    the clients (on the new server) show they are running 10.6

    Thanks

  • 0 in reply to nigel parker

    Hello nigel parker,

    it's not just 10.6 but the minor that's important - 10.6.4 does have SED, 10.6.3 doesn't. So you should check the version of the endpoints (clients) on the old server (tab Anti-virus Details, column Anti-virus version). The SEC version doesn't matter, the subscription does. If it's indeed the case that 10.6.4 was already in use you can either subscribe to Preview on the new server or ignore the message until 10.6.4 is GA.

    Downgrading of the components is supported when you re-protect but only known features are uninstalled. 10.6.3 isn't aware of the new SED so its installer doesn't uninstall it.
    [Edit] Not sure now if above this is correct - just tested a downgrade by assigning Recommended to an endpoint running 10.6.4, the SED is correctly uninstalled. Haven't tested a re-protect from the console though. [/Edit]

    [just saw your other post]
    The normal updating log doesn't really help in troubleshooting an error that's not immediately obvious. For this purpose the detailed ALUpdate log is required. Anyway I think the Could not connect to the server is misleading here. So please check the involved endpoint versions. Apart from this - I daresay: rather minor - issue everything seems to work.

    Christian

  • 0 in reply to QC

    Hi thanks

    when I deploy from the old server the client reports

    sophos av 10.6.4.1150

    deploying from the New server
    sophos av 10.6.3.537

    so I have downloaded an older console is that what your saying? Thought I picked the latest version available and cant understand therefore how the old server is on a newer version than the new one !

    I will look around the downloads again to see what I can find, we need to remove errors before we move the other clients as I want a nice clean start

     

    Regards

    Nigel

Reply
  • 0 in reply to QC

    Hi thanks

    when I deploy from the old server the client reports

    sophos av 10.6.4.1150

    deploying from the New server
    sophos av 10.6.3.537

    so I have downloaded an older console is that what your saying? Thought I picked the latest version available and cant understand therefore how the old server is on a newer version than the new one !

    I will look around the downloads again to see what I can find, we need to remove errors before we move the other clients as I want a nice clean start

     

    Regards

    Nigel

Children
  • 0 in reply to nigel parker

    OH I see on the subscriptions on the NEW server I can select Preview Early access

    and someone has selected this on the old server !

    what to do - do I go for the preview or wait and ride out the errors

    Hmmmm

  • 0 in reply to nigel parker

    If I set the old server back to recommended versions will they roll back to the supported recommended versions from the preview versions ?

    He askes rather more hopefully than should be thought ................

  • 0 in reply to nigel parker

    just thought

    If I put them on recommended will they stay on the version they are and then eventually they will be on the same version as the NEW server

    at that point I can move them over without issues

    Thanks

  • 0 in reply to nigel parker

    Hello Nigel,

    you can set the subscription on old to the 10.6 Recommended package, wait for the endpoints to downgrade, then move them. Or change your subscription on new to Preview, 10.6.4 apparently ran without issues so why not just stay (it'll be released soon as recommended anyway).
    BTW: Someone must have selected the Preview package

    BTW: The Endpoint software version is independent of the SEC version. When you install SEC it (or to be exact: SUM) is configured to look for Recommended - whether you install the current SEC (5.4.1) or a legacy version (5.2.2) and will right now download 10.6.3. A current version of SEC is required to manage new Endpoint features (i.e. configure the policies accordingly) - if you have an older SEC you can't for example configure MTD (malicious traffic detection), though the endpoints will accept the policy and use the defaults for unconfigured items.

    Christian 

  • 0 in reply to QC

    Thank s

    set the old server to recommended and will wait until the preview goes live then try a few migrations

    Hopefully :-)

    I will be up and working

     

    Thanks

  • 0 in reply to nigel parker

    Hello Nigel,

    don't mention it (or you're welcome depending on your version of en- [;)]).

    You can re-protect the endpoints that have downgraded on old, or you can (as mentioned) select Preview on new. One thing I've forgot to say - if you did export/import the certificates (so that new management has the same "identity") you can simply change the update location (on old) to the new server (no re-protect required). AutoUpdate will correctly handle up-/downgrades when the CID (or its content) changes.

    Christian

Unfiltered HTML