Can I do Sophos message relays setup on same management + console server ??

Hello Phutapong Suanyim,

definitely not, should still be 8193. You've changed both keys?
Please check on the server on which ports the RouterNT.exe is listening. The Router log from after the restart of the service also contains the server's IOR, you might want to check if it's the same that the endpoint receives.
Does the port change when you restart the Message Router service?

Christian 

Hi Christian

I didn't touch keys or change default port

the endpoint still receives same IOR key as the server. 

Yes, the port changed when I restart the message Router service.

Protocol LocalAddress LocalPort RemoteAddress RemotePort State ProcessName PID
-------- ------------ --------- ------------- ---------- ----- ----------- ---
TCP 0.0.0.0 8192 0.0.0.0 0 LISTENING RouterNT 9912
TCP 0.0.0.0 55449 0.0.0.0 0 LISTENING RouterNT 9912
TCP 0.0.0.0 55450 0.0.0.0 0 LISTENING RouterNT 9912
TCP 127.0.0.1 55447 127.0.0.1 55448 ESTABLISHED RouterNT 9912
TCP 127.0.0.1 55448 127.0.0.1 55447 ESTABLISHED RouterNT 9912
TCP 127.0.0.1 55460 127.0.0.1 55459 ESTABLISHED RouterNT 9912
TCP 127.0.0.1 55472 127.0.0.1 55471 ESTABLISHED RouterNT 9912
TCP 127.0.0.1 55507 127.0.0.1 55506 ESTABLISHED RouterNT 9912
TCP 172.19.8.186 55450 172.19.8.186 55457 ESTABLISHED RouterNT 9912
TCP 172.19.8.186 55450 172.19.8.186 55469 ESTABLISHED RouterNT 9912
TCP 172.19.8.186 55450 172.19.8.186 55504 ESTABLISHED RouterNT 9912

Hello Phutapong Suanyim,

didn't touch keys
and what did you do that it now returns the FQDN in the IOR?
I notice it's not listening on 8193 and 8194, as if the -ORBListenEndpoints isn't there.

Christian

Hi Christian

At the enterprise server, I did follow instruction "How to change the message relay to make it return an FQDN in the IOR string:" from here

To immediately affect the service: 

1. Modify the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router\ImagePath 
   to the following (all one line):
   
   "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBDottedDecimalAddresses 0 -ORBListenEndpoints iiop://:8193/ssl_port=8194&hostname_in_ior=SEC.XXX.YYY

2. Restart the Message Router service on the message relay.

Hi Christian

I'm so sorry , it was my mistaken to modify the registry key wrong at the enterprise server but now the registry key's correct and I get return when parse the IOR as shown below:

object key is <#14#01#0F#00NUP#00#00#00!#00#00#00#00#01#00#00#00RootPOA#00RouterPersistent#00#03#00#00#00#01#00#00#00MessageRouter>;
 no trustworthy most-specific-type info; unrecognized ORB type;
 reachable with IIOP 1.2 at host "SEC.XXX.YYY", port 8193

Hello Phutapong Suanyim,

looks ok now. Does the warehouse endpoint communicate?

Christian

Hi Christian

Yes, now the warehouse endpoint communicated with the Enterprise server and it can be managed.

what about existing warehouse endpoint ? can we just change mrinit.conf and without reinstall package ??

Hello Phutapong Suanyim,

just change mrinit.conf?
if I understood correctly the warehouse endpoints have been set up with the SA (the unmanaged stand-alone) version. Normally you have to reinstall the managed version.
I've never given it much thought and I've never heard that upgrading an SA version to a managed one was ever taken into consideration. The following untested procedure might(!) work (and note it's definitely unsupported): Stop the AutoUpdate service, replace (keep a backup or rename it first) %\ProgramData%\Sophos\AutoUpdate\Config\iupd.cfg with the one from the already managed warehouse endpoint. You could also specify the SEC group where the endpoint should "appear" (if you try it do not re-start the Agent service at this point). As said, I haven't tested it and don't know whether the RMS install (normally scheduled by setup.exe) has prerequisites. Start the AutoUpdate service - if it works RMS will be installed on the next update check. If not (I hope it doesn't break anything) your only option is to install a managed package.

Christian