This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

moving local sophos DB to new extrnal DB Server

Hi all..

we have sophos console 5.2, the plan is to upgrade to 5.4.1 then migrate to new server, then have the new server point to extrnal DB.

someone did the upgrade, and when i tried to migrate i faced an error during restoring backup DB as shown, you can see the existance of SOPHOSENC52.bac, i think it shouldn't appear as it is related to old version!, not 5.4.1!. what could be the problem here? shall i reupgrade the old server again?

 

and lets supose that the migration of sophos console 5.4.1 from win server 2008 to win server 2016 running SQL server 2016 was done successfully, then after migration we want to config that new server to point to an extrnal DB insted of local DB (moving local DB to external SQL server). they will give me that external DB instance and login account only.

what i understood is that i will modify registry values to point to that external DB:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\ManagementTools\Database Installer

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\ManagementTools\DatabaseUser

and then delete the local DB

please correct me because i really got confused at this step!.



This thread was automatically locked due to age.
Parents Reply
  • yesterday it was my lab.. today i'm at customer site!, any way i solve the connectivity problem, i found sql server agent disabled, i ran it then UDL test succeeded :)

    but when try to restore.. got new Error :(

    hens i'm trying to restore db after install db component on new server (normal server to server migration just to ensure db can be restored correctly) 

      

Children
  • Hello Roy Carlo Bago,

    I see, I see.
    Unfortunately the lines shown are more reverberations and don't show the actual error. Could you provide the complete output of the command?

    Christian

  • this is regarding the error:

     

    i spoke to them, they agreed for upgrading to 550, they already now have 5.4.1 on their old server with local db, but these snapshots while i was restoring db at new server after running 5.4.1 and selecting db component only(db here is local). just to to try make the migration from win2008 to win2016 and see if it will success!.

    also now i have another question.. if i will migrate and upgrade to 550 at the same time!, then the steps will be:

    - backup databases on old server 5.4.1 which are (SOPHOS540, SOPHOSPATCH52, SophosSecurity)

    - on sql remote server, create SOPHOS instance, db user account, db admin group, and 3 databases (SOPHOS540, SOPHOSPATCH52, SophosSecurity)

    - restore databases on sql remote server.. here, these databases were restored under 5.4.1 version too, right ?

    - run SEC 550 on new win 2016 server and deselect db component, point to remote instance SQLSERVER\SOPHPS and its user account.

    the question now: SEC 550 have SOPHOS550, whereas remote SQL have SOPHOS540, how will the old one change to the new name!, how will the console detect this?

  • Hello Roy Carlo Bago,

    I'll look at the screenshots tomorrow.

    on sql remote server
    You'd have to create the 550 databases with either the installer or manually with the scripts. As for the 540/541 databases - a RESTORE might be possible even if they did not exist before. Personally I'd create the 550, then try the restore. If it fails create the 540 versions with the 540 scripts.

    Christian

  • Hello Roy Carlo Bago,

    should have seen this yesterday: CREATE DATABASE permission denied in database 'master'. The logged on user doesn't have the necessary permissions on the SQL server. Usually if you run the installer it creates the Windows Security Group Sophos DB Admins, adds administrators and the "database account" to the group and creates the required login in SQL.

    As for databases, database names and migration:

    • when the Management Service starts it checks for the existence of its associated databases
    • if it can't find them it terminates, otherwise it checks for a certain value (UpgradeStatus on table Upgrade)
    • if the status is 2 then the databases are "in production", otherwise it searches for the "newest" previous (supported) database
    • if it can't find one it assumes a fresh install, sets the status and starts using the database, otherwise it call UpgradeDB.exe with the applicable switches
    • UpgradeDB.exe copies the data from the previous database, if necessary applying the appropriate transforms; the old database is not modified in any way (neither taken offline nor dropped - if you want to get rid of it you have to do it manually)

    I hope it is clearer now.

    Christian

  • i have an appointment the next Sunday there but i'm afraid of facing errors after upgrade/migrate process because they told me they tried migration to 5.4.1 two months ago and it succeeded, the db was remote, they faced error while trying to connect to sophos servers online using their sophos account!!, were not able to connect to sophos online!. then they had told  there is something wrong during configuration, have a fresh installation and try again!.

    i was thinking about upgrading 5.4.1 to 5.5.0 at old server first before backup the databases from it!. make scene?

  • Hello Roy Carlo Bago,

    error while trying to connect to sophos servers online
    in the SUM (Update Manager) configuration, or?

    While an upgrade never modifies the old database it's best practice to back up before an upgrade. And a true backup's requirements are only met when it can be restored [:)].
    I've worked with SEC since version 1.0 (including several Betas), I've skipped some versions (and not the same on the different servers - I have more than one) and never had problems due to the fact that I didn't upgrade version by version. OTOH an upgrade takes less than half an hour (ok, I've done it more than once so it has become second nature) and if you migrate the advantage is that you know the new version works and any issue you encounter on the new server is likely caused by the install.

    Christian

  • Hi Christian,

    i faced some errors during upgrade, it didn't upgrade the console component.. i left the old server and started then doing normal migrate  to save time (since i have 5.4.1 db backup already), i opened the new server, and finally it succeeded (5.4.1 on win2016). but when i opened the console i faced this msg:

    "Enterprise Console cannot protect your network fully. This is because the update manager installed on the same computer as Enterprise Console is not configured. For instructions, see http://www.sophos.com/en-us/support/knowledgebase/53965.aspx"

    hence i received an error "unable to install update manager" during installation mgmt server and console components, i viewed article 114627, then i opened appwiz.cpl and found Management DB and Management Server components only. also found programs like "Sophos remote management system" and "Sophos autoupdate", i uninstalled the last two programs and reinstall SEC and it succeeded!.

     

    and for moving db with upgrade.. in my testing lab, i got errors when following method of: backup 541 db then restoring it with 550 wizard at new server!.. instead i upgraded 541 to 550 first at old server, then back db up, then restore it at new server and continue the routine.

  • Christian.. where are you :)

    i need your advice

  • Hello Roy Carlo Bago,

    the next to last paragraph ended with it succeeded! And the last one sounded more like a report and not a description of an insurmountable problem - so, for what issue do you need advice? [:)]

    Christian

  • lol :)

    Hi again brother..

    i mean it succeeded to install the three components, but failed to connect to Sophos online to get updates!.

    still getting this msgbox each time i run the Console!

    "Enterprise Console cannot protect your network fully. This is because the update manager installed on the same computer as Enterprise Console is not configured"

    so the complete migration process wasn't successful.

    and for SUM i used the same user and password that was used at old sever!.