moving local sophos DB to new extrnal DB Server

Hello Roy Carlo Bago,

first of all, the associated database names don't always contain the current version. Furthermore Encryption (SDE) has been withdrawn and SOPHOSENC52 is no longer used.

Why 5.4.1 and not 5.5.0? Even 5.5.0 can't fully manage the current SAV 10.7 (5.5.1 should be out soon) but more important 5.4.1 doesn't support Server 2016.

Whether you've actually used SDE or not you should follow Sophos Enterprise Console 5.4.0 - How to remove Encryption to prepare your old server for migration. Afterwards run DataBackupRestore.exe to back up everything. Install the new (5.5.0) Database component (or the databases manually) on the remote SQL server. Copy the database backups to the SQL server and use RestoreDB.bat to restore the old databases (specify the correct database names). On the new management server follow the migration guide, skip the database component install and restore. Install just the Sever and Console components of SEC, point to the remote database when prompted. Make sure the Database User has the necessary rights on the SQL server.

Christian

Hi Christian..

thank you very much for your reply,

i hope i can install 5.5.0 but they asked me they made a plan and tried to upgrade to 541!, i searched here and found 541 supports SQL2016, so do you mean windows 2016 insted?, i ran it on win2016 in my testing lab and it works.

and for backup and restore DB, if i'm using the the tool DataBackupRestore.exe for backup at old server and restore at new server, then why do i need RestoreDB.bat?.

and i understood that: i will be giving the 3 DBs (SOPHOS540, SOPHOSPATCH52, SOPHOSSECURITY) to the DB Admin guy, and get from him DB instance and user account sothat i can point to them during installing (console and management) on new server, so i'm expecting that the db user are in the same domain as the new server is so that it can be shown in domain or groups when prompt.

Hello Roy Carlo Bago,

should have seen this yesterday: CREATE DATABASE permission denied in database 'master'. The logged on user doesn't have the necessary permissions on the SQL server. Usually if you run the installer it creates the Windows Security Group Sophos DB Admins, adds administrators and the "database account" to the group and creates the required login in SQL.

As for databases, database names and migration:

• when the Management Service starts it checks for the existence of its associated databases
• if it can't find them it terminates, otherwise it checks for a certain value (UpgradeStatus on table Upgrade)
• if the status is 2 then the databases are "in production", otherwise it searches for the "newest" previous (supported) database
• if it can't find one it assumes a fresh install, sets the status and starts using the database, otherwise it call UpgradeDB.exe with the applicable switches
• UpgradeDB.exe copies the data from the previous database, if necessary applying the appropriate transforms; the old database is not modified in any way (neither taken offline nor dropped - if you want to get rid of it you have to do it manually)

I hope it is clearer now.

Christian

i have an appointment the next Sunday there but i'm afraid of facing errors after upgrade/migrate process because they told me they tried migration to 5.4.1 two months ago and it succeeded, the db was remote, they faced error while trying to connect to sophos servers online using their sophos account!!, were not able to connect to sophos online!. then they had told  there is something wrong during configuration, have a fresh installation and try again!.

i was thinking about upgrading 5.4.1 to 5.5.0 at old server first before backup the databases from it!. make scene?

Hello Roy Carlo Bago,

error while trying to connect to sophos servers online
in the SUM (Update Manager) configuration, or?

While an upgrade never modifies the old database it's best practice to back up before an upgrade. And a true backup's requirements are only met when it can be restored [:)].
I've worked with SEC since version 1.0 (including several Betas), I've skipped some versions (and not the same on the different servers - I have more than one) and never had problems due to the fact that I didn't upgrade version by version. OTOH an upgrade takes less than half an hour (ok, I've done it more than once so it has become second nature) and if you migrate the advantage is that you know the new version works and any issue you encounter on the new server is likely caused by the install.

Christian

Hi Christian,

i faced some errors during upgrade, it didn't upgrade the console component.. i left the old server and started then doing normal migrate  to save time (since i have 5.4.1 db backup already), i opened the new server, and finally it succeeded (5.4.1 on win2016). but when i opened the console i faced this msg:

"Enterprise Console cannot protect your network fully. This is because the update manager installed on the same computer as Enterprise Console is not configured. For instructions, see http://www.sophos.com/en-us/support/knowledgebase/53965.aspx"

hence i received an error "unable to install update manager" during installation mgmt server and console components, i viewed article 114627, then i opened appwiz.cpl and found Management DB and Management Server components only. also found programs like "Sophos remote management system" and "Sophos autoupdate", i uninstalled the last two programs and reinstall SEC and it succeeded!.

and for moving db with upgrade.. in my testing lab, i got errors when following method of: backup 541 db then restoring it with 550 wizard at new server!.. instead i upgraded 541 to 550 first at old server, then back db up, then restore it at new server and continue the routine.

Christian.. where are you :)

i need your advice

Hello Roy Carlo Bago,

the next to last paragraph ended with it succeeded! And the last one sounded more like a report and not a description of an insurmountable problem - so, for what issue do you need advice? [:)]

Christian

lol :)

Hi again brother..

i mean it succeeded to install the three components, but failed to connect to Sophos online to get updates!.

still getting this msgbox each time i run the Console!

"Enterprise Console cannot protect your network fully. This is because the update manager installed on the same computer as Enterprise Console is not configured"

so the complete migration process wasn't successful.

and for SUM i used the same user and password that was used at old sever!. 

Hello Roy Carlo Bago,

can you acknowledge the box and continue to work with the console or does it exit at this point?

Christian

it works locally, i can see my DB and policies. but the update bottom is invisible! anything leads to update is invisible.

Hello Roy Carlo Nago,

by anything you mean for example the Update managers button or?

From the message I'd assume that it "just" doesn't find the configuration for the local SUM and the Update managers view is the place to configure it.

Christian

Hello Roy Carlo Nago,

by anything you mean for example the Update managers button or?

From the message I'd assume that it "just" doesn't find the configuration for the local SUM and the Update managers view is the place to configure it.

Christian

I really hope it will be as simple as this!, will try to take remote session with them tomorrow to see it.

but what if that button "update managers" is invisible!, then what could be happened wrong and cause that?, at that time should i uninstall update manager component and reinstall it again?

Hello Roy Carlo Bago,

the message suggests that a local SUM has been found, not that it's missing. I don't think that the view would be inaccessible even if it is.
You shouldn't uninstall a SUM (as it takes RMS with it) unless you intend to uninstall all other (management) components as well.

Christian

Finally was able to get updates from cloud!

i really thank you very much Christian [G][pi]

the next step will be moving db to remote sql server but will not do it now..

thank you again Christian.