Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 51578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure message relay in ver 5.2.2

PBJ_Family

I am having trouble configuring a message relay in ver 5.2.2.  I followed the instructions here:

http://www.sophos.com/en-us/support/knowledgebase/14635.aspx

It does not list ver 5.2 on that page but I cannot find any instructions anywhere that do.

The issue I have is that according to the video on that page, the ConnectionCache registry value is supposed to be 20512 to indicate that the machine has converted to a message relay.  The value is 10.

Everything else seems to indicate that it worked, although currently I have no endpoints setup to use that relay yet.  But on the relay machine itself I see that the mrinit.conf located in C:\Program Files (x86)\Sophos\Remote Management System is the one I modified and does list itself as the "ParentRouterAddress".  I understand this is how you would confirm that an endpoint had pulled its configuration from this machine.

:56262


This thread was automatically locked due to age.
Parents
  • 0

    Hello PBJ_Family,

    a SUM (whether on the management server or on some other computer) always creates (and deploys to) the default \\Self\SophosUpdate share. It fetches the updates from either the Sophos Warehouse or the Warehouse maintained and provided by another SUM in the same hierarchy. The Source and Distribution points for a specific SUM are configured in the Update managers view.

    he distribution point on RelayServer [...] should be getting updated from the main server anyway

    A CID's contents are made available to the endpoints by either Windows file services or a Webserver - neither necessitates an additional SUM. 

    A relay doesn't need to be a SUM, a server running a SUM doesn't have to act as a relay. In order to act as a relay a (potential) RelayServer has to update from a CID with an appropriate mrinit.conf (one that "names" RelayServer in ParentRouterAddress). In this case it would expect to find its upstream router at MRParentAddress (MRP). If RMS detects that the local computer matches MRParentAddress it assumes it's running on the management server. If neither matches RMS assumes it's on a "simple" endpoint and uses ParentRouterAddress (PR).

    Normally you'd want that some of the endpoints talk directly to the management server and some go through the relay. In this case you need (at least) two CIDs: One with an mrinit.conf where both MRP and PR point to the management server and the other (from which the RelayServer and all endpoints that should use it have to update)  where PR points to RelayServer. The location of the CIDs and which SUM maintains them is unimportant but with a SUM on RelayServer it's only reasonable that the "relay CID" is maintened by and on the RelayServer.  

    I hope it is clearer now.

    BTW - while a relay is only meaningful in conjunction with SEC it's not a feature of SEC and thus not (directly) dependant on its version. It's RMS which provides this function, therefore the Applies to in article 14635 is perhaps not ideal (apart from the fact that it's incomplete :smileyhappy:).

    Dunno what happened to the ClientMRInit logs (or the calls to ClientMRInit.exe) though.     

    Christian   

    :56279
Reply
  • 0

    Hello PBJ_Family,

    a SUM (whether on the management server or on some other computer) always creates (and deploys to) the default \\Self\SophosUpdate share. It fetches the updates from either the Sophos Warehouse or the Warehouse maintained and provided by another SUM in the same hierarchy. The Source and Distribution points for a specific SUM are configured in the Update managers view.

    he distribution point on RelayServer [...] should be getting updated from the main server anyway

    A CID's contents are made available to the endpoints by either Windows file services or a Webserver - neither necessitates an additional SUM. 

    A relay doesn't need to be a SUM, a server running a SUM doesn't have to act as a relay. In order to act as a relay a (potential) RelayServer has to update from a CID with an appropriate mrinit.conf (one that "names" RelayServer in ParentRouterAddress). In this case it would expect to find its upstream router at MRParentAddress (MRP). If RMS detects that the local computer matches MRParentAddress it assumes it's running on the management server. If neither matches RMS assumes it's on a "simple" endpoint and uses ParentRouterAddress (PR).

    Normally you'd want that some of the endpoints talk directly to the management server and some go through the relay. In this case you need (at least) two CIDs: One with an mrinit.conf where both MRP and PR point to the management server and the other (from which the RelayServer and all endpoints that should use it have to update)  where PR points to RelayServer. The location of the CIDs and which SUM maintains them is unimportant but with a SUM on RelayServer it's only reasonable that the "relay CID" is maintened by and on the RelayServer.  

    I hope it is clearer now.

    BTW - while a relay is only meaningful in conjunction with SEC it's not a feature of SEC and thus not (directly) dependant on its version. It's RMS which provides this function, therefore the Applies to in article 14635 is perhaps not ideal (apart from the fact that it's incomplete :smileyhappy:).

    Dunno what happened to the ClientMRInit logs (or the calls to ClientMRInit.exe) though.     

    Christian   

    :56279
Children
No Data
Unfiltered HTML