This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

re-initialize RMS

Hello Sophos guys,

 

I am struggling with a few machines that report certification mismatch in the ReportData.xml.

 

It directs me to article 17266 - reinstall the clients. But is there no other way to re-initialize RMS on the client? 

 

I tried stopping RMS and Sophos Agent services, deleting the Private keys in the registry, deleting machine_id and then restarting the services. But that didn't work. I also tried to uninstall RMS via add-remove programs, then just let AutoUpdate reinstall it. That also didn't help.

 

I am sure I managed to solve this earlier without a complete reinstall. 

 

Any other ideas would be much appreciated.

 

Thank you

Daniel



This thread was automatically locked due to age.
Parents
  • You can use the HTA here: https://community.sophos.com/kb/en-us/116737 to create a VBS to reinit RMS.  

     

    It is designed to re-init a client to point to another management server but it doesn't need to be a different server.

    Regards,

    Jak

  • Yea, I saw this tool, but unfortunately cannot run it in our environment.

    I tried the same manually, but for some reason it doesn't work. I saw that the FixRMS function pretty much does the same - stops the 2 services, deletes reg keys, starts it. I even deleted SAU cache, so cac and mrinit definitely correct from the server. Funny thing is, that when Agent and Router services are up, ClientMrinit.exe says all is ok. 

    Well, cac.pem is definitely not the same in the installed RMS folder than in the cache. Replacing that doesn't work. I wonder where does it get the old certificate back from, when I delete all other versions of cac.pem....

     

    nevermind, I chose to re-install the machine in the end...  Would love to have a powershell script instead of the vbs, I was wondering if anyone created a PS version :)

     

    D.

Reply
  • Yea, I saw this tool, but unfortunately cannot run it in our environment.

    I tried the same manually, but for some reason it doesn't work. I saw that the FixRMS function pretty much does the same - stops the 2 services, deletes reg keys, starts it. I even deleted SAU cache, so cac and mrinit definitely correct from the server. Funny thing is, that when Agent and Router services are up, ClientMrinit.exe says all is ok. 

    Well, cac.pem is definitely not the same in the installed RMS folder than in the cache. Replacing that doesn't work. I wonder where does it get the old certificate back from, when I delete all other versions of cac.pem....

     

    nevermind, I chose to re-install the machine in the end...  Would love to have a powershell script instead of the vbs, I was wondering if anyone created a PS version :)

     

    D.

Children
No Data