Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 4 subscribers
  • Views 14092 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Server install question

SecureIA Ltd

Hi all,

 

This is more of a question/query than anything.

 

Unfortunately one of our Management servers went corrupt a few days ago so I have been in the process of building a new server etc. Now my senior engineers and manager seem to think that because the server names are the same and IP address is the same their shouldn't be a problem with getting all the clients connected back up.

 

I personally seem to think their will be an issue because if I am correct; the RMS is unique to each SEC instillation correct? And also the database is a new database - not a migration, its a fresh install so all the clients will not be on that database for them to connect up with the console? Now I had no problem going on to one machine following the uninstallation process and then reinstalling Sophos from the share folder and it came back up in the console no problem with all the information and saying its fully updated (this took half an hour)

 

While all morning I have been trying to get the same machine connected through the Find a Computer tool using both IP, AD and Network Discovery it always brought the machine up and others but greyed out, further from their I went in to every machine and tried forcing a manual update and restarting all the services Sophos uses to no joy.

 

I think I am answering my own question by saying the best course of action would be to go through each machine individually and uninstall everything and reinstall it all right? If not is there another way to get all the machines with Sophos currently installed in to the console and reporting without any uninstalling bearing in mind restarting the services and forcing manual updates didn't really do a thing, I also tried to change the share details through Auto Update> Config etc. and still nothing.

 

Kind Regards,

James



This thread was automatically locked due to age.
  • 0

    In order for existing clients to talk to a new management server - without RMS issues, you would need to import the "certauthstore" registry from the old server to the new before installing the management server.  This also assumes the new server is resolvable by the clients using the same details in the ParentAddress key on the client (under the Router registry key).

    If it's easier, you could use the tool here:

    https://community.sophos.com/kb/en-us/116737

    This HTA can generate you a VBS file that will essentially re-init the endpoint in-terms of RMS certificates.  This would save the churn/bandwidth of a re-protect.

    That said, if needed, there should be no issue either pushing a re-install to endpoints from SEC (pre-reqs aside, as detailed here: sophos.com/deployment) or getting the client to "pull" an install by running setup.exe either manually or as part of a script with switches.

    I would suggest it would be worth a coule of minutes to generate a re-init VBS file and try that on a couple of clients.

    Regards,

    Jak

  • 0 in reply to jak

    Unfortunately, I dont have access to the old server as unfortunately its corrupted, I have tried to use image files to restore it but nothing its goosed, would the VBS still work?

     

    Kind Regards,

     

    James

  • 0 in reply to SecureIA Ltd

    Yes. The registry import before install would have saved having to re-init RMS on the clients.  The script will do that though.

    Regards,

    Jak

  • 0 in reply to jak

    Right so just confirm then, just so I am confident.

     

    The VBS would work on the clients and reconnect the RMS to the new currently running console? 

     

    Would the VBS script work on both Windows and Linux clients? As we do have a mixture.

     

    Kind Regards,

    James

  • 0 in reply to SecureIA Ltd

    The HTA will generate you a VB Script file.  The script will only work on Windows clients.

    I would suggest generating the VBS script and run it (as admin) on a couple of computer to ensure they appear connected back in SEC before wider deployment.

    Regards,

    Jak

  • 0 in reply to jak

    This did work, thank you for the information Jak.

     

    Is there anything to repoint Linux clients? Or would just a reinstall do? Or a full uninstall and then reinstall from the share folder?

     

    Kind Regards,

    James 

  • 0 in reply to SecureIA Ltd

    Glad that helped get some moved over. 

    I've not tried moving Linux endpoints but maybe the info here is helpful:

    https://community.sophos.com/kb/en-us/118533

    Regards,

    Jak

  • 0 in reply to SecureIA Ltd

    Hello James,

    mrinit.custom is for use in an existing environment to adapt the endpoints either to topology changes or a new but same-identity server. AFAIK in your case just a reinstall should do.

    Christian

  • 0 in reply to QC

    Cheers I have created this file, so I will give it a shot with a few reinstalls and hope for the best.

     

    I'm no professional on Linux either so this should be fun; in any case if this fails. Uninstalling and installing a new copy would be fine I guess but would https://community.sophos.com/kb/en-us/118283 the deployment that I could create myself work on any Linux distribution?

     

    Thanks for all the help so far guys, you have been awesome to a new up and comer with Sophos its a really fun journey trying to tackle and learn this AV. :)

    Kind Regards,

    James

  • 0 in reply to SecureIA Ltd

    Hello James,

    the package built with mkinstpkg should work with "any" distribution.

    Christian

Unfiltered HTML