Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Subscribers 4 subscribers
  • Views 13349 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migration SEC from Server 2008R2 to Server 2016

Klaussophos

Hi community,

I have to migrate my SEC from Server 2008R2 to Server 2016 without changing the database, because the database is on an other database server. So the Sophos documentation for migration is not equal for my case. In chapter 6.3 "save data, registration and secure store" there is written to make a backup with databackuprestore.exe -action=backup . I can't do this, because the database is on a separte database server. How can I do the steps, there a written in this chapter und restore it on the new server? I have done the migration without saving the data and the SEC is starting on Server 2016, but I can´t do anything, because SEC is doing nothing. I can´t minimize the window, at the task manager there 0 % CPU for SEC. 

Can someday explain me the migration to Server 2016 without any changes on the database server?

Klaussophos



This thread was automatically locked due to age.
Parents
  • 0

    Hello Klaussophos,

    How can I do the steps, there a written in this chapter und restore it on the new server
    DataBackupRestore.exe has an -ExcludeDB switch that lets you back up everything except the database (you should nevertheless take a backup of the databases). You'd then skip Chapter 7 and steps 3. and 4. in Chapter 8 of the Migration Guide. Specify the existing SQL DB instance and the necessary credentials in Ch.9, step 3.c.

    Christian

  • 0 in reply to QC

    Hello Christian,

    thanks for your help. Everything went fine, except that the path names was different on my system. After installing backup and starting databackuprestore -action=restore -datastoretype=SecureStore, everything was o.k. I start the sophos services SEC and I see the Console, but the Console ist not replying. I can´t do nothing, so step 12 configuration the new Update Manager is impossible to start. What´s wrong with my installation? Can you help me?

    Klaussophos

  • 0 in reply to QC

    Hello Christian,

    exactly, I see everything (all endpoinsts), but the console is completely unresponsive. 

    Klaussophos

  • +1 in reply to Klaussophos

    Hello Klaussophos,

    there seems to be some inconsistency. This looks similar to an old migration problem.

    One course of action is to contact Support, have them look into, and they should be able to come up with a solution.
    Another way - if you have a backup of the database right before migration - is to stop all Sophos services, restore the database, then start the services. This might solve the problem.

    Guess there are two rows in the SDDMServers table - though I don't suggest hacking the database on your own.

    Christian

  • 0 in reply to QC

    Hello Christian,

    sorry for the delay. I tried the solution of your link  and this solved the problem. We deleted in table SDDMServers the old server. We have now access to the SEC on the new server. Update Service is o.k. and now  we want to configure our 400 clients with the description of sophos kb . We build the sophosReInit.vbs file and try it on two clients, but nothing happend, the old server is the update server. Than we tried manually update with the setup.exe in the release path \\newserver\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe. We got an error message like this: can´t copy cac.pem into C:\program files\sophos\remote management system, we can do this with the old server. Yes we did this with Admistrator rights. We had this problem on old clients (where they have sophos antivirus client) and on new clients, where they have no installation of Sophos Antivirus. Now we are in trouble, because no client got updates. Do you have an idea, what is the problem?

    Klaussophos

  • 0 in reply to Klaussophos

    What's in the re-init log file under \windows\temp\ after running the generated VBScript?  I wonder if Tamper Protection (specifically the sophosed.sys driver which is part of Endpoint Defesne) is blocking the copy.  Is it enabled?

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\
    SedEnabled = 1

    Regards,

    Jak

  • 0 in reply to Klaussophos

    Hello Klaussophos,

    67456 (the article from your second link) isn't about endpoint configuration.
    SophosReInit.vbs, if built correctly, should make the endpoints talk to the new server. nothing happend - did you check the logs? Which parent is listed in the Network Communications Report?

    an error message like [...] this problem [...] on new clients
    like is in most cases not of much help when it comes to error messages. The exact message (which perhaps contains an error code as well) or ideally the complete log would be preferable.

    Christian

  • 0 in reply to QC

    Hi Christian and jak,

    my key is the following:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config\
    SedEnabled = 0

     

    The log file from sophosreinit is:

    20.06.2018 12:06:58 INFO: Starting Script
    20.06.2018 12:06:58 INFO: Options:
    20.06.2018 12:06:58 INFO: blnForceRMSRun : Falsch
    20.06.2018 12:06:58 INFO: blnForcePatchRun : Wahr
    20.06.2018 12:06:58 INFO: blnReconfigurePatch : Falsch
    20.06.2018 12:06:58 INFO: blnReconfigureRMS : Wahr
    20.06.2018 12:06:58 INFO: strSECGroupPathOut :
    20.06.2018 12:06:58 INFO: intPauseForServiceInSeconds : 10
    20.06.2018 12:06:58 INFO: blnWriteCacToSAUCache : Wahr
    20.06.2018 12:06:58 INFO: strLogPath : C:\windows\temp\SophosReInit.txt
    20.06.2018 12:06:58 INFO: strReInitLog : C:\windows\temp
    20.06.2018 12:06:58 INFO: strManagementServerPort :
    20.06.2018 12:06:58 INFO: strManagementServer :
    20.06.2018 12:06:58 INFO: --> Is64()
    20.06.2018 12:06:58 INFO: Platform is 64-Bit
    20.06.2018 12:06:58 INFO: <-- Is64()
    20.06.2018 12:06:58 INFO: --> MarkerFound()
    20.06.2018 12:06:58 INFO: Script not already run.
    20.06.2018 12:06:58 INFO: <-- MarkerFound()
    20.06.2018 12:06:58 INFO: --> ServerClassRouter()
    20.06.2018 12:06:58 INFO: Router is a client, ok to run
    20.06.2018 12:06:58 INFO: <-- ServerClassRouter()
    20.06.2018 12:06:58 INFO: Running Patch in force mode
    20.06.2018 12:06:58 INFO: --> FixRMS()
    20.06.2018 12:06:58 INFO: --> GetRMSPath()
    20.06.2018 12:06:58 INFO: RMS Path is C:\Program Files (x86)\Sophos\Remote Management System\
    20.06.2018 12:06:58 INFO: <-- GetRMSPath()
    20.06.2018 12:06:58 INFO: --> CreateFile()
    20.06.2018 12:06:58 INFO: --> Creating file cac.pem in C:\Program Files (x86)\Sophos\Remote Management System\
    20.06.2018 12:06:58 INFO: <-- CreateFile()
    20.06.2018 12:06:58 INFO: --> CreateFile()
    20.06.2018 12:06:58 INFO: --> Creating file mrinit.conf in C:\Program Files (x86)\Sophos\Remote Management System\
    20.06.2018 12:06:58 INFO: <-- CreateFile()
    20.06.2018 12:06:58 INFO: --> DeleteOrig()
    20.06.2018 12:06:58 INFO: C:\Program Files (x86)\Sophos\Remote Management System\mrinit.conf.orig does not exist, carrying on.
    20.06.2018 12:06:58 INFO: <-- DeleteOrig()
    20.06.2018 12:06:58 INFO: --> DeleteCacInSAUCache()
    20.06.2018 12:06:58 INFO: --> GetSAUCache()
    20.06.2018 12:06:58 INFO: SAU 'Cache' directory is C:\ProgramData\Sophos\AutoUpdate\
    20.06.2018 12:06:58 INFO: <-- GetSAUCache()
    20.06.2018 12:06:58 INFO: C:\ProgramData\Sophos\AutoUpdate\\Cache\cac.pem exists. Will delete...
    20.06.2018 12:06:58 INFO: Writing cac.pem to SAU cache...
    20.06.2018 12:06:58 INFO: --> CreateFile()
    20.06.2018 12:06:58 INFO: --> Creating file cac.pem in C:\ProgramData\Sophos\AutoUpdate\\Cache
    20.06.2018 12:06:58 INFO: <-- CreateFile()
    20.06.2018 12:06:58 INFO: <-- DeleteCacInSAUCache()
    20.06.2018 12:06:58 INFO: --> StopService()
    20.06.2018 12:07:09 INFO: Return code for stopping service: Sophos Agent : 0
    20.06.2018 12:07:09 INFO: <-- StopService()
    20.06.2018 12:07:09 INFO: --> StopService()
    20.06.2018 12:07:19 INFO: Return code for stopping service: Sophos Message Router : 0
    20.06.2018 12:07:19 INFO: <-- StopService()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\cac
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\CertificationIdentityKeys\CertificationIdentityKey
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private\pkc
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private\pkp
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\CertificationIdentityKeys\ManagedApplication
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\CertificationIdentityKey
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\pkc
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> DeleteKey()
    20.06.2018 12:07:19 INFO: Attempting to delete key: .\-2147483646\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\pkp
    20.06.2018 12:07:19 INFO: Deleted Key: 0
    20.06.2018 12:07:19 INFO: <-- DeleteKey()
    20.06.2018 12:07:19 INFO: --> RunClientMRInit()
    20.06.2018 12:07:19 INFO: Running command: C:\Program Files (x86)\Sophos\Remote Management System\ClientMRInit.exe
    20.06.2018 12:07:19 INFO: C:\Program Files (x86)\Sophos\Remote Management System\ClientMRInit.exe -logpath C:\windows\temp -filepath "C:\Program Files (x86)\Sophos\Remote Management System\" Completed OK. Exit code 0
    20.06.2018 12:07:19 INFO: --> RunClientMRInit()
    20.06.2018 12:07:19 INFO: --> CreateMarker()
    20.06.2018 12:07:19 INFO: Created marker key (ReInitRMSMarker).
    20.06.2018 12:07:19 INFO: <-- CreateMarker()
    20.06.2018 12:07:19 INFO: --> StartService()
    20.06.2018 12:07:20 INFO: Return code for starting service: Sophos Message Router : 0
    20.06.2018 12:07:20 INFO: <-- StartService()
    20.06.2018 12:07:20 INFO: --> StartService()
    20.06.2018 12:07:20 INFO: Return code for starting service: Sophos Agent : 0
    20.06.2018 12:07:20 INFO: <-- StartService()
    20.06.2018 12:07:20 INFO: <-- FixRMS()
    20.06.2018 12:07:20 INFO: Ending script
    20.06.2018 12:07:20 INFO: --> CloseLog() - No function exit logged

     

    In the Network Communications Report there is the following content:

    <?xml version='1.0' encoding='UTF-16' ?>
    <?xml-stylesheet type='text/xsl' href='transform.xslt' ?>
    <RMS_status_report>
    <string msg='explanation' />
    <sections>
    <section name='DNS'>
    <string msg='OK' />
    </section>

    <!-- And another -->
    <section name='Certification'>
    <string msg='OK' />
    </section>

    <!-- And another -->
    <section name='Incoming'>
    <string msg='OK' />
    </section>

    <!-- And another -->
    <section name='Outgoing'>
    <alert><problem>
    <string msg='outgoing_comm_error' />
    </problem>
    <summary>
    <string msg='communication_failure' />
    </summary>
    <cause>
    <string msg='communication_failure_cause' />
    </cause>
    <action>
    <string msg='communication_fix' />
    </action>
    <more_info>
    outgiong_KB_number
    </more_info>
    </alert>
    </section>

    <!-- And another -->
    </sections>
    <computer_data>
    <language>
    de_DE
    </language>
    <local_time>
    Mittwoch, 20. Juni 2018 12:19:04
    </local_time>
    <GMT>
    Mittwoch, 20. Juni 2018 10:19:04
    </GMT>
    <computer_name>
    SNR9LLYNN
    </computer_name>
    <domain>
    domainname
    </domain>
    <router_name>
    <string msg='not_available' />
    </router_name>
    <IOR_port>8192</IOR_port>
    <SSLIOP_port><string msg='not_available' /></SSLIOP_port>
    <parent_addresses>
    newserver.domain.local,newserver
    </parent_addresses>
    <actual_parent>
    <string msg='not_available' />
    </actual_parent>
    <router_type>
    endpoint
    </router_type>
    </computer_data>
    </RMS_status_report>

     

    What is the IOR_port 8192? During building the sophosreinit.vbs we take port 80. Should we take port 8192 for that?

     

    Klaussophos 

  • 0 in reply to Klaussophos

    Hello Klaussophos,

    the IOR_port is correct, endpoints communicate over ports 8192 and 8194, i.e. the must be able to connect to these two ports on the server. It looks like they can't - are these ports open on the new server, is there perhaps a network firewall that blocks these two ports?

    The failed communication should be logged in the Router log (%ProgramData%\Sophos\Remote Management System\3\Router\Logs).

    Christian

  • 0 in reply to QC

    Hi Christian,

    we opened on the windows firewall these both ports, but the result is the same. 

    We installed with setup.exe on one client the software again und we got the following router.log:

    20.06.2018 15:56:38 09D0 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20180620-135638.log
    20.06.2018 15:56:38 09D0 I Sophos Messaging Router 4.1.1.127 starting...
    20.06.2018 15:56:38 09D0 I Setting ACE_FD_SETSIZE to 138
    20.06.2018 15:56:38 09D0 I Initializing CORBA...
    20.06.2018 15:56:38 09D0 I Connection cache limit is 10
    20.06.2018 15:56:39 09D0 E Router::Start: Caught CAccessFailureException:CACertificate not found
    20.06.2018 15:56:39 09D0 I Restarting...

    It seems there is problem with a CACertificate. Can we solve the problem or should we go back to the old server?

    Klaussophos

  • 0 in reply to Klaussophos

    Hello Klaussophos,

    perhaps turning on verbose logging for the Sophos Message Router will give some detail for the not found.
    RMS is apparently installed, please check the ClientMRInit-2018.....log in %windir%\Temp\. Is the cac.pem in%ProgramFiles(x86)%\Sophos\Remote Management System\? You said the copy failed - not sure where this is logged, might be the Sophos ES setup.log in your user's (the user who ran setup.exe) %temp% directory.

    Christian

  • 0 in reply to QC

    Hello Christian,

    sorry for late reply. After the next day the problem was away (I don´t know why?), we had access to SEC and now we are updating the clients to the new sophos Server.

    Thanks for your help.

    Klaussophos

Reply Children
No Data
Unfiltered HTML