This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PureMessage for Exchange 2013

We have a valid license Sophos PureMessage for Exchange 2013 v4. and downloaded the package from sophos site.
Our environment contains 6 cas+mailbox exchange 2013 servers, server names ex01 till ex06, in domainA.local
We have a SQL server in domainB.local called spm01 and we would like this server to be a central admin console server for PureMessage
There is a 2-way trust between domainA and domainB
Sophos PureMessage for Exchange is installed on 1 cas+mailox exchange 2013 server, servername ex01, in domainA and during the installation i gave up Remote sql server ,servername spm01, in domainB this all succeeded and works.
During this installation i created a new group called "companyX"
On the spm01 server in domainB i installed only the sophos admin console
So what we would like to achieve is to use spm01 server as central admin console server to manage all the 6 cas+mailbox exchange 2013 server

So questions are

1. is scenario above possible, to use a machine in another domain to manage 6 puremessage exchange 2013 server?

2. when i start the admin console on spm01 (in domainB) and choose Another Computer and i enter the ex01.domainA.local the exchange 2013 server and i receive an error "could not connect to master synchronization server ex01" I click OK and console opens but the dashboard shows ex01 as server unavailable. What am i doing wrong?

3. when i start the admin console on ex01 exchange 2013 server i see last updated 'Failed' in the dashboard on the ex01 server. In the sohos endpoint security and control panel in the updating log i see "ERROR: could not find a souce for updated packages". The server has internet access and can browse http. Properties for Sophos Autoupdate show Primary Location Sophos and our username em1234567 and password. Why does update not work?

This thread was automatically locked due to age.

Parents

0 dirkverhagen123 over 9 years ago

Hello Reginald,
First of all thanks for the ansers.
>>We don't always document all unsupported scenarios sorry. Generally a product has system requirements, knowledgebase articles for issues and often related articles documenting the best practice to avoid the issues. For the remote console aspect, the main information in the product is the use of a Global Security group in Active Directory for the Sophos PureMessage Administrators group, which only allows you to add members from the local domain.
I understand but I also don't read it should be a single domain setup in he documentation. So Sophos Endpoint Security and Control does support a two-way trust (https://www.sophos.com/cs-cz/support/knowledgebase/12610.aspx) this would be the same for Puremessage, so why does it not work there?
Then about you comment about the Global group, I also tried to login the Console server in domainA as an admin in domainB (this is possible because two-way trust) and this domainB admin is in the Global group Sophos PureMessage Administration group, still it doesn't work
Furthermore the Sophos PureMessage Administration group is indeed Global but I can convert this to Universal so I can add users from other domain,still it doesn't work.
So I don't get your comment and why it wouldn't work in this scenario cause it can't be because of this Global Group aspect.

>>PureMessage will allow you to enter different domain controller details. The synchronisation with the remote domain may work as the functionality is primarily LDAP, though this will mean that no members of the local domain will be synchronized.
Again, I also tried to login the Console server in domainA as an admin in domainB (this is possible because two-way trust) and this domainB admin is in the Global group Sophos PureMessage Administration group in domain B. Nothing to synchronize here.
Sorry if i'm a bit stubborn but I want to understand :)
Regards,
:57224
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dirkverhagen123 over 9 years ago

Hello Reginald,
First of all thanks for the ansers.
>>We don't always document all unsupported scenarios sorry. Generally a product has system requirements, knowledgebase articles for issues and often related articles documenting the best practice to avoid the issues. For the remote console aspect, the main information in the product is the use of a Global Security group in Active Directory for the Sophos PureMessage Administrators group, which only allows you to add members from the local domain.
I understand but I also don't read it should be a single domain setup in he documentation. So Sophos Endpoint Security and Control does support a two-way trust (https://www.sophos.com/cs-cz/support/knowledgebase/12610.aspx) this would be the same for Puremessage, so why does it not work there?
Then about you comment about the Global group, I also tried to login the Console server in domainA as an admin in domainB (this is possible because two-way trust) and this domainB admin is in the Global group Sophos PureMessage Administration group, still it doesn't work
Furthermore the Sophos PureMessage Administration group is indeed Global but I can convert this to Universal so I can add users from other domain,still it doesn't work.
So I don't get your comment and why it wouldn't work in this scenario cause it can't be because of this Global Group aspect.

>>PureMessage will allow you to enter different domain controller details. The synchronisation with the remote domain may work as the functionality is primarily LDAP, though this will mean that no members of the local domain will be synchronized.
Again, I also tried to login the Console server in domainA as an admin in domainB (this is possible because two-way trust) and this domainB admin is in the Global group Sophos PureMessage Administration group in domain B. Nothing to synchronize here.
Sorry if i'm a bit stubborn but I want to understand :)
Regards,
:57224
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data