Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1535 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

best migration route to 4.5 on new tin

kjhoskin

Currently running em3.5 and NAC 3.1 on a, getting long in the tooth, w2k3 box.  Would like to replace it with new tin (actually a VM running w2k8 on a new box)  Whats the best way forward for this?

Looking at the guides I get the impression that it'll be an in place upgrade from 3.5 to 4 and then 4.5 and then migrate to a new box which is a bit of a ball ache.  We're only running with around 250 clients so would it actually be quicker to just start afresh with a new install of 4.5?  I can see the problem being NAC (we have around 100 or more Linux boxes all of which have defined MAC exclusions) so that might be a pain and sorting out the client various policies we have as we run HIPS and Application control. 

So I was thinking of installing 4.5 on the new VM leaving 3.5 and NAC 3.1 in place and running on the old box.  Configuring 4.5 and moving our servers and win7 boxes over to it to install 9.5 (win7 boxes aren't running NAC)  I can then turn off the DHCP agents so that NAC doesn't do anything and install NAC on the new box and configure that, but I'm going to have to do some manual messing around with the NAC rules and MAC exclusions.

Comments?

:3786


This thread was automatically locked due to age.
Parents
  • 0

    and I also get the following in the servers app log when any client tries to report back

    Log Name:      Application
    Source:        Sophos NAC
    Date:          16/07/2010 11:11:10
    Event ID:      1002
    Task Category: 3
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      Printserver.npm.ac.uk
    Description:
    PID 2912 : TID 4
    Failed to report client global data.  Exception information is included for additional evidence.
    -- Sophos NAC Exception Details --
    Source Message: Queue Does not Exist
    Source: QueueComponents
    Source Timestamp: 16/07/2010 11:11:10
    Source Machine: PRINTSERVER
    Source Exception Type: Sophos.NAC.Core.ExceptionManagement.EndForceException
    Source: QueueComponents
    Target: Void set_QueuePath(System.String)
    Source App Domain: /LM/W3SVC/1/ROOT/ReportInterface-1-129237483950459562
    Source Thread Id: 4
    Source Thread Identity:
    Source Win Identity: NPM\admin_em45
    Help Link:
    Source Stack Trace:

    --Runtime Evidence--
    Queue Path: .\Private$\SophosNAC_Report
    -- Evidence At Publish --
    Agent Bias: 4294967236
    Agent Date: 16/07/2010 11:11:09
      -- Structured Evidence --(Agent Info)
      strAgentId: 8BA0DB9B8FC540A88EFB02250057E6EB
      strUsername: 8BA0DB9B8FC540A88EFB02250057E6EB
      strAgentType: persistent
      strAgentVersion: 3.5.306.0
      strOSDescription: Win7 ver:6.1.7600 sp:0.0 arch:x86Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Sophos NAC" />
        <EventID Qualifiers="0">1002</EventID>
        <Level>2</Level>
        <Task>3</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-07-16T10:11:10.000Z" />
        <EventRecordID>747</EventRecordID>
        <Channel>Application</Channel>
        <Computer>Printserver.npm.ac.uk</Computer>
        <Security />
      </System>
      <EventData>
        <Data>PID 2912 : TID 4
    Failed to report client global data.  Exception information is included for additional evidence.
    -- Sophos NAC Exception Details --
    Source Message: Queue Does not Exist
    Source: QueueComponents
    Source Timestamp: 16/07/2010 11:11:10
    Source Machine: PRINTSERVER
    Source Exception Type: Sophos.NAC.Core.ExceptionManagement.EndForceException
    Source: QueueComponents
    Target: Void set_QueuePath(System.String)
    Source App Domain: /LM/W3SVC/1/ROOT/ReportInterface-1-129237483950459562
    Source Thread Id: 4
    Source Thread Identity:
    Source Win Identity: NPM\admin_em45
    Help Link:
    Source Stack Trace:

    --Runtime Evidence--
    Queue Path: .\Private$\SophosNAC_Report
    -- Evidence At Publish --
    Agent Bias: 4294967236
    Agent Date: 16/07/2010 11:11:09
      -- Structured Evidence --(Agent Info)
      strAgentId: 8BA0DB9B8FC540A88EFB02250057E6EB
      strUsername: 8BA0DB9B8FC540A88EFB02250057E6EB
      strAgentType: persistent
      strAgentVersion: 3.5.306.0
      strOSDescription: Win7 ver:6.1.7600 sp:0.0 arch:x86
    </Data>
      </EventData>
    </Event>

    :3934
Reply
  • 0

    and I also get the following in the servers app log when any client tries to report back

    Log Name:      Application
    Source:        Sophos NAC
    Date:          16/07/2010 11:11:10
    Event ID:      1002
    Task Category: 3
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      Printserver.npm.ac.uk
    Description:
    PID 2912 : TID 4
    Failed to report client global data.  Exception information is included for additional evidence.
    -- Sophos NAC Exception Details --
    Source Message: Queue Does not Exist
    Source: QueueComponents
    Source Timestamp: 16/07/2010 11:11:10
    Source Machine: PRINTSERVER
    Source Exception Type: Sophos.NAC.Core.ExceptionManagement.EndForceException
    Source: QueueComponents
    Target: Void set_QueuePath(System.String)
    Source App Domain: /LM/W3SVC/1/ROOT/ReportInterface-1-129237483950459562
    Source Thread Id: 4
    Source Thread Identity:
    Source Win Identity: NPM\admin_em45
    Help Link:
    Source Stack Trace:

    --Runtime Evidence--
    Queue Path: .\Private$\SophosNAC_Report
    -- Evidence At Publish --
    Agent Bias: 4294967236
    Agent Date: 16/07/2010 11:11:09
      -- Structured Evidence --(Agent Info)
      strAgentId: 8BA0DB9B8FC540A88EFB02250057E6EB
      strUsername: 8BA0DB9B8FC540A88EFB02250057E6EB
      strAgentType: persistent
      strAgentVersion: 3.5.306.0
      strOSDescription: Win7 ver:6.1.7600 sp:0.0 arch:x86Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Sophos NAC" />
        <EventID Qualifiers="0">1002</EventID>
        <Level>2</Level>
        <Task>3</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-07-16T10:11:10.000Z" />
        <EventRecordID>747</EventRecordID>
        <Channel>Application</Channel>
        <Computer>Printserver.npm.ac.uk</Computer>
        <Security />
      </System>
      <EventData>
        <Data>PID 2912 : TID 4
    Failed to report client global data.  Exception information is included for additional evidence.
    -- Sophos NAC Exception Details --
    Source Message: Queue Does not Exist
    Source: QueueComponents
    Source Timestamp: 16/07/2010 11:11:10
    Source Machine: PRINTSERVER
    Source Exception Type: Sophos.NAC.Core.ExceptionManagement.EndForceException
    Source: QueueComponents
    Target: Void set_QueuePath(System.String)
    Source App Domain: /LM/W3SVC/1/ROOT/ReportInterface-1-129237483950459562
    Source Thread Id: 4
    Source Thread Identity:
    Source Win Identity: NPM\admin_em45
    Help Link:
    Source Stack Trace:

    --Runtime Evidence--
    Queue Path: .\Private$\SophosNAC_Report
    -- Evidence At Publish --
    Agent Bias: 4294967236
    Agent Date: 16/07/2010 11:11:09
      -- Structured Evidence --(Agent Info)
      strAgentId: 8BA0DB9B8FC540A88EFB02250057E6EB
      strUsername: 8BA0DB9B8FC540A88EFB02250057E6EB
      strAgentType: persistent
      strAgentVersion: 3.5.306.0
      strOSDescription: Win7 ver:6.1.7600 sp:0.0 arch:x86
    </Data>
      </EventData>
    </Event>

    :3934
Children
No Data