Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Questions regarding the Relay Message Computer(s)

toddh

Hi,

I have been reading about Relay Message Computers.

I have some questions about it as I didn't fully understand everything.

When you are creating your new distibution location, is this location a location on the SEC? Or is this location on the intended Relay Message Computer/Server?

Does the Relay Message Computer need to be in the list of Update Managers? And if it does, I would assume we would create our new distrubution point on this Update Manager. From what I understand, the Relay Message Computer should not be listed as a Update Manager.

When you create your new update policy, do you point directly at the new distribution point under the "Address" field? On our current SEC we have S000 through to S005, but under the update policy we just have \\<servername>\SophosUpdate. Based on what you subscribe to the server knows which folder to push the updates from. How does this work for the Relay Message Computer?

Sorry if these questions aren't clear. I'm just trying to get a better understanding of how this is supposed to work.

Thank you

:36749


This thread was automatically locked due to age.
  • 0

    Hi,

    You essentially need a CID (\\[Server1]\SophosUpdate\CIDs\Sxxx\[package name]) that the relay computer and client computers (you intend to message via the relay) update from.  There are a few different ways of doing it which I suppose leads to confusion.

    You don't have to make the relay a SUM server but it probably makes some sense.  To do so:

    Install an additional SUM on the "relay" computer.  You can run the setup.exe from the SUM install share on the SEC server to do this.  The SUM becomes managed in SEC.  Subscribe it to the necessary subscriptions etc and wait for it to create the local CIDs.

    Then you go into the local CIDs on the relay, e.g. SAVSCFXP, copying the mrinit.conf in the root of the CID into the rms sub directory.  It's a copy rather than a move.

    You edit this new ...\SAVSCFXP\rms\mrinit.conf" file to replace the original  IP, FQDN, NetBIOS name with the IP, FQDN and NetBIOS name of the relay computer but you only do this for the ParentRouterAddress line not both entries that references the addresses.  You then run configcid against the CID to add the custom mrinit.conf to the cidsync.upd file.

    To do so, from the SEC Server run:

    Configcid.exe \\[newsumaddress]\sophosupdate\CIDS\Sxxx\SAVSCFXP\

    (ConfigCID is in \program files\sophos\Update manager\)

    You can see it mention mrinit.conf has been added to the checksum.

    Then run setup.exe from this CID on the relay computer to install SAV on the computer, when it gets to the RMS package it will detect that this is to be the relay and configure it accordingly.  I.e. Changes registry keys as mentioned at the bottom of http://www.sophos.com/en-us/support/knowledgebase/14635.aspx.  I.e the connectioncache value will have increased from the 10 that a client is configured to be.

    The computers in SEC should be in a group which has the updating policy set to this CID/subscription combination.

    All clients that you expect to message through this relay should then be bootstrapped from the same CID.  They could be configured to update from a different location configured the same way but it's unlikely you will want to do that.  All the clients would be in a group which links to an updating policy that references this same CID as the relay.

    Regards,

    Jak

    :36757
  • 0

    Hey jak,

    thanks for your reply.

    I think the route of creating the second SUM is the route we are going to take.

    When we are installing the second SUM it asks for an SQL database. Should we be connecting back to the Sophos instance on the primary SEC server? Or should we create a new local instance?

    When you say "you can run the setup.exe from the SUM install share on the SEC..." do you mean the setup.exe contained under

    \\[Server1]\SophosUpdate\CIDs\Sxxx\[package name] ? Or a different setup.exe? I ran this just as a test but it only has options to install the Anti-Virus itself.

    I think after that I understand the rest of your instructions.

    thank you 

    :36759
  • 0

    Hi,

    You only need to install SUM not SEC I would think.

    http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_51_asgeng.pdf

    Section 7.6

    SUMInstallSet share should be shared on the SEC server, so on the new relay/SUM server you can run setup.exe from that share to install just an additional SUM.

    Regards,

    Jak

    :36761
  • 0

    Hi jak,

    I did eventually find that folder thank you.

    I have never noticed that folder before! Sorry about that!

    When we do the installation of the additonal sum it asked for an account for the SophosUpdateMgr.

    In the documentation of adding an addtional sum it says to leave everything as default. Do we need to change this 

    account to a domain account to have it work correctly?

    The second SUM showed up in the SEC but when we try and access it it errors out.

    Thank you

    :36763
  • 0

    Hi,

    So I was reading the documentation a little more closely and discovered that you

    use a domain account to do the installation. The domain accounts they suggested were

    created and during the installation I used the appropriate account.

    Everything seems to be working good now.

    We just need to finish up the editing of the mrinit.conf file and then check the registry

    keys to make sure that when the relay computer is protected, that it acts as a relay.

    Thanks for the help.

    Will report back when it is fully up and running.

    Cheers

    :36823
  • 0

    Hi,

    So the relay is up and running.

    I have noticed a weird behavior on the SEC though.

    Almost all of the machines going through the Relay all report an "Up to date" of "Not since..." and they all show the same time.

    So lets say for instance "Not since 1/18/2013 6:23:22 AM"

    They all seem to report this same message, and it happens quite frequent.

    I haven't seen it clear itself yet either.

    In the past, I have noticed that usually first thing in the morning the Protection view will fill with machines as users turn on their PC's. But as the morning goes on these machines slowly start to disappear themselves, I presume because they have contacted the SEC to let it know they are now up to date.

    Could this be due to some delay between the messages being sent from the Relay to the SEC?

    Thank you

    :37055