Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.0 Upgraded, Unmanaged Users

kiky

Dear All,

I have a problem after ugraded to SEC 5.0 all users (discover Computer by IP or Network) display, My question is :

1. All Client has been updated to 10.0 but grey (Unmanaged) how to configure as Managed?

2. I have try to reinstall 3 client using CIDS from Sophos server and status on the SEC 5.0 is Managed, should i reinstall all Client one by one?

:22203


This thread was automatically locked due to age.
  • 0

    Hi,

    It might be quicker to see what's wrong with the installations as there might be a simple fix, a redeploy shouldn't be required unless they are missing software.

    For an unmanaged client, check:

    1. Sophos Remote Management System  (RMS) is installed.

    2. The Sophos Message Router on an unmanaged machine is pointing at the management server.  In regedit, navigate to;
     HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router \

    Is the 'ParentAddress' value correct?  Same as the now working machine?

    3. If it's pointing at the right location...does the router have certificates?  These are indicated by the presence of the following:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private \pkc

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private \pkp

    If these do exist, you should be able to delete the pkc and pkp value, restart the "Sophos Message Router" service and within a few seconds they should return as the client gets new certificates for the router.  You could test this happens.

    4. I would normally ask about ports being open, but if a re-protect works, I assume they must be but if you wish to check:

    The Server needs TCP 8192 and 8194 open.

    The Client needs TCP 8194 open.

    You should be able to telnet to the server, using the same address in the "parentaddress" key mentioned in point 2 above, i.e.

    telnet [serveraddress] 8192

    This should return a long string.

    THe fact a reprotect works to me suggests that either RMS isn't installed on the clients, which seems unlikely, or it's the inability for the clients to find the server using their current parent address and the reprotect changes that.

    Hope that's something to try.

    Regards,

    Jak



     

    :22205
  • 0

    Hi Jak,

    That's instruction has to do and no effect, Users still grey and unmanaged.

    :22223
  • 0

    I'm not sure from you post quite what happend with the above tests but you could try creating a script to reinitialize RMS on a test client using this tool:

    http://www.sophos.com/support/knowledgebase/article/116737.html

    You should be able to run the tool, select the cac.pem and mrnint.conf file from the Sophos management server, using the update share ones will be fine.  Once you have generated a VBScript, you could run it on one of the clients (as an administrator) that is unmanaged.  The script will stop the services, delete the existing certificates and other parts of the RMS configuration on the client and then run ClientMRInit.exe to force the config back on.  It will then restart the services, this will initiate new certificates.and hopefully it then appears managed.

    If this fixes one of the clients, it would siggest an RMS config problem and you could look to run the script on the others.  Do not run the resultant VBScript on the Sophos Management Server though.  

    Failing that the Router and Agent logs would need to be looked at.

    Jak

    :22235