Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.0 Upgraded, Unmanaged Users

kiky

Dear All,

I have a problem after ugraded to SEC 5.0 all users (discover Computer by IP or Network) display, My question is :

1. All Client has been updated to 10.0 but grey (Unmanaged) how to configure as Managed?

2. I have try to reinstall 3 client using CIDS from Sophos server and status on the SEC 5.0 is Managed, should i reinstall all Client one by one?

:22203


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    It might be quicker to see what's wrong with the installations as there might be a simple fix, a redeploy shouldn't be required unless they are missing software.

    For an unmanaged client, check:

    1. Sophos Remote Management System  (RMS) is installed.

    2. The Sophos Message Router on an unmanaged machine is pointing at the management server.  In regedit, navigate to;
     HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router \

    Is the 'ParentAddress' value correct?  Same as the now working machine?

    3. If it's pointing at the right location...does the router have certificates?  These are indicated by the presence of the following:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private \pkc

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private \pkp

    If these do exist, you should be able to delete the pkc and pkp value, restart the "Sophos Message Router" service and within a few seconds they should return as the client gets new certificates for the router.  You could test this happens.

    4. I would normally ask about ports being open, but if a re-protect works, I assume they must be but if you wish to check:

    The Server needs TCP 8192 and 8194 open.

    The Client needs TCP 8194 open.

    You should be able to telnet to the server, using the same address in the "parentaddress" key mentioned in point 2 above, i.e.

    telnet [serveraddress] 8192

    This should return a long string.

    THe fact a reprotect works to me suggests that either RMS isn't installed on the clients, which seems unlikely, or it's the inability for the clients to find the server using their current parent address and the reprotect changes that.

    Hope that's something to try.

    Regards,

    Jak



     

    :22205
Reply
  • 0

    Hi,

    It might be quicker to see what's wrong with the installations as there might be a simple fix, a redeploy shouldn't be required unless they are missing software.

    For an unmanaged client, check:

    1. Sophos Remote Management System  (RMS) is installed.

    2. The Sophos Message Router on an unmanaged machine is pointing at the management server.  In regedit, navigate to;
     HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router \

    Is the 'ParentAddress' value correct?  Same as the now working machine?

    3. If it's pointing at the right location...does the router have certificates?  These are indicated by the presence of the following:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private \pkc

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private \pkp

    If these do exist, you should be able to delete the pkc and pkp value, restart the "Sophos Message Router" service and within a few seconds they should return as the client gets new certificates for the router.  You could test this happens.

    4. I would normally ask about ports being open, but if a re-protect works, I assume they must be but if you wish to check:

    The Server needs TCP 8192 and 8194 open.

    The Client needs TCP 8194 open.

    You should be able to telnet to the server, using the same address in the "parentaddress" key mentioned in point 2 above, i.e.

    telnet [serveraddress] 8192

    This should return a long string.

    THe fact a reprotect works to me suggests that either RMS isn't installed on the clients, which seems unlikely, or it's the inability for the clients to find the server using their current parent address and the reprotect changes that.

    Hope that's something to try.

    Regards,

    Jak



     

    :22205
Children
No Data