Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 4734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pushing out Sophos

Bengaul

Dear All,

We recently upgraded to the latest Sophos enterprise console, 5.0. Cutting a long story short, we did a reinstall, and tried to push out the AV. Some worked, and some didn't. Contacting support, we were told to delete mrinit.conf for the sophos foilder, and try to install again. This does work, but we have about 550 machines, and going round all the computers that are not updating is a big task. 

Is there a way to push out the client, without having to delete mrinit.conf etc?

Cheers.

:21173


This thread was automatically locked due to age.
  • 0

    Hello Bengaul,

    we recently upgraded to the latest Sophos enterprise console, 5.0

    From what you told I assume this failed (or included a failed migration to a new server) and the server has a new identity - otherwise mrinit.conf or mrinit.conf.orig shouldn't get into the way?

    Are the clients' policies pointing to a still valid CID or is this gone?

    Christian

    :21177
  • 0

    Hi Christian,

    That's correct, the migration did fail. We were using a 2003 R2 server, and after the re-install we used a 2008 server, we kept the server name, so the CID should be the same. Some computers did not update though, and some did.

    Ben.

    :21179
  • 0

    Hello Ben,

    if you kept the server name - did you also keep the certificates?

    Some computers did not update though

    Still trying to find out what state they are in. When eventually upgrading to SEC 5.0, afterwards version 10.0 should have been deployed to the CID and in turn the clients should have upgraded to 10.0. If the certificates are different the clients won't report back to the management server (and probably show an error with RMS - but still they should have upgraded if they were able to download the updates). You then tried re-protecting them (Protect Computers)? Please have a look at this recent post (sorry for the self-advertising) for things to try.

    Christian

    :21181
  • 0

    Hi,

    From what I can gather, this is about migrating from one serve to another, so tweaking it for my scenario, you would recommend  that I create a new CID, and push out the clients again?

    Ben

    :21185
  • 0

    Hello Ben,

    not necessarily (in fact, how would you tell them the new location if RMS is not working?). If the clients do still download from the CID it might only be necessary to re-init RMS to make them talk to the new server. Running the reinit (as per the Migration Guide) requires that the attempt to (and succeed in, I think, as this is a "run after" script) installing SAVXP..

    Christian

    :21187
  • 0

    Looking through the guide, I need to still have the old server up and running to supply reinit.bat. As I don't have the old server, what would be the next course of action?

    Ben

    :21207
  • 0

    HI,

    One possibility... if you can run a VBScript on all the clients to point them at the new server:

    /search?q= 8939

    From the HTA, just select the new cac.pem and mrinit.conf (from the CID/update location will do), generate the vbs file and run it on all clients, maybe as a startup-script.  I'd avdise testing it on a couple of clients first just to check it's all ok?  The clients should become "connected" in the new SEC.

    Hope it helps.

    Regards,

    Jak 

    :21209
  • 0
    Hello Ben,

    the guide describes two "normal" cases - migrate with a new identity and migrate with an old identity. Yours is more or less a mix. As the location of the CID is the same as before (if I understood you correctly) it stands for both the old and the new one. Basically the guide tells you to configure the old CID with the files from the new server. Doing this on your only server should do the trick.

    Christian
    :21211
  • 0

    Hi,

    Thanks to everyone who has taken the time to help. I tried the guide, and had no luck, so in the end, I wrote a batch file that runs at login, and silently installs the client. This seems to have worked.

    Not ideal, but it shoudl get me over the worst.

    Thanks,

    Ben

    :21221