Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1299 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server Loss - Client Migration

Soft-Sell

Hi Guys,

Long time listener, first time caller.

I've just suffered a server loss, two HDD failed out of 3 disk raid5.  Not the end of the world as data was backed up.  Server has been re-built, ADS etc etc.  I have installed Sophos Enterprise 5.0 and want to see if I can save myself some work.  Obviously my clients can't see the new server (although it has the same IP it doesn't have the same name, I didn't rebuild it, don't ask...).  I have found steps to change the local reg key for the router path to the new name but the one thing I don't have is the original Certification Manager as the server is now gone.  Are there any methods to side step this or am I stuck with going to each machine and running the install to the new server (I've tried to push to clients from console, doesn't work on my Win7 clients)

Thanks.

:24809


This thread was automatically locked due to age.
  • 0
    Hello Soft-Sell,

    if no registry backup is available there is no way to rebuild the original identity. Can the clients "find" the update location? It likely contains the old name - is it possible to create an alias? Also have a look at http://www.sophos.com/en-us/support/knowledgebase/116737.aspx - guess this is how you could do it.

    Christian
    :24823
  • 0

    Hi,

    Ideally you would have the cert keys under:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Certification Manager\CertAuthStore

    so you could import that before running a new install.  

    Maybe you have run a Sophos Diagnose in the past, that would have this data, even if you need to ask Support if they have it still?  Have you ever run DataBackupRestore.exe?

    If you could do this, this would ensure that the same certs are in use as before and as long as the clients can still address the server, they will carry on communicating fine.

    If the old server had a static IP and that has remained the same, I would expect all clients to reference the new computer ok (at least for RMS) as they point to it primarily by IP address.  The key:
     HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router \ParentAddress on the clients will prove this.

    So although the address of the old server is in the list, it will never fail over to it as the IP address will always connect.  Once you have RMS working you could push out an updated updating polciy to point them by name to the new address.

    The article Christian points to will re-init clients from a Patch and RMS point of view such they will talk to any server as long as you provide the cac.pem and mrinit.conf from the new server.  So maybe you can deploy the resultant script easily?

    It's really what is easier/quicker:

    1. Try and get the original certs back, which will require an uninstall and reinstall

    2. Re-protect machines and/or use the script in the article to reinitialise them.

    EDIT: When you say it doesn't work on the Windows 7 machines, what fails?  The failure to create the scheduled task to start setup.exe or the RMS re-init?  If it's the re-init as part of the RMS reinistall, then the log file: ClientMrInit.log file (which is also timestamped) in \windows\temp\ might shed some light.

    Regards,

    Jak

    :24831