Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 10158 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protected computers still showing as greyed out in Enterprise console

SN

Hi

I'm having a problem where by computers i have protected through the enterprise console are not showing as protected even though the sophos client installed correctly and updates without problems.

Basically the same computers were protected and showed fine when installed with win XP.  I have recently upgraded all the desktops to Win 7 and protected them from console but they do not show as protected. 

On some of the computers i had to manually run the sophos install from task scheduler.  The machines have the same SID from when they had XP installed and Sophos is gathering information from AD.  Server is domain controller running win 2k8 R2 SP 1 and enterprise console 4.5.

I would really appreciate some help on this.   Thanks

:12209


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    So the machine was managed fine in SEC as XP, it was upgraded to Windows 7 and it stll has the same computername?


    The computer record must still exist in SEC for the machine, are you saying that the details for the record are those of the old XP machine and haven't been updated to reflect the now Win 7 machine details, e.g. OS, SAV details, etc?

    Asa quick check that will not cause any problems on one of the clients try the following:

    1. Stop the Sophos Message Router service


    2. Stop the Sophos Management Agent service

    3. Open Regedit and navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\ParentAddress
    Does the parent address value reflect the management server ok?
    I was thinking that maybe the mrinit.conf file where the machine was reprotected from could have been incorrect.

    If so leave as is.
    4.  Still in Regedit, navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private 
    and delete the pkc and pkp values.

    5. Also delete the pkc and pkp value under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private

    These values are the certificates of the router and agent.  

    Note: If they don't already exist that is your problem.

    6.Ensure that port 8194 TCP incoming is open on the client firewall.  If you're using Sophos Client Firewall that will automatically let through the traffic.

    7.  Ensure that on the management server the services:
    Sophos Message Router
    Sophos Certification Manager 
    Sophos Management Service
    are started, also ensure all other service of Sophos are running but those above are most significant.

    8. On the client start the Sophos Message Router Service.
    Within a couple of seconds you should see the pkc and pkp value return under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private 

    This is evidence the router has obtained its certificate. 

    9. Still on the client, once the router has its certificate start the Sophos Management Agent Service.
    In a few seconds, you should see the pkc and pkp values return under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private

    This is the agent getting its certificate.  At this point the client should be able to message the server and should then send a status message.

    Does that help, if not which stages did or didn't work?

    If you're still not getting information about the products, I.e. SAV, SCF, AutoUpdate, on the client, check the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Adapters
    under this key there should be a key for each product, and within it a path to the dll that talks to each component on behalf of the Sophos Agent service.

    Regards,

    Jak

    :12215
Reply
  • 0

    HI,

    So the machine was managed fine in SEC as XP, it was upgraded to Windows 7 and it stll has the same computername?


    The computer record must still exist in SEC for the machine, are you saying that the details for the record are those of the old XP machine and haven't been updated to reflect the now Win 7 machine details, e.g. OS, SAV details, etc?

    Asa quick check that will not cause any problems on one of the clients try the following:

    1. Stop the Sophos Message Router service


    2. Stop the Sophos Management Agent service

    3. Open Regedit and navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\ParentAddress
    Does the parent address value reflect the management server ok?
    I was thinking that maybe the mrinit.conf file where the machine was reprotected from could have been incorrect.

    If so leave as is.
    4.  Still in Regedit, navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private 
    and delete the pkc and pkp values.

    5. Also delete the pkc and pkp value under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private

    These values are the certificates of the router and agent.  

    Note: If they don't already exist that is your problem.

    6.Ensure that port 8194 TCP incoming is open on the client firewall.  If you're using Sophos Client Firewall that will automatically let through the traffic.

    7.  Ensure that on the management server the services:
    Sophos Message Router
    Sophos Certification Manager 
    Sophos Management Service
    are started, also ensure all other service of Sophos are running but those above are most significant.

    8. On the client start the Sophos Message Router Service.
    Within a couple of seconds you should see the pkc and pkp value return under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\Private 

    This is evidence the router has obtained its certificate. 

    9. Still on the client, once the router has its certificate start the Sophos Management Agent Service.
    In a few seconds, you should see the pkc and pkp values return under:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private

    This is the agent getting its certificate.  At this point the client should be able to message the server and should then send a status message.

    Does that help, if not which stages did or didn't work?

    If you're still not getting information about the products, I.e. SAV, SCF, AutoUpdate, on the client, check the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Adapters
    under this key there should be a key for each product, and within it a path to the dll that talks to each component on behalf of the Sophos Agent service.

    Regards,

    Jak

    :12215
Children
No Data