Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3366 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EndPoints - how to update the Updating after Enterprise Console Reinstall

BloodBaz

Hello,

I have just reinstalled Enterprise Console (now using 5.2.1) after I have had my license upgraded from Sophos Security Suite SBE to Sophos Endpoint Protection - Business.  I am running Windows Server 2012 VMs and a mix of Windows 7 and 8 clients.

As I recreated user accounts along recommended practises, my "Update Manager Account"  is now <mydomain>\SophosUpdateMgr.   However, my clients are still running Sophos AV with Updating details of the old (now deleted) account.  

As a result they cannot update themselves, nor can I correct the credentails manually on the clients as the Configuration > Updating dialog box (Primary location) has the settings "greyed out".  Chicken and egg!

Q1) How should I get my Winodws Clients to use the new Username/Password?

Q2) Should I just rerun the AV from \\myserver\SophosUpdate\CIDs\S000\SAVSCFXP\setup.exe ?

Q3) If so, will this include the new updating policy?

Thanks,

Chris

:42135


This thread was automatically locked due to age.
Parents
  • 0

    Hello Chris,

    while your problem has been solved I have some reservations as IMO not all that has been said here is correct. To make sure - we are talking about Sophos Enterprise Console, right?

    they did not show up as connected/online as the mismatch credentials meant they couldn't communicate

    RMS (that's the "communication" component) is independent of the updating policy (and the credentials). RMS doesn't an account to access the management server. That a client can't update (i.e. can't access the share on the server) does not mean it can't communicate - but maybe I'm misunderstanding you.

    You did not tell the details of the migration so the rest is based on guesswork.

    On each endpoint

    Works if you have only a few - consider an installation with several 1000 endpoints, more than just a pain, but anyway ...

    Do an "Update Now" and all software updates, ides, policy will be reapplied

    It will update but (unless you have put a policy in the CID - which is very unlikely) it will not (re-)apply the policies. If communication resumes the clients should show differs from policy (not because of location or credentials but because of AllowLocalConfig) - is this the case?

    If you did not change the server's identity (name, IP as well as its certificate) then the clients should have reported to the server and you should have been able to change the policy from there.

    discovering wasn't a problem but "connecting" them was

    If you are talking about being unable to successfully Protect computers - there are several pre-requisites (won't detail them here) but anyway, you have to explicitly enter the account to be used for the install in the wizard (and this is usually not SophosUpdateMgr). If it gets as far as doing the initial install of AutoUpdate it will set the credentials from the policy (and not use the ones that were in the client's config).

    If the server's identity has changed, then configuring updating on the clients will enable them to update but not to communicate (RMS) with the server.

    Christian

    :42243
Reply
  • 0

    Hello Chris,

    while your problem has been solved I have some reservations as IMO not all that has been said here is correct. To make sure - we are talking about Sophos Enterprise Console, right?

    they did not show up as connected/online as the mismatch credentials meant they couldn't communicate

    RMS (that's the "communication" component) is independent of the updating policy (and the credentials). RMS doesn't an account to access the management server. That a client can't update (i.e. can't access the share on the server) does not mean it can't communicate - but maybe I'm misunderstanding you.

    You did not tell the details of the migration so the rest is based on guesswork.

    On each endpoint

    Works if you have only a few - consider an installation with several 1000 endpoints, more than just a pain, but anyway ...

    Do an "Update Now" and all software updates, ides, policy will be reapplied

    It will update but (unless you have put a policy in the CID - which is very unlikely) it will not (re-)apply the policies. If communication resumes the clients should show differs from policy (not because of location or credentials but because of AllowLocalConfig) - is this the case?

    If you did not change the server's identity (name, IP as well as its certificate) then the clients should have reported to the server and you should have been able to change the policy from there.

    discovering wasn't a problem but "connecting" them was

    If you are talking about being unable to successfully Protect computers - there are several pre-requisites (won't detail them here) but anyway, you have to explicitly enter the account to be used for the install in the wizard (and this is usually not SophosUpdateMgr). If it gets as far as doing the initial install of AutoUpdate it will set the credentials from the policy (and not use the ones that were in the client's config).

    If the server's identity has changed, then configuring updating on the clients will enable them to update but not to communicate (RMS) with the server.

    Christian

    :42243
Children
No Data