Update server hardware failure - options? SESAC 9.5

Hello ipgsophos ,.

what backups do you have available, none at all? If you happen to have a backup of the registry there'd be an "easy path". Do you know the password for the update user (UserName in iconn.cfg on the clients - under %ProgramFiles%\Sophos\AutoUpdate\Config )?

First of all, installing SEC5.0 wouldn't cause any problems (that I'm aware of). The server can have whatever name/IP. Did you use any other subscriptions that Recommended? If so, you'd have to be careful when setting up the subscriptions. Otherwise I suggest that you set the Recommended subscription to 9.5. Once you've verified that you can manage your clients you can upgrade to 10.0.

There's more than one way to skin the cat:

The straight forward way is to install SEC5.0, make the necessary configurations, search for the computers and then reprotect them (Protect Computers). 

If reprotection is not feasible, you could redirect the clients to the new server as described in How to redirect Windows endpoints to a new management server . Note that it requires that you execute the generated script on your endpoints. Once the clients are communicating with the server, apply the new updating policies.

If you have the registry backup you can give the new server the same identity as the old one. If your old mrinit.conf contained the server's FQDN (you can find mrinit.conf in the client's C:\Program Files\Sophos\Remote Management System directory) you can redirect the clients to the new server by using temporarily a DNS alias.

If you know the former update credentials (user and password) it might be possible that the clients access the new CIDs. In this case you should give (although it is possible to create a NetBIOS alias as well) the new server the same name as the old one - unless you were using a FQDN to access the update location). Guess you didn't have a WebCID?

I hope this is not too confusing - please ask if anything is unclear.

Christian 

Hello ipgsophos ,.

what backups do you have available, none at all? If you happen to have a backup of the registry there'd be an "easy path". Do you know the password for the update user (UserName in iconn.cfg on the clients - under %ProgramFiles%\Sophos\AutoUpdate\Config )?

First of all, installing SEC5.0 wouldn't cause any problems (that I'm aware of). The server can have whatever name/IP. Did you use any other subscriptions that Recommended? If so, you'd have to be careful when setting up the subscriptions. Otherwise I suggest that you set the Recommended subscription to 9.5. Once you've verified that you can manage your clients you can upgrade to 10.0.

There's more than one way to skin the cat:

The straight forward way is to install SEC5.0, make the necessary configurations, search for the computers and then reprotect them (Protect Computers). 

If reprotection is not feasible, you could redirect the clients to the new server as described in How to redirect Windows endpoints to a new management server . Note that it requires that you execute the generated script on your endpoints. Once the clients are communicating with the server, apply the new updating policies.

If you have the registry backup you can give the new server the same identity as the old one. If your old mrinit.conf contained the server's FQDN (you can find mrinit.conf in the client's C:\Program Files\Sophos\Remote Management System directory) you can redirect the clients to the new server by using temporarily a DNS alias.

If you know the former update credentials (user and password) it might be possible that the clients access the new CIDs. In this case you should give (although it is possible to create a NetBIOS alias as well) the new server the same name as the old one - unless you were using a FQDN to access the update location). Guess you didn't have a WebCID?

I hope this is not too confusing - please ask if anything is unclear.

Christian