SEC missing computer details and unable to apply policies

Hello CFB,

and discovered that our backup was corrupt  

bad - corrupt or restore can't make sense of it ... although I often say backup your data I usually leave out the and make sure you can restore them for the sake of brevity. It pays to make application specific backups in addition and use a mechanism independent of the server backup. In case of SEC it's some (static) registry settings (see the  Enterprise console migration guide chapter 6.1.3 for details) and the database. Just putting them on another (physical) server gives some extra safety (some time ago a finger slip zilched most of the database contents - thanks to the daily database backup all I lost was a few hours worth of status messages/alerts, the rest was restored within minutes).  But I digress ...

Did you import your clients from AD (as you obviously "see" them)? If you didn't have the registry keys for the Certification Manager available the new server created new certificates for use with RMS. As the clients expect a different certificate they refuse to talk to the server (if you import the mentioned keys before install the server would in terms of RMS be "the same" - even if you change it's name and/or IP).

Now it is not necessary to uninstall and reinstall on the clients (and that is doesn't work might be because there's a left over mrinit.conf.orig). The migration guide shows one possible way in chapter 6.1.5. Dunno - as I haven't tested it - whether reinit.bat is only called when at least one of the ScriptFiles is updated and copied or with every update. In the latter case (as you don't have an old CID with these files and a new CID without them) you'll want to add some code so it performs the reinit only once (it'd be a good idea to set a version-specific marker in case you ever again need it).  

RMS uses TCP - no need to opne UDP.

HTH

Christian

Hello CFB,

and discovered that our backup was corrupt  

bad - corrupt or restore can't make sense of it ... although I often say backup your data I usually leave out the and make sure you can restore them for the sake of brevity. It pays to make application specific backups in addition and use a mechanism independent of the server backup. In case of SEC it's some (static) registry settings (see the  Enterprise console migration guide chapter 6.1.3 for details) and the database. Just putting them on another (physical) server gives some extra safety (some time ago a finger slip zilched most of the database contents - thanks to the daily database backup all I lost was a few hours worth of status messages/alerts, the rest was restored within minutes).  But I digress ...

Did you import your clients from AD (as you obviously "see" them)? If you didn't have the registry keys for the Certification Manager available the new server created new certificates for use with RMS. As the clients expect a different certificate they refuse to talk to the server (if you import the mentioned keys before install the server would in terms of RMS be "the same" - even if you change it's name and/or IP).

Now it is not necessary to uninstall and reinstall on the clients (and that is doesn't work might be because there's a left over mrinit.conf.orig). The migration guide shows one possible way in chapter 6.1.5. Dunno - as I haven't tested it - whether reinit.bat is only called when at least one of the ScriptFiles is updated and copied or with every update. In the latter case (as you don't have an old CID with these files and a new CID without them) you'll want to add some code so it performs the reinit only once (it'd be a good idea to set a version-specific marker in case you ever again need it).  

RMS uses TCP - no need to opne UDP.

HTH

Christian