Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 773 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

A number of small errors & questions

CDEvans

Setup:

One enterprise server running 400odd clients localy.

One update manager running another 50odd clients localy at a different office.

Running off the enterprise server:

Approx 80 clients are failing to report back:

around 10 of them are not listening on port 8192, and therefore won't as far as I understand, this is being looked into.

The rest are and the server can telnet to them, but they refuse to report, giving the error, that they are protected but not reporting.

odd questions and issues.

1) - our client names change with who logs on to them, is there a way I can get the server to check to see if the clients name has changed rather then it making a new listing for it, or at least, get it to remove the old one.

2) - Same as above just with DHCP, everytime a protected machine gets a new IP, it lists it again on the server,

3) I have to manualy scan the network range to pick up new clients, is there a way I can get the enterprise software to scan the range every hour or so?

Many thanks.

:10157


This thread was automatically locked due to age.
  • 0

    Hi,

    The first checks for a client that isn't reporting is if it has the certs for the Router and the Agent.

    Router:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\Private\pkc
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\Router\Private\pkp

    Management Agent:
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent\Private\pkc
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent\Private\pkp

    If the client has the Router certs it will listen on 8192, 8193 and 8194 but until the agent has a certificate you won't get any status in SEC.  Do your umanaged client have a pkc and pkp for both the agent and the router.  It sounds like they might be missing a agent certificate?

    As for the machine name changing you could consider using the -compname switch to setup as listed here:

    http://www.sophos.com/support/knowledgebase/article/12570.html
    This is typically used for the scenario where there might be multiple machines with the same name operating in the same domain/workground context.

    If you're protecting new machines all the time (to save SEC from finding them) a startup scrpt which installs using the above switches (something similar to http://www.sophos.com/support/knowledgebase/article/13090.html) would mean the client initiates the appearance in SEC.  You can use the -G switch to ensure the machine is placed into the right group in SEC and therefore obtains the correct policies at install.

    Regards,

    Jak

    :10161
  • 0

    Morning Jak,

    Many thanks for the reply, I've looked at the clients that are not reporting and yes, they are missing the two keys, I've taken them from a client that is working and chucked them inside a start up script.

    I'll get to see the results monday.

    I'm going to push it out to all clients and clear the MC and start with an empty slate (so to speak)

    Many thanks for your help.

    :10213