Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 10369 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Console Help

DuaneM

I have some issues with the Enterprise Management Console that I'm hoping someone might have some advice about.  We are considering purchasing the Endpoint Enterprise to manage our Anti Virus protection on our heavily mixed environement.  We have Macs, PCs and Linux Clusters.

I currently have a test environment on my OS X 10.6 MacBook Pro running Parallels VM

I have Server 2003 running on one VM to host the Management Console

I have Windows 7 on a second VM

I did not use Active Directory because our live environment currently doesn't either.

I installed the Management Console and downloaded the Windows, Mac, and Linux Clients.

I then installed the Mac client from the server share but it did not autoconfigure for my server???

So I manually added the update server and it is getting updates from the win2k3 server but on the server console my MacBookPro is still "grayed out"

Any Thoughts?

Thanks a bunch.

:11657


This thread was automatically locked due to age.
  • 0

    Hi,

    Does the WIndows 7 machine show in SEC sorrectly as connected and managed?  Is so this guarantees much of the server side setup if functioning correctly.

    The Windows and Mac clients both use the Remote Management System (RMS) to communicate with SEC.Where the Windows machine uses the registry to hold settings and such, the Mac uses files which emulate the registry.

    So the main things to check are:

    1. If the Mac is pointing at the right address, ie the ParentAddress contains the address of theSEC server.

    2. The Mac has both an Agent and Router certificate.

    One of the indications of this is the Router on the Mac starts listening on pors 8192,8193 and 8194. This is evidence that the Mac Router has a certificate.

    So as a test, can you connect to port 8192 and 8194 on the Mac?  You should be able to telnet from the server to the Mac.  E.g.

    telnet macaddress 8192
    telnet macaddress 8194

    The server doesn't connect to port 8192 but this will present a string and prove the router has a certificate, connecting to port 8194 connects but doesn't display anthing this is expected.

    That being said it is worth mentioning is that the Mac needs to be able to connect to ports 8192 and 8194 of the server and the server needs to be able to connect to port 8194 of the Mac to ensure fast downstream message delivery.  

    I hope this helps.


    Jak

    :11661
  • 0

    Hi Jak,

    Thanks for the quick response.  You're correct, I have the server and the Win7 PC Sophos client installed and updating.  I even pushed an updated policy to my Win7 PC to test communications (Policy Compliance = Same as policy).

    I've attempted a telnet from my server to the Mac but those ports are rejecting the connection, so I think that is a great place to start. Thanks again.

    I wonder if it's a problem with my Ethernet being bridged on Parallels.  I'll return with more details after some research.

    Update:  Appearantly the communications between Win7 and Server are not 100% either, I downloaded the eicar test virus and sophos caught it but there is no report of the threat on the Admin Console.

    It's a long shot but I wonder if by chance there anyone else out there that has attempted to configure the management console in a test environment using Parallels 6 on Mac OS X 10.6?  Is it even possible?

    :11667
  • 0

    Hello Duane,

    sorry, no Parallels - but maybe this could be a little help:

    I then installed the Mac client from the server share but it did not autoconfigure for my server?

    There's an old thread about pre-configuring. AFAIK it still works like this.

    but on the server console my MacBookPro is still "grayed out"

    How did it get there? Did it appear after installing or did you use Find computers ...? If you install from the share the RMS component should also be correctly installed and initialized. Open the file ReportData.xml (use Spotlight or look in MacHD/Library/Logs/SophosMessageRouter/NetworkReport) in Safari and check for errors.

    I've attempted a telnet from my server to the Mac

    As Jak said this ensures fast downstream delivery but it is not an absolute requirement for the client to show in SEC. Using one of the formats (NetBIOS name, FQDN or IP address - if they exist at all) for the server address from the above report you should be able to telnet from the Mac to ports 8192 and 8194 on the server. 

    the communications between Win7 and Server are not 100% either

    Did you successfully download it or was it blocked while you attempted to download it? In the latter case you won't see an alert but it should be in the History section of the client's details. If you've specified automatic cleanup and/or delete the alert will not be persistent as the client successfully deals with the threat. In any case running the Alert and Event history report should show this "threat".

    Christian

    :11699
  • 0

    Thanks for the great tips, Christian, & Jak!

    I reviewed the ReportData.xml and the error was clear.  It couldn't resolve the DNS host name.

    I added my server ip to the hosts file on the Mac and included the com.sophos.sau.plist file in my install package, then reinstalled Sophos and instantly it appeared on the Console.

    It's funny how something so simple can cause such headache.

    Update: I also, did find the eicar virus detections on the Alert and Event Report. So, again thanks for the great tips!

    :11711
  • 0

    Can you explain these steps in detail? For I suffer from this problem

    :46487