Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 14845 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remotely re-installing Sophos endpoint

RogueViper

Hi 

I wonder if anyone can help me. Over the past 6 months I have been struggling to resolve endpoints that are unmanaged but have Sophos installed and are updating. Unfortuntly my job isn't to fix problems but to flag them up for another team to resolve. I have now gotten to the point of just fixing it myself.

At the start there must of been in excess of 100+ unmanaged hosts; which were missing the RMS component of Sophos due to most likely an incorrect image being used for new desktops/laptops. I have managed to resolve apporox 50 hosts by using the protect feature in SEC which reinstalled Sophos and the hosts appeared in SEC. 

The remaining hosts are laptops, which are running XP but the remote protect feature doesn't appear to work. I can see the scheduled task being created and the configuration of the hosts is no different to that of the previous 50 hosts I have resolved. 

Can anyone point me in a direction on how to resolve this issue? Is there any way of just resinstalling RMS component remotely?

:21665


This thread was automatically locked due to age.
Parents
  • 0

    HI RogueViper

    There are a few things which you can try remotely.

    What could be happening is the following:

                Updating doesnt pull down the RMS Component

                RMS is not installing

                Firewall is Stopping the communication

    Below are some ways you can fix them remotely

    Alternatively, you can use a login script.

    Here are some remote fix ideas:

    UPDATING DOESNT PULL DOWN THE RMS COMPONENT

                Copy the following file from a working machine at the same branch:

                XP:         C:\Program Files\Sophos\AutoUpdate\Config\iconn.cfg

                To the not working machine: (If you have access to the C$ Share, copy it remotely)

                XP:                              C:\Program Files\Sophos\AutoUpdate\Config\

    Once the next update completes it will rule out updating being the cause.

    ** This can be scripted

    RMS NOT INSTALLING PART 1

                RMS sometimes fails to install if Sophos was on it previously and was joined to another server, or permissions with copying files.

                Navigate to:

                \\servername\SophosUpdate\CIDs\S000\SAVSCFXP\

                (replace servername with the name or IP address of the server)

                Copy the following two files:

                cac.pem

                mrinit.conf

                To the following local directory: (Remotely you can access the persons C$ Share if you have rights)

                C:\Program Files\Sophos\Remote Management system

                If the folder doesn’’’’t exist, create it.

    After another update it should come online or rule out one section of RMS not working

    **This can be scripted.

    RMS NOT INSTALLING PART 2

                This will probably require you to go to the machine, however, you can remotely access the computer management viewer from your machine and see the error code being displayed.

    FIREWALL IS STOPPING COMMUNICATION

                If the windows firewall is on and Sophos exceptions haven’’’’t been allowed it could be influencing the communication. 

                Most notable in the 'View Network Communications Report' in Start | Programs | Sophos or doing a simple telnet test to the ip on the below ports.

                Ports 8192, 8193, and 8194 TCP and UDP need to be open.

    **This can be scripted or if you are in a domain environment, can be done via the group policy.

    On a side note, there are two other less regular influencing factors.

    1. Is file and printer sharing enabled

    2. Is the Simple file sharing (They are different) disabled on XP?

    If you need help with the scripting let us know :)

    :21797
Reply
  • 0

    HI RogueViper

    There are a few things which you can try remotely.

    What could be happening is the following:

                Updating doesnt pull down the RMS Component

                RMS is not installing

                Firewall is Stopping the communication

    Below are some ways you can fix them remotely

    Alternatively, you can use a login script.

    Here are some remote fix ideas:

    UPDATING DOESNT PULL DOWN THE RMS COMPONENT

                Copy the following file from a working machine at the same branch:

                XP:         C:\Program Files\Sophos\AutoUpdate\Config\iconn.cfg

                To the not working machine: (If you have access to the C$ Share, copy it remotely)

                XP:                              C:\Program Files\Sophos\AutoUpdate\Config\

    Once the next update completes it will rule out updating being the cause.

    ** This can be scripted

    RMS NOT INSTALLING PART 1

                RMS sometimes fails to install if Sophos was on it previously and was joined to another server, or permissions with copying files.

                Navigate to:

                \\servername\SophosUpdate\CIDs\S000\SAVSCFXP\

                (replace servername with the name or IP address of the server)

                Copy the following two files:

                cac.pem

                mrinit.conf

                To the following local directory: (Remotely you can access the persons C$ Share if you have rights)

                C:\Program Files\Sophos\Remote Management system

                If the folder doesn’’’’t exist, create it.

    After another update it should come online or rule out one section of RMS not working

    **This can be scripted.

    RMS NOT INSTALLING PART 2

                This will probably require you to go to the machine, however, you can remotely access the computer management viewer from your machine and see the error code being displayed.

    FIREWALL IS STOPPING COMMUNICATION

                If the windows firewall is on and Sophos exceptions haven’’’’t been allowed it could be influencing the communication. 

                Most notable in the 'View Network Communications Report' in Start | Programs | Sophos or doing a simple telnet test to the ip on the below ports.

                Ports 8192, 8193, and 8194 TCP and UDP need to be open.

    **This can be scripted or if you are in a domain environment, can be done via the group policy.

    On a side note, there are two other less regular influencing factors.

    1. Is file and printer sharing enabled

    2. Is the Simple file sharing (They are different) disabled on XP?

    If you need help with the scripting let us know :)

    :21797
Children
No Data