Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2327 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Management Console and child domains in AD

mkeadle

Greetings,

I've successfully installed and somewhat configured SEC 5.2 on a server at the root of our AD forest. It's updating fine and everything otherwise seems to be working well... except, when I attempt to install just the Management Console in a child domain, I'm unable to provide it with the information it needs.

During the attempted console install, I eventually get to a screen asking for the hostname of the central SEC server, and the account details created during initial install to access the database. The field to enter the user account information is not a text editable box, so the account must be selected from AD using the 'Browse' button. However, I find that I am restricted to only being able to search within that child domain. The forest root is not displayed. This is a problem, as the accounts required by SEC are at the forest root, where the server itself exists.

I'm assuming this isn't a case of the Management Console just not being installable in a child domain, but I'm pretty much at a full stop at figuring this out. Please assume routing issues are not an problem.

:37813


This thread was automatically locked due to age.
  • 0

    HI,

    As a test, if you just create a local account on the computer you're trying to install the remote console on.  May as well give it the same name as the account the Management Host Service on the SEC server is running as then choose this during the install. This will get you through the installer.   Hopefully it will just work, if not, this account information is just stored in the file EnterpriseConsole.exe.config (same directory as EnterpriseConsole.exe).

    In the file you could try adding the UPN form of the account in the 4 sections at the bottom, consult the EnterpriseConsole.exe.config file on the server for the format and ensure that the URLs are resolvable from the remote computer.

    Hope it helps.

    Regards,

    Jak

    :37819
  • 0

    That did the trick, but that's difficult to swallow as a solution. I created the local account as you recommended and selected that, but then found that when I went to edit the EnterpriseConsole.exe.config file that the lines containing the UPN just didn't exist. I copied them over from the working server console config file, and that got it up and running.

    I'm looking at eventually rolling the Management Console out to around 18 locations, and this is going to make that difficult. If the account browser during the install could be enabled to search across an entire forest, or the text field for the account be editable, this wouldn't be an issue.

    :37955
  • 0

    Hi,

    Glad it's working.  If you have to deploy mutiple consoles, that could be done quite easily as per:

    http://www.sophos.com/en-us/support/knowledgebase/118548.aspx

    I suspect you can just specify the correct UPN as the SERVER_UPN property and it will just work. Sounds like the problem is just in the setup bootstrapper.


    Regards,

    Jak

    :37957
  • 0

    Well, in all my time spent here, I've not come across that info. Thank you very much for that.

    :37959