Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 6275 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change IP Address Sophos Enterprise Console 5.2.0

kippykoppy

Hi,

i need help with step by step how to configure SEC if i change the IP Address of the server. 

we have SEC v5.2.0 with 11 childsums, and 626 endpoint. I only want to change the ip address from 10.10.1.40 to 10.10.1.4.

From a few post (community), i need to change parameter in mrinit.conf. Is there any other setting that i need to adjust ?

Thanks for the help.

:40837


This thread was automatically locked due to age.
  • 0

    Hi,

    You mention about changing mrinit.conf so I'll assume that the machine has always had a static IP and that there are IPs in that file.  

    Note: 

    • When SEC is installed, and mrinit.conf is initially created, if the machine is DHCP, then the addresses in there are just FQDN and NetBIOS.  If it has a static IP at install, then it contains IP, FQDN, NetBIOS, the clients then use these in order to resolve the server for management (Remote Management System (RMS)) .
    • Mrinit.conf if copied to the client by setup.exe when the client is installed, as part of the install of RMS the entries in mrinit.conf are copied to the registry and used from then on until RMS performs an update which is quite rare.

    So assuming that SUM doesn't have the IP address in its config to distribute CIDs, the only place I can think it exists is in all the mrinit.conf files on the server, i.e. in each CID, in the SUM installer share and in the Enterprise Console program files folder and in the clients config.

    So to fix this I would assign the server the new IP, do a search for all mrinit.conf files on the server (this will depend on the number of CIDs you have) and update them all with the new IP.  

    Newly protected clients will then be fine.  

    Existing clients, will still be addressing the server based on the parentaddress string value in the registry (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\ParentAddress). I.e. 10.10.1.40, FQDN, NetBIOS.  Now as the FQDN and NetBIOS probably isn't changing the existing clients will still be able to resolve the server, but it may take up to 5 minutes to fail with the IP before using the FQDN.

    It is worth bearing in mind however, that if a new client comes along with 10.10.1.40 as its IP address and has SAV and RMS installed and therefor a router will be listening on that IP on 8194.  the clients will connect to that router,  as it will be configured as a client router it will not be able to sustain the load.

    To fix the existing clients you essentialy just need to:

    1. Stop the router serivce on the client

    2. Update the parent address registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\ParentAddress

    with the new string

    3. copy the new mrinit.conf to the remote management system directory under program files.

    4. Star the router.

    A simple batch file could carry out those steps if you have a way to deploy it.

    The other option, although it does more than you need is to use this tool:

    http://www.sophos.com/en-us/support/knowledgebase/116737.aspx

    Regards,

    jak

    :40839