Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8673 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC Still hasn't managed several computers on the network

DJfound

The situation I have is that SEC has successfully installed and managed 91 of the 268 machines in our AD. Unfortunately it's not well organized, so out of those 268 some connect to the network occasionally, some everyday, and some have been retired for years.

At this point I know that there are computer frequently on the network not being managed, just giving a 0x0000002e error. SEC is set to sync every 60 min, so it seems these machines should be getting pushed to. 

I've read all the documentation and every relevant kb. My GPO has every firewall exception and automatically starts every service that Sophos recomends. It's very odd how it's working perfectly for some computers and not others.

Thanks in advance for any help.

:52206


This thread was automatically locked due to age.
Parents
  • 0

    After a couple weeks of troubleshooting I've got something working.

    I implemented a script to check if the Remote Management is installed, and if not then it runs a standalone installer. I found that the standalone installer to be more consistent than just going to the SAVCFXP/setup.exe, though both should work. The problem that I encountered then was that many endpoints had Sophos and the Remote Management installed but directed to our old location. So what I am doing now is I have a security group with another script that forces a reinstallation everytime the computer starts up, and then I pull the computer from the security group. It's not the most elegant solution, but it is getting the job done.

    A couple of other things I needed to get this working. I modified the main script GPO to ensure the computer is connected to the domain network before running scripts, and to wait two minutes before cancelling scripts.

    Here are the resources I used in case someone else has need:

    Standalone Installer - http://www.sophos.com/en-us/support/knowledgebase/67504.aspx

    Deployment Script - http://www.sophos.com/en-us/support/knowledgebase/13090.aspx

    I also implemented a logging feature in my script, this helped me greatly with troubleshooting and monitoring progress, here's my final result: 

    ECHO %time% %date% -- %computername% >> \\MyServ\SophosUpdate\StandaloneInstall\InstallLog.txt
REM --- Check for an existing installation of Sophos Remote Management on 32-bit
IF EXIST "C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" goto _End
REM --- Check for an existing installation of Sophos Remote Management on 64-bit
IF EXIST "C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe" goto _End
REM --- Deploy to Windows 2000/XP/2003/Vista/Windows7/2008/2008-R2
ECHO -------------  Installing Sophos on %computername%  ------------- >> \\MyServ\SophosUpdate\StandaloneInstall\InstallLog.txt
\\MyServ\SophosUpdate\StandaloneInstall\SophosEndpoint.exe 
REM --- End of the script
:_End
    :52605
Reply
  • 0

    After a couple weeks of troubleshooting I've got something working.

    I implemented a script to check if the Remote Management is installed, and if not then it runs a standalone installer. I found that the standalone installer to be more consistent than just going to the SAVCFXP/setup.exe, though both should work. The problem that I encountered then was that many endpoints had Sophos and the Remote Management installed but directed to our old location. So what I am doing now is I have a security group with another script that forces a reinstallation everytime the computer starts up, and then I pull the computer from the security group. It's not the most elegant solution, but it is getting the job done.

    A couple of other things I needed to get this working. I modified the main script GPO to ensure the computer is connected to the domain network before running scripts, and to wait two minutes before cancelling scripts.

    Here are the resources I used in case someone else has need:

    Standalone Installer - http://www.sophos.com/en-us/support/knowledgebase/67504.aspx

    Deployment Script - http://www.sophos.com/en-us/support/knowledgebase/13090.aspx

    I also implemented a logging feature in my script, this helped me greatly with troubleshooting and monitoring progress, here's my final result: 

    ECHO %time% %date% -- %computername% >> \\MyServ\SophosUpdate\StandaloneInstall\InstallLog.txt
REM --- Check for an existing installation of Sophos Remote Management on 32-bit
IF EXIST "C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" goto _End
REM --- Check for an existing installation of Sophos Remote Management on 64-bit
IF EXIST "C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe" goto _End
REM --- Deploy to Windows 2000/XP/2003/Vista/Windows7/2008/2008-R2
ECHO -------------  Installing Sophos on %computername%  ------------- >> \\MyServ\SophosUpdate\StandaloneInstall\InstallLog.txt
\\MyServ\SophosUpdate\StandaloneInstall\SophosEndpoint.exe 
REM --- End of the script
:_End
    :52605
Children
No Data