Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Awaiting Policy from Console - Reboot Required - Update Servers

Semex

Hey guys,

Heres the issue I see.

I have sophos endpoint server that I use for updates for the end clients, and use Sophos as the Secondary Server.

Once I deploy the antivirus software to the machine the staus is:

-Awaiting Policy from Console

-Reboot Required

Ok so at this state the software is on the machine, my sophos endpoint server is set as the Primary update server, but nothing in the Secondary server.  (until reboot)

So my question is:

Since my users hardly reboot their computers, and most are laptop users that just put the computer to sleep.  I want to be able to push this secondary server to the computer before a reboot is required.  Here is why.

So lets say they put their computer to sleep.  Go away from the office turn it back on, it will not hit our internal update server.  Lets say they do reboot while they are away, they won't be able to get updates till they are back in the office, maybe weeks away beacause it still has not hit the primary server for policy updates to recieve the secondary server.

Any way I can get around this dilemma.

Thanks

Jeff

:43283


This thread was automatically locked due to age.
  • 0

    Hi,

    The client should get the policy way before the reboot.  In theory it should get the policy (in this case the updating policy) about 20 seconds after the computer becomes managed. i.e. RMS is installed.

    Do you have port TCP 8194 open on the client?

    When the client is installed for the first time, RMS is installed but the client doesn't have any policies at this point.  This causes the client to send to the server a "no-ref" for all policies in the status message.  This will cause the management server to generate the policies for the client (providing the client was in a SEC group with policies linked).  The server will then notify the client (by connecting to 8194) to come fetch the policies.  If the server can't poke the client on 8194, the client will take around 15 minutes to fetch the policy in it's fall back polling mode.

    The router logs on the server and client should help you follow the flow of messages.

    Hope it helps.

    Regards,

    Jak

    :43309
  • 0

    Hello Jeff,

    as the users must be "in" when you deploy the software and you likely somehow "coordinate" the process (what would happen if they decide to close the lid just after you've started deployment) the easiest way would be to ask them to please reboot before they leave and inform you that they have so you can check and tell them that it is "safe" to leave.

    BTW: Using Comply with ... might result in the policy to be transferred even before the reboot.

    There are some other options: a custom package with a pre-configured policy, or copying/setting the configuration with a script (which requires that you "catch" them after install and before they leave and is not as convenient as the console).

    Christian

    :43311
  • 0

    Jak,

    >>Do you have port TCP 8194 open on the client?

    Looks like I had not added this.  I just added to the GPO and low and behold, the secondary server was created.

    Thanks for you help.

    Jeff

    :43343