Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 13558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reset/Change Sophos Update CIDs

janb

Is it possible to change the CID-path for Sophos Updates? Somehow I ended up with S000 and S065. Adding a new one only counts higher.

I don't know how this could happen. I definitely didn't add 65 different software subscriptions.

It's needed because I want to consolidate two different management servers into one while using the configuration of one as a base and need the update paths S001 and S002.

Is there a way to do that or do I have to start from scratch?

:40409


This thread was automatically locked due to age.
  • 0

    Hello janb,

    likely this is an old installation - in the beginning of SUM the numbering was deterministic but not consecutive. Later the numbering schema has been changed. Before resorting to dirty tricks let's try it with a conservative approach.

    Which SEC versions are involved? Could you please give some details about the existing subscriptions/CIDs and how you intend to merge them (what for do you need S001 and S002)? Also, is the CID with S065 in use?

    Christian

    :40411
  • 0

    Hello Christian,

    the management server with CID S000 and S065 was first installed with 3.x and updatet to 4.x and 5.x when they were available. It's now running 5.2. I can't tell you the version of the other server exactly because it's not managed by me but it's either 4.x or 5.x.

    The server running 5.2 has one active subscription (S000) for Sophos Endpoint Protection for Windows 2000 and above with 10.2 Recommended and only managed computers. The other subscription (S065) is inactive. It was used for the transition from Endpoint Protection 9.x to 10.x. Adding a new subscription will add a new CID with S06x. This is the server which configuration I want to use as a base for the new server.

    The other server has two active subscriptions (S000 and S001) and has no managed computers. S000 is for the latest OS and Endpoint Protection. S001 for older OS and Endpoint Protection. They're used to update all the standalone or custom installations which are quite a lot because of the licensing model for the university I work at.

    That's why I want the configuration of my server with 500+ managed installations but need the CIDs S000 and S001 (don't need S002 actually) because of all the standalone clients.

    Jan

    :40413
  • 0

    Hello Jan,

    the management server with CID S000 and S065 was first installed with 3.x - quite unhumble, I've expected this. S065 is inactive - so please just delete it and when the Update Manager's configuration matches add a new subscription. As far as I can recall this should "reset" the numbering. If not a hack is probably needed.

    The other server [...] has no managed computers. So you want to "alias" these CIDs (BTW: are the computers updating over HTTP)? And they will stay unmanaged (I assume they don't have RMS installed)?

    Christian 

    :40415
  • 0

    Hello Christian,

    S065 is inactive - so please just delete it and when the Update Manager's configuration matches add a new subscription. As far as I can recall this should "reset" the numbering. Unfortunately this didn't work. I deleted the subscription and the folder for S065, after that I added a new subscription but the new CID folder is S069. It jumped to 69 because I tested a couple things before this.

    The other server [...] has no managed computers. So you want to "alias" these CIDs (BTW: are the computers updating over HTTP)? And they will stay unmanaged (I assume they don't have RMS installed)? Yes, something like that. The unmanaged installations need to be able to update from the new server without changing their configuration. They have a fixed adress like sophos.ourdomain.de which points them to the server with the CIDs S000 and S001. Yes they update over HTTP and will stay unmanaged and have no RMS installed.

    Jan

    :40419
  • 0

    Hello Jan,

    ok, this is unsupported and don't divulge it was me who told you: The registry DWORD value SubscriptionShortTagCounter under HKLM\Software[\Wow6432Node]\Sophos\EE\Management Tools holds the number for the next CID. 

    HTTP is usually not a big problem. Anyway I want to mention that to a certain extent you can modify the clients' policies - please see Using ConfigCID.exe to implement XML configuration file changes and indicated related articles. BTW - I have not checked how AutoUpdate (version 2.9.0 and above) reacts when seeing a "foreign" CID (i.e. one with a cac.pem different from the one it previously updated from). You might want to test this first.

    Christian

    :40421
  • 0

    It worked. Thank you very much!

    I could reset the CID counter.

    There is no trouble with a "foreign" CID. I installed our standalone version which updates from one server, then changed the updatepath to the other server and ran the update again. AutoUpdate restarted itself and updated the product-cache from the other server.

    Jan

    :40427