This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrating EC v4 to new server - updates now fail

Good evening,

Recently moved an installation of Sophos EC  v4 from our old server to the new live server. Followed the Sophos Migration guide to the letter (no number just dated June 2010).

Initially tried to move everything from v4 to v4.5 but that did not work. Doh should have engaged brain first, stupid.

Then installed v4.0 on the new server and the migration seemed to go ok. EC started up fine and all the computers were present.

Selected Update Manager and tried to force an update. This went away for a while and then failed. Might have a handle on this as I realised I did not clean out the Sophos Update share between version (v4.5 and v4.0) so I have a plan on how to solve that issues.

Went to a client and tried to get it to update it failed with 'Could not connect to server'. From memory its running EP 9.0

On checking the configuration of the update I noticed it uses SophosUpdateMgr as the user with a hidden password. Now my understanding is that the EC will create this user with a random password when it is installed if it does not already exist. Does this then get changes when I restore the registry / certificates / database  or do I have to invade the AD on the old server to find the password and then set it on the new and run the Sophos 'hide' it etc.?

If its not that can anyone please provide a pointer to the probable cause of the problem.

Regards

Gary

:5531


This thread was automatically locked due to age.
Parents
  • Hi,

    As a quick test, in SEC I would create a new updating policy, call it test and choose the same subscription as the clients are using. I would then apply this config to one client (you might have to move one test client to a new group, to which the test updating policy is linked to).  I would wait until it said it complies with the updating policy then check the iconn.cfg file on the machine:

    Vista+ in: "\ProgramData\Sophos\AutoUpdate\Config\", otherwise: "\Program Files\Sophos\AutoUpdate\Config\"

    If other machines that are failing are using the same account as in the test policy I would suspect the password string and or the update path to match in their iconn.cfg files.  If the don't this would at least explain why they are failing as based on the information, it's not clear to me from "Could not connect to server'.message if this is due to:

    1. The path is just incorrect, i.e. they distribution point path the clients are using doesn't exist.  Wrong Sxxx number for example.

    2. The password the clients are using is correct or not.

    3. There are no files in the CID path due to SUM not populating the distribution point.

    Or all of the above.

    I would also check that the paths in the bootstrap locations dialog in SEC are connect for the subscriptions and the clients are using the correct paths.

    From the logs you have, I would also suggest on the machine where SUM exists, browsing to:

    http://sophos2.yhgfl.net/libraryv4//Warehouse/

    for this example and check you can download the first file SUM says it cannot download.

    Hope this helps.

    Jak

    :5685
Reply
  • Hi,

    As a quick test, in SEC I would create a new updating policy, call it test and choose the same subscription as the clients are using. I would then apply this config to one client (you might have to move one test client to a new group, to which the test updating policy is linked to).  I would wait until it said it complies with the updating policy then check the iconn.cfg file on the machine:

    Vista+ in: "\ProgramData\Sophos\AutoUpdate\Config\", otherwise: "\Program Files\Sophos\AutoUpdate\Config\"

    If other machines that are failing are using the same account as in the test policy I would suspect the password string and or the update path to match in their iconn.cfg files.  If the don't this would at least explain why they are failing as based on the information, it's not clear to me from "Could not connect to server'.message if this is due to:

    1. The path is just incorrect, i.e. they distribution point path the clients are using doesn't exist.  Wrong Sxxx number for example.

    2. The password the clients are using is correct or not.

    3. There are no files in the CID path due to SUM not populating the distribution point.

    Or all of the above.

    I would also check that the paths in the bootstrap locations dialog in SEC are connect for the subscriptions and the clients are using the correct paths.

    From the logs you have, I would also suggest on the machine where SUM exists, browsing to:

    http://sophos2.yhgfl.net/libraryv4//Warehouse/

    for this example and check you can download the first file SUM says it cannot download.

    Hope this helps.

    Jak

    :5685
Children
No Data