ConfigCID.exe changes

HI,

You can use the copy of configcid.exe on the management server if you can address the remote CID and it's able to connect to it. 

Otherwise just export the 1 reg key mentioned in the article above from the management server, import it to the computer where you wish to run configcid and it should work.

Regards,

Jak

Hello JFC,

so where does ConfigCID.exe fail, on the management server or a remote SUM?

As an aside, I've noticed that the article has again been amended and now officially states This [CertAuthStore] key can be imported to another server if required (I've assumed as much). 

Christian

Hello JFC,

Could not find file 'cac.pem' in the CID. is the message you get if the path does reference an existing share  or a local path (syntactically)  but not a (valid) CID - do you run the command with a UNC or a local path? I'm not aware of any recent changes which could cause this behaviour so my first guess would be an obscure typo (don't insinuate you can't type or read but the first time I have made this kind of error it took me quite some time to detect it).

Apart from this - what changes did you make to the CID, updating mrinit.conf in the RMS subdirectory?

Christian

Hello JFC,

this is - I assume - an endpoint attempting to update, isn't it? Is the WebCID configured as Primary or Secondary? You've probably noticed this because updating failed on the endpoint. Now I think the the actual failure - if updating indeed failed - is somewhere else. The SDDS mechanism (which searches for the catalogue) is for updating from a Sophos Warehouse and tried first (regardless of the path configured) if the Last Update Mechanism for the location is SDDS or Unknown. It is expected to fail when not updating from Sophos (or a Sophos Warehouse) where it indeed would find the catalogue. AU the tries the CID mechanism which is the appropriate method for a WebCID (which contains neither the catalogue nor a catalogue folder). Looks like this failed as well - there should be another error in the log.

Christian

hehe, I copied mrinit.conf to rms subfolder. man i probably was desperate and now I not sure where I read about it. I believe Sophos should put 'together' a guide. I think I have read many KB for the same things.

regarding WebCID here is what I have:

- IIS site binded to port 2221, Mime types added, I can download .DLL, .EXE, .IDE files from a browser

- AU Primary Server: http://public_ip:2221

- MRINIT.CONF:  ParenAd... public_ip, FQDN, workstation  /   MR.... internal_ip, ......   

- Ports 8192,8194,2221 forwarded to the same internal workstation

In IIS: Path for the site is: ....Update Manager/Update Manager <--- this one (where I see both CIDs and Warehouse folders)

Thank you very much for your help.

Hello JFC,

this is getting confused and confusing :smileyhappy:. Normally I'd suggest starting another thread but as the issues could be related let's continue here. Trying to sort this out ...

What does and what does not work? I have no idea whether you use one or more CIDs - could be only one which you publish with IIS, but as you mention MR I assume there are at least two. Do all clients updating from the WebCID fail?

As an aside - are you trying to introduce a message relay (i.e. get rid of the port forwarding)?

For any "current" SEC version the SUM should be version 1.4.2.186 and the associated ConfigCID.exe 2.0.17.0. - this is AFAIK the first one which would give you Failed to read signing key but then running the command on your server should not give you this message

cac.pem should be in the root of the CID (i.e. in the SAVSCFXP folder) - as said, if you get the message that it could not be found it's either not there or there's a typo in the path.

IIS is likely working correctly, the updating error could be caused by a "logical" error in the CID. The reason should be in the same ALUpdate log you posted the Cannot locate server message from - a number of lines down.

HTH

Christian

Sorry for confusing... :(

If I recall this is what I did:

- Install SEC (all component) ... got first update .. 1 default CID created

- Enable (router) port forwarding for 8192,8194,2221, workstation is LAN 192.168.x.x

- IIS > New site (path to ".../CIDs/.../Update Manager" folder), Mime Types added, test downloading a .DLL from a browser (LAN, and outside network) it worked.

                     NOTE- at this momento I read KBs back and fort ... so I guess this is when I screwed up :(

- Modified MRINIT.conf so:

  "MRParentAddress"="192.168.x.x,Domain.net,hostname"
 "ParentRouterAddress"="public_ip,Domain.net,hostname"

- Modified registry key: ServiceArgs to:

  -ORBDottedDecimalAddresses 0 -ORBListenEndpoints iiop://:8193/ssl_port=8194&hostname_in_ior=PUBLIC_IP

- I believe a copied mrinit.conf to RMS subfolder when I was trying to create a package (KB Home Users Protect...)

- From outside: "telnet public_ip 8192"  got IOR response

- ~25 clients managed, LAN, updating from CIDs (UNC/Share) OK

- remote client cannot update from WebCID (got 'catologue/somefiles.XML not found or something..)

- AU Primary Server: http://public_ip:2221

Thanks for your help.