Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 19118 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ConfigCID.exe changes

QC

Hello all

Last week I stumbled over the recent changes in ConfigCID.exe - got a "Failed to read signing key" error (meanwhile the article on ConfigCID.exe has been amended with information on this). This will affect you if

  • you have to configure a CID on a child SUM and
  • you can't access the share from the management server

There are perhaps more changes (to expect)

Just to let you know

Christian

:36855


This thread was automatically locked due to age.
  • 0

    Hello JFC,

    thanks for the details (although I'm still struggling to figure out your setup). I'll summarize what I understand so far and please correct me where I'm wrong:

    • you have "just" the management server with one CID
    • the CID is also published by IIS
    • the server is on the internal LAN and you want outside clients to be manageable (you want them to be able to communicate with the server via RMS)
    • you do not use a message relay(?) but you are port-forwarding a public IP for your management server

    Coincidentally Jak has posted this great summary - while it might not exactly apply to your situation it is worth reading and perhaps helps to disentangle your problem.

    As said, there are IMO distinct but not independent issues which have to be addressed individually but with the whole in mind:

    1. Downloading from the WebCID: the catalogue/SDDS error is inconsequential. What we need is "the other" error which should be logged shortly after a line containing: CIDUpdate(SyncProduct.Start): RMSNT, http://public_ip:2221 .... Can't say what it could be. If there's indeed only the one default CID which is also published I'd rather assume a MIME-type issue than an inconsistency in the CID (as in that case UNC updates should encounter an error as well).
    2. ConfigCID.exe: If it does not work then the clients will not be able to pick up the changes to mrinit.conf. BTW: The "outside" clients are not yet managed, are they? But before trying to make it work there's ...
    3. ... last but not least the (intended) configuration: Wondering if it really works this way (using an IP for hostname_in_ior). If you open the Network Communications Report on a LAN client - what's in there for Parent addresses and Current parent address?

    Christian

    :39557
  • 0

    Hello,

    I did a fres install (VM). This time I make sure to make ONLY 2 changes to the default Server/CID:

    - Modified MRINIT.CONF (Parent Address= PublicIP)

    - Modified Registry Key ServicesArgs=-ORBDottedDecimalAddresses 0 -ORBListenEndpoints iiop://:8193/ssl_port=8194&hostname_in_ior=PublicIP

    Then I publish CID with IIS/Win2003, added MimeType:  "*"     (I tested download .EXE, .IDE, .DLL)

    Later I created a package as per suggestion KB Protecting Home Users.

    When I went to test the package first It seems to update (http://public_ip:port) but at step 2 now I got:

       "RMSNT install failed"


    QUESTIONS:

    Can the same machine (SEC) be Message Relay?

    :39757
  • 0

    Hello JFC,

    Can the same machine (SEC) be Message Relay?

    Not in the strict sense - as there is only one instance of RMS on a given machine. Won't dig into the other intricacies here (at least for the moment).

    "RMSNT install failed"

    This is IMO where to start. So please check the Sophos RMS Install_Log and the associated ClientMRInit to see what the client does not like.Likely it is the latter which gives some insight (should be short enough to post it here if necessary).

    Christian

    :39767