Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1853 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

help troubleshooting Enterprise Console 5.1 migration

itsNeil

I've performed a migration of the Enterprise Console from a win2k3 32-bit server to a 2k8 r2 64-bit server, following the pdf guide (http://www.sophos.com/en-us/medialibrary/PDFs/migration/sec_51_mgeng.pdf).

It all seemed to work ok. Database migrated fine. The previous structure imported ok. I was able to install the update manager on the new server, assign it to the local subnet updating policy and tell the clients to update from it. But it seems that though all the clients have all accepted the new configuration, they are not reporting their status back to the enterprise console (and in fact none of the clients across the entire enterprise are talking to the new EC).

They're all 'red x'd' and their details haven't been updating (I can look at SAU on a client and see the new server is the primary update location but it hasn't updated in the EC).

We're also migrating an update manager at another site. I've installed the update manager from the SUMInstallSet share on the new Enterprise Console system but it is not appearing in the list of update managers. Anyone suggest how to troubleshoot it? :-)

Cheers
Neil

:34319


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    On a client that should be managed by the new server, If you restart the Sophos Message Router Service it will create a new log file (C:\ProgramData\Sophos\Remote Management System\3\Router\Logs\), can you restart it, wait 5 mins, then paste the log here.

    What is the name of the new server/IP would be useful also, as would if you also check that the following align between the new server and client:

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\RouterKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\CertificationIdentityKeys\CertificationIdentityKey

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\ManagedAppKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\CertificationIdentityKeys\ManagedApplication

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\DelegatedManagerKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent\Private\CertificationIdentityKey

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\cac

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\cac

    Also, to prove the server is ok, have you tried creating a VBScript file using the HTA here:

    http://www.sophos.com/en-us/support/knowledgebase/116737.aspx

    to redirect the endpoint at the new management server interms of RMS and optionally patch?  

    It would be interesting to know if that works at least on a couple of clients and therefore if it would be an option.,

    Regards,

    Jak

    :34323
Reply
  • 0

    HI,

    On a client that should be managed by the new server, If you restart the Sophos Message Router Service it will create a new log file (C:\ProgramData\Sophos\Remote Management System\3\Router\Logs\), can you restart it, wait 5 mins, then paste the log here.

    What is the name of the new server/IP would be useful also, as would if you also check that the following align between the new server and client:

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\RouterKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\CertificationIdentityKeys\CertificationIdentityKey

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\ManagedAppKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\CertificationIdentityKeys\ManagedApplication

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\DelegatedManagerKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent\Private\CertificationIdentityKey

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\cac

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\cac

    Also, to prove the server is ok, have you tried creating a VBScript file using the HTA here:

    http://www.sophos.com/en-us/support/knowledgebase/116737.aspx

    to redirect the endpoint at the new management server interms of RMS and optionally patch?  

    It would be interesting to know if that works at least on a couple of clients and therefore if it would be an option.,

    Regards,

    Jak

    :34323
Children
No Data