+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Thread, Moving Sophos to a new server in Technical; Maybe its just me but the Sophos knowledgebase seems hopeless and doesnt even seem to understand the term migrate So ...
  1. #1

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Moving Sophos to a new server

    Maybe its just me but the Sophos knowledgebase seems hopeless and doesnt even seem to understand the term migrate

    So how do I do it?
    Enterprise Console v2 we're running

    Is there a migration tool or a guide on doing it manually?
    Also once its done I assume its just a case of changing the updating policy to reflect the new server so clients can find updates

  2. #2

    Join Date
    Mar 2007
    Posts
    421
    Thank Post
    14
    Thanked 16 Times in 10 Posts
    Rep Power
    19

    Re: Moving Sophos to a new server

    I tried this a while ago, and it didn't go very well and Sophos weren't a great deal of help.

    Basically it seems to involve a fresh installation, and then running a startup script (provided by Sophos) on the clients to redirect to the new server and force them to get a new certificate to allow them to connect to the remote management system. It all worked as soon as the scripts ran on the PCs.

    This was on the older version 1.0 console, but I would assume the process is similar.

  3. #3
    Kyle's Avatar
    Join Date
    Jan 2006
    Posts
    974
    Thank Post
    91
    Thanked 14 Times in 13 Posts
    Rep Power
    21

    Re: Moving Sophos to a new server

    We just installed it on another server and then redirected the clients. Took a while ofr them to come over but it was all done ina few days. We jsut turned the other server off then

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,619
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    304

    Re: Moving Sophos to a new server

    Ok really simple guys, one of the few simple things!

    You need to ensure that the new server gets the name and IP of the old one, so thats easy done. So install Server 2003, SP2 etc updates etc, download Sophos from Sophos webby. Disconnect Old Server, remove from domain, network etc. Rename new server old serves name and give it its IPs, then reboot, install Sophos EC2, EMlib etc on that, give the shares the same names as the old servers had, then bobs your uncle, it should all come back through and work fine within a few hours, or it did for me when I moved it once. Must admit its the only thing thats gone well for me with Sophos!

  5. #5

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: Moving Sophos to a new server

    What if the server you are moving it from has other network related apps / shares / home directories etc which people are using ?

  6. #6

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Re: Moving Sophos to a new server

    I would really prefer not to call the server the same name
    If I do that, I cant do any work on it until holidays, and it needs to go in at half term to replace an unreliable one

    I would much prefer to work on it during term time and do as much as I can, and do the swap at half term

    I think I'll go the route of installing it fresh

  7. #7
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: Moving Sophos to a new server

    Word of warning on this that I discovered the hard way... It may seem obvious but worth noting for anyone who has a dense moment too.

    You can't have Sophos EC installed on more than one server.. If you do you're likely to screw up your ability to get status reports from your clients.

    Yep... I managed to get two EC's on the network and didn't realise for ages... The clients were installing fine but once Sophos started installing it would sit with the hourglass icon and not change.

    Solution was to uninstall EC, the library, etc... from all machines and then reinstall on the machine that should have it... After that most of the client machines picked up the proper EC install and status updates worked fine.

  8. #8

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,619
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    304

    Re: Moving Sophos to a new server

    Hmmm maybe your unlucky, I have 2 versions of Enterprise Console on my Lan. Fine one is the new V7 Sophos one with the dashboard and the other is the older one (forgot the version numbers) but they play very happily together so long as you dont try and talk to the same machines in both consoles, which I don't as i moved the ones i dont want in each console to the Unassigned Computers folder.

  9. #9
    Sophos-Support-5's Avatar
    Join Date
    Jun 2007
    Location
    Abingdon, UK
    Posts
    48
    Thank Post
    0
    Thanked 7 Times in 6 Posts
    Rep Power
    16

    Re: Moving Sophos to a new server

    Quote Originally Posted by sidewinder
    Maybe its just me but the Sophos knowledgebase seems hopeless and doesnt even seem to understand the term migrate

    So how do I do it?
    Enterprise Console v2 we're running

    Is there a migration tool or a guide on doing it manually?
    Also once its done I assume its just a case of changing the updating policy to reflect the new server so clients can find updates
    Hi Sidewinder,

    The Sophos Enterprise Console (SEC) and Sophos Enterprise Manager (SEM) will need to be uninstalled and reinstalled - but they are not as important as the database storing all the data regarding the installations of Sophos Anti-Virus (SAV) on each of your client machines. You can "migrate" the SOPHOS2 (or SOPHOS3 for SECv3) database from one machine to another. It is explained in appendix B of:

    http://www.sophos.com/sophos/docs/eng/esav_20_uen.pdf (SEC v2)

    http://www.sophos.com/sophos/docs/eng/esav_30_uen.pdf (SEC v3)

    Once the database is moved to the new machine you will also retain all of your groups and policies (SAV and Updating) inside the SEC.

    In order for all the client machines to talk successfully with the new server make sure you backup from the old server the registry key:

    HKEY_LOCAL_MACHINE\Software\sophos\Certification Manager

    ...and import into the registry of the new server. Reinstating this key means the security keys that allow communication between clients and the Sophos management server have been preserved. If the IP address is the same on the new server as it was on the old all the client installations will not notice a different. If however the IP address/ hostname of the Sophos management server has changed the clients will send their status messages to the wrong server.

    The following registry key dictates where the messages are sent:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router - ParentAddress

    If it is still looking to the old server initially try re-protecting a test group of clients and check in their registry again.

    If this continues to point to the old server please raise a support request and we can troubleshoot further:

    http://www.sophos.com/support/query


    Regards,

    Sophos Technical Support

  10. #10

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,265
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74

    Re: Moving Sophos to a new server

    Does that Certification Manager / Router Parent address trick work if you want to move the clients from a v1.2 to a v2/3 server with out moving the DB?

  11. #11
    Sophos-Support-5's Avatar
    Join Date
    Jun 2007
    Location
    Abingdon, UK
    Posts
    48
    Thank Post
    0
    Thanked 7 Times in 6 Posts
    Rep Power
    16

    Re: Moving Sophos to a new server

    Quote Originally Posted by psydii
    Does that Certification Manager / Router Parent address trick work if you want to move the clients from a v1.2 to a v2/3 server with out moving the DB?
    Hi Psydii,

    Sophos Enterprise Manager Library (EM Library) had a version 1.2. I assume you mean Sophos Enterprise Console v1.

    Yes: the same registry key should be exported from the old installation and imported to the new server/ installation.

    Regards,

    Sophos Technical Support

  12. #12

    Join Date
    Jul 2006
    Location
    London
    Posts
    2,962
    Thank Post
    159
    Thanked 152 Times in 116 Posts
    Rep Power
    49

    Re: Moving Sophos to a new server

    Sophos-Support-5 - Where were you 2 months ago?!? lol

    In the end, as the old server was also running IAS and KS3 tests, I couldnt remove it (its still running now)
    So I changed the update location on the old server to match the one on the new server
    So all clients are updating but obviously Ive lost the ability to see their status.

    Bit by bit Im going through and 're-protecting' them on Enterprise manager which does work but is going to take ages as we have 700 PC's and its hard to deploy to laptops from there because they often arnt on for long

    I will have a look at those reg keys though as that may be an easier way

  13. #13

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,265
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74

    Re: Moving Sophos to a new server

    SS5,

    You are of course correct that is what I meant!

    Does this work if BOTH the ip and hostname of the server are different?

    p.

  14. #14
    Sophos-Support-5's Avatar
    Join Date
    Jun 2007
    Location
    Abingdon, UK
    Posts
    48
    Thank Post
    0
    Thanked 7 Times in 6 Posts
    Rep Power
    16

    Re: Moving Sophos to a new server

    Quote Originally Posted by psydii
    SS5,

    You are of course correct that is what I meant!

    Does this work if BOTH the ip and hostname of the server are different?

    p.
    Hi Psydii,

    What you are asking can be done; it's just a tad more complicated. As an overview...

    Reinstating the Certification Manager key means messages recieved from clients are allowed (NOTE: RMS communication is secure) to be passed to the Management service and then written to the database.

    If you did not back up the key and simply reinstalled the SEC on a new server the new SEC would have a different secure key and all the clients requests to send messages would be refused because the key they are using is unknown to the new SEC.

    The above is based on the messages actually getting to the Sophos management server to be accepted/ refused in the first place. If your new Sophos management server has a different IP address/ hostname then the clients need to be told about it before you decommission the old Sophos management server - it's all done through the Central Installation Directory (CID) that they are currently updating from.

    While all the clients are updating from \\oldServer\InterChk\ESXP\ you have to use that CID to re-configure them and tell them to not only look at \\newServer\InterChk\ESXP\ but also send all their status messages to the newServer from now on.

    If you would like more details feel free to submit a support request.

    www.sophos.com/support/query

    Regards,

    Sophos Technical Support

  15. #15

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,265
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74

    Re: Moving Sophos to a new server

    SS5 I'll probably log this later on in the week. Thanks.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Moving to a new server?
    By sidewinder in forum ICT KS3 SATS Tests
    Replies: 10
    Last Post: 27th February 2009, 01:20 PM
  2. Moving RIS images to new Server
    By Kyle in forum Windows
    Replies: 4
    Last Post: 11th October 2007, 12:18 PM
  3. Moving SIMS to a new server
    By jasonb007 in forum MIS Systems
    Replies: 3
    Last Post: 16th May 2007, 10:38 AM
  4. Moving Mcafee EPO to a new server
    By manick in forum Network and Classroom Management
    Replies: 2
    Last Post: 5th April 2007, 11:26 AM
  5. Moving RIS from 1 server to another
    By Zoom7000 in forum Windows
    Replies: 15
    Last Post: 10th February 2007, 12:25 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •