01 November 2010

Sophos client not communicating with Enterprise Console

While testing the new version of Sophos I ran into this error.


I have existing client machines currently running Sophos endpoint 8.  To test I installed a separate server with Enterprise Console 9.  I then manually install on a few client machines.


I would install the client form the Enterprise Console's own CID.  The install would complete successfully but there would be no comms from the client to the server.  Running the Sophos Communications report showed that there was an error, but it listed as the rather generic:

Sophos Anti-Virus cannot report to Sophos Enterprise Console (SEC) or receive new security policies. 
This is because it is using an SSL certificate that is incompatible with the SEC server. 
Sophos Anti-Virus should be reinstalled by the system administrator.


This indicates that there is an issue with the server certificate and the listed solution to this is to reinstall the client from the CID....  This is exactly what got me to this point in the first place.

I finally found the problem.  The message router is specified by the mrinit.conf file.  This file is retrieved from CID.  My client machines however had a file that remianed after the Sophos client was unistalled.  This file was called mrinit.conf.orig.  This file contained the Orginal sophos servers address.  If i manually removed this file then the install woudl succeed without any issues.  This is however not practical for a large deployment.  The fix for this was to copy the mrinit.conf file from the cid and rename it to mrinit.conf.orig.  Copy these two files into the RMF folder of the CID.  Then by running configcid these files are then included into the CID.

Now when you install, the problem causing mrninit.conf.orig file is overwritten and all thing work nicely again.

2 comments:

Gareth Jones said...

Hi - I've tried to use configcid to add the mrinit.conf.orig to the cid with no luck. I've copied the two files to the "C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP\rms" folder, configcid updates mrinit.conf but not the .orig file.

We could push this out via SMS but it'd be much easier via the Sophos Enterprise Console.

Hope you can help! Gareth.

Etienne Liebetrau said...

Hi Gareth

Have a look at this article

http://fixmyitsystem.com/2011/01/sophos-mrinitconforig-prevent-migration.html

I am going to assume that you are migrating from one server to another.

What I ended Up doing was to add a custom script to our SMS deployment to look for and delete both the mrinit.conf and .orig files.

If you really want to keep using the Enterprise console I would then suggest adding the file delete action to the "Sophos Remote Management System.msi" but for that you will have to crack it open and then it is "non standard"

Let me know how it goes though.

Post a Comment