01 December 2010

Troubleshooting Sophos Message Relay issues

In a previous article I described how to set up Message Relay machines to improve the scalability of a single Sophos Management server.  See http://fixmyitsystem.blogspot.com/2010/11/configure-sophos-message-relay-for.html

I was quite happy that I got everything working properly, so I figured let me build my production environment. This is where things got a little ugly.  I got stuck not being able to get my clients to use the message router.

What to look for in the communications report:

the Sophos Management server should look like this
A Client machine communicating directly with the management server looks like this.  Note the parent address refers to the Management server
The message router should look like this.  Note the RMS router type has to say message router

A client machine using the message relay looks like this. Note the name of the parent address refers to the message relay

When a machine updates and changes message relay you should see the following during the update.
Only this one file is retrieved and then it is followed by the reinstall of the RMS component.  If you do not see this file coming in and there is no install then nothing has changed.

Remember to check and refresh the Communications report

While checking these on the various machine I noticed the following issues.

Message relay machine remains as an endpoint RMS

After step 3 of http://fixmyitsystem.blogspot.com/2010/11/configure-sophos-message-relay-for.html your message relay should show up as a message relay in the Connection report.  Mine faild to do this even though it worked during the lab.  I found the problem....eventually.

You also need to copy your edited mrinit.conf file into the SAVSCFXP root.  If you reinstall the message relay from here it will now correctly configure the machine as the message relay.

Client machines do not start using the message relay even though they are updating from the MR machine

In theory and according to Sophos documentation.  If you point a client machine to a CID that has been configured to act as a MR the machine should update itself an start using the MR.  You can confirm this by checking the connection report.

There is one big catch here though.  The edited mrinit.conf file's "created on" date needs to be different to the one it was installed with.  It appears that the only way the client knows to get the new mrinit.conf file is by the date.  If they are different it will happily detect the alternate file, download and install it.  If the dates are the same it won’t download or install. 

No comments:

Post a Comment