Remote Management System: significant files and registry entries on the client computer

  • Artikel-ID: 36337
  • Aktualisiert: 10 Jan 2014

Significant files

RouterNT.exe
(Windows 2000+)

Router9.exe
(Windows 9x)

This is the main executable file for the Message Router on Windows computers.

Location:
In Windows 2000+: C:\Program Files\Sophos\Remote Management System\RouterNT.exe 
In Windows 2000+ 64bit: C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
In Windows 9x: C:\Program Files\Sophos\Remote Management System\Router9.exe

ManagementAgentNT.exe

This is the main executable file for the Agent service on Windows computers.

Location:
On 32bit: C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
On 64bit: C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe

Significant registry keys

HKLM\SYSTEM\CurrentControlSet\Services\Sophos Message Router\ImagePath

The value of this entry on 32bit operating systems:
"C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194

The value of this entry on 64bit operating systems:
"C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194

Where:

  • -name Router sets the name in the context of the system and is essentially used as a prefix.
  • -ORBListenEndpoints is a standard option that can be passed to the ACE ORB during initialisation. It is here we declare the interface and ports on which the Message Router should bind
  • iiop://:8193 configures it to listen on all interfaces and to use the protocol IIOP. If required, this could be changed to -ORBListenEndpoints iiop://10.0.0.1:8193/ssl_port=8194

HKLM\SOFTWARE\Sophos\Remote Management System\ManagementAgent\Private\Pkc
HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\Pkc

The signed certificate as issued by the Certification Manager. This value is required before the Sophos Agent can be officially part of the Remote Management System. In order to obtain the value, the Sophos Agent logs onto the local Message Router’s certification interface (when available) and makes a certification request. This should be received by the Certification Manager and a certificate issued. It is then sent back by the server’s Message Router to the client Message Router and on to the Sophos Agent. It is then able to log on to the client interface on the local Router and become part of the Remote Management System and send messages. This is the same process by which the Sophos AutoUpdate Agent receives its certificate.

HKLM\SOFTWARE\Sophos\Remote Management System\ManagementAgent\Adapters\
HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Adapters\

The above location sets the paths to the adapter. For example, the value of DLLPath under HKLM\SOFTWARE\Sophos\Remote Management System\ManagementAgent\Adapters\SAV is: C:\Program Files\Sophos\Sophos Anti-Virus\\SAVAdapter.dll

HKLM\SOFTWARE\Sophos\Messaging System\Router
HKLM\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router

The majority of other keys that define the behaviour of the Message Router are under this key.

A selection of the most significant keys are given below. Not all the following values are present by default, but they can be added to override default behavior if required.

 

Name Type Value Purpose
GetterInterval DWORD Any default (960s/15 mins) If the Message Router is an active consumer this value defines the polling frequency in seconds.
IORSenderPort DWORD Any (default 8192)

This value is set by clientmrinit.exe in conjunction with mrinit.conf, which is copied to the client during the initial bootstrap phase of the client by setup.exe. The value in mrinit.conf is created by the server at install and is based on the source file srcinit.conf, which sets the ports for RMS to use in the very first instance.

In order for a Message Router to publish its services, i.e. interfaces and ports on which it is listening, the Message Router has the concept of an IOR. This registry key defines what port the Message Routers IOR is being hosted on for other components to connect to.

LogFileCount DWORD Any (default 4) Configures how many log files the Message Router will use in its rotation scheme. May be beneficial to increase for troubleshooting purposes if there are many clients, causing a busy Message Router.
LogFileMaxSize DWORD Any (default 1048576) The maximum size of a log file before a new file is created.
LogLevel DWORD 0/1/2 (default 0) Defines the level at which the Message Router logs. 0=normal, 1=debug, 2=trace level.
ParentAddress SZ Should be set to the address of the Message Router's parent Message Router.

This value is set by clientmrinit.exe in conjunction with mrinit.conf, which is copied to the client during the initial bootstrap phase of the client by setup.exe. The value in mrinit.conf is created by the server at install and is based on the IP addresses of the server, how they are obtained and thehostname.

For a Management Server whose IP address is fixed, the value ParentRouterAddress in mrinit.conf will contain the IP addresses of the management server, plus the FQDN format if a member of a domain and the NETBIOS name. If the Management Server obtains it’s IP(s) through DHCP, only the machine name will be used. It is in this scenario where the client may rely on DNS in order to find its parent server.The value essentially enables the Message Router to find its parent Message Router. The registry value can be changed and the Message Router restarted if required, and may be used when setting up message relays.

ParentPort DWORD Any (default 8192) This value is set by clientmrinit.exe in conjunction with mrinit.conf, which is copied to the client during the initial bootstrap phase of the client by setup.exe. The value in mrinit.conf is created by the server at install and is based on the source file srcinit.conf, which sets the ports for RMS to use in the very first instance. This port value is used with the parent address in order to find the parent Message Routers IOR.
RestartDelay DWORD Any (default 60) How quickly the Message Router will attempt to restart; by default this is every minute.
ServiceAgrs SZ Any as accepted by routernt.exe and ultimately the ACE ORB (default: -ORBListenEndpoints iiop://:8193/ssl_port=8194) When the Message Router reinstalls itself these values are used to populate the service key: HKLM\SYSTEM\CurrentControlSet\Services\Sophos Message Router\ImagePath

 
Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend

Anmerkungen