Console 4.7: Prerequisite checks performed by the Sophos Upgrade Advisor: what they mean

  • N.º del artículo: 110883
  • Actualizado: 30 oct 2014
The table below displays an explanation of the prerequisite checks performed by the Upgrade Advisor.

Computer browser service
Database access
Database configuration
Enumerating network adaptors
Finding non-Sophos databases
Hostname length
Required system files in use
Running on DC
SQL server compatibility
User is administrator
Running on Windows 2000 or 2008

Please note:

  1. Sophos Upgrade Advisor can be downloaded from here.

  2. If you encounter a critical error, denoted by the symbol, you will need to fix the problem and then run the Upgrade Advisor again in order to continue with the upgrade.


  3. If you need to contact Technical Support regarding one of these errors, before you contact us, please run the Sophos Diagnostic Utility (SDU) and have available the resulting output, as described in the article Sophos Diagnostic Utility (SDU): how to use it to send files to Sophos Technical Support. This will speed up your case. Do not not use the 'Export' button in the Upgrade Advisor to export Log files for this purpose - these are for your own reference only.


  4. When installing, or upgrading to, Sophos Enterprise Console 4.7.1, after resolving all of the problems, you must run the Sophos Upgrade Advisor one final time (i.e. a successful pass) in order to allow the install to continue.

Upgradeable Enterprise Console 

State and description in wizard Explanation

Upgrade can only be performed from Enterprise Console version 3.0 or later.
The Upgrade Advisor has not found a version of Enterprise Console that can be upgraded on this server. There are three reasons why you may see this error:

  • Enterprise Console is installed on this server, but it is version 2 or earlier. In this case, you should remove Enterprise Console 1 or 2 (using Add/Remove Programs) and then install a fresh installation of Enterprise Console 4.7.

    You can download Enterprise Console 4.7 from here (note: this isn't considered an upgrade, so download the installer from this page). Please be sure to check the system requirements for Enterprise Console 4.7 before attempting to install.
  • Enterprise Console is not installed on this computer. Go to Add/Remove programs and check to see what is installed. If necessary you should then contact Technical Support.
  • You have not run the tool on the server on which the Sophos Management Service is installed. The Sophos Management Service is usually installed on the same server as the Enterprise Console executable, however, you can install the Sophos Management Service on a separate server if required. If you have run the Upgrade Advisor on the server on which Enterprise Console is installed and you see this error, you will need to determine which server has the Sophos Management Service installed on it and run the Upgrade Advisor there. Similarly, if you run this tool on the server that hosts the Enterprise Console database, you need to find the server on which the Sophos Management Service is installed.
The Uprade Advisor checks whether Enterprise Console is installed on the current server. This check mark indicates that the Upgrade Advisor has found a version of Enterprise Console that can be upgraded.

Database access

State and description in wizard Explanation

The SophosDBUser does not have access rights to the database.
The SophosDBUser account is only relevant when a custom installation is performed, such as when the database is installed on a separate server, or you installed the database to a custom path when installing all the components on the same server.

In these cases, in order for the Sophos Management Service to gain access to the Sophos database, this account is used. Therefore, this user account should be permitted to log on to both the management service machine and the database machine, and should be a member of the “Sophos DB Admins” group on the SQL server.

The user account SophosDBUser is the account specified within the registry key:
(32-bit) HKLM\SOFTWARE\Sophos\EE\Management Tools\DatabaseUser\
(64-bit) HKLM\SOFTWARE\WOW6432Node\Sophos\EE\Management Tools\DatabaseUser\

If you get this error, check the following registry values and ensure that the user account exists on your domain and that the domain is correct (or the credentials are valid on both the database and managemnent console servers, if the servers are in a workgroup, or if a local account is used):

  • DatabaseUserDomain
  • DatabaseUserName
  • DatabaseUserPassword

If you need to add a value to the DatabaseUserPassword or DatabaseUserName key, you will need to use the obfuscation utility included in your Enterprise Console program folders to create it. Please see Obfuscating the username and password for more details.

The Upgrade Advisor was able to connect to the database.

Database configuration

State and description in wizard
Explanation

A local Sophos database is installed, but Enterprise Console has been configured to use a remote database. The upgrade will fail.

The Upgrade Advisor tool has detected that the location of the database being used is different to the location that was set up during the initial installation.

For instance, this error will occur if you installed Enterprise Console and its database on the same server, but then decided to move the database to another server.

In order to avoid problems with the upgrade, you must remove the locally installed (and now unused) database. To do this:

  1. Go to Add or Remove Programs | Select | Sophos Enterprise Console | Change, and remove the database component.
  2. During the uninstall, you will be prompted to specify the location of the database server currently in use, and the Windows credentials required to access it. Please see the “Database access” check section above for more details about the SophosDBUser account.
  3. You can now run the Upgrade Advisor again and Sophos Enterprise Console should pass this check.
The Upgrade Advisor checks the installed components against the Enterprise Console database connection string registry key to ensure that the database location is the same in both records.

Your database is listed in the same location in both records.

User is Administrator

State and description in wizard

Explanation

You must be an Administrator to run this tool.
To perform the upgrade of Sophos Endpoint Security and Control, the user running the install of all roles is required to be an Administrator on the machine where the role is being upgraded or installed.

You are logged on as an administrator, therefore you can perform the installation.

State and description in wizard Explanation
 
We do not recommend running Sophos management software on a domain controller.
 
According to Microsoft recommendations, you should avoid installing a version of SQL Server software on a server that is used as an Active Directory domain controller. If possible, you should install the Enterprise Console database on a server that is not a domain controller. Although this is not enforced, it is best practice to separate these two roles wherever possible to ensure one does not negatively affect the other.

For more information, please see:
http://msdn.microsoft.com/en-us/library/ms144228(v=SQL.90).aspx
The database has not been installed on a domain controller, which means you have followed the best practice guidance from Microsoft.

Hostname length

State and description in wizard Explanation
Hostnames longer than 15 characters may be truncated in the console.
The server's name may not be fully displayed in Enterprise Console, which truncates computer names longer than 15 characters.
The server's hostname is not longer than 15 characters.

Enumerating network adapters

State and description in wizard Explanation
Multiple network adapters detected. Remote Management System may bind to the wrong network adapter and not be able to process messages.
If you have been using multiple network adapters on your management server with no problems, please ignore this warning.

However, if you have noticed a significant delay in the response times from your endpoints, or clients appear unmanaged in the console you should follow the advice below to bind the Sophos message router process to a specific network interface on the management server.

When the Sophos Message Router service starts it listens on all interfaces on TCP ports 8192 and 8194. Port 8192 hosts an Interoperable Object Reference (IOR) which is essentially a text string used by the managed clients to connect back to the IP address of the server on port 8194 (by default). This text string
(broadcast from the management server when a client connects to it on port 8192) could contain any one of the server’s multiple IP addresses.


Your management server has only one network adaptor, so it has passed this check.

Finding non-Sophos databases

State and description in wizard Explanation
Non-Sophos databases have been added to the SOPHOS instance. Applications relying on these databases may stop working after the upgrade. The non-Sophos databases detected are: [List shown]
 
IMPORTANT: In these messages, the term "SOPHOS" is in fact referring to the instance name where the SOPHOS4 database is located.

Sophos recommends that you backup databases before making any changes to your system.

Any work performed on the SOPHOS SQL instance has the potential to affect another applications that are using the SOPHOS instance.

For instance, if your SOPHOS instance is in MSDE format, this instance will be upgraded to SQL Server Express 2008 during the upgrade. We cannot guarantee that your other applications will be unaffected by this upgrade, so we urge you to check with the other software applications' vendors before proceeding.

If you are required to use a single SQL instance to host all of your databases, it is advisable to use an instance name other than SOPHOS so assumptions are not made by the installer.

Sophos recommends that where possible the SOPHOS named instance is used exclusively for Sophos products. This will avoid the likelihood of other applications suffering downtime caused by, for example, upgrades, incompatible versions of SQL, and other maintenance activity.

The Upgrade Advisor has found no other applications installed in your SOPHOS instance.

Required system files in use

State and description in the console Explanation
You should restart the computer before performing the upgrade.
There are one or more pending reboots outstanding due to one or more files being marked for rename, pending system restart. To maintain the integrity of the system, we recommend that you restart your server prior to continuing with the upgrade.

As restarting the server may not always be possible, this is categorised as a 'Warning' by the Upgrade Advisor, to allow you to consider the contents of the registry key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations to determine whether the restart is strictly necessary.

In virtual environments in particular, where this key is used to store temporary files transfered from the host PC that are waiting to be deleted, the contents of the key may not warrant a server restart.

If you have restarted your server and the warning is displayed the next time you run the Upgrade Advisor, we recommend checking the contents again, determining whether they are important to your system and taking one of the following actions:

  • If you think the contents are worth deleting, remove the PendingFileRenameOperations value from the registry.
  • If you would like to bypass the registry key in order to continue with the upgrade to Enterprise Console 4.5, rename the PendingFileRenameOperations value and then restore its name once the upgrade is complete.

For more details regarding this key and its use, see http://technet.microsoft.com/en-us/library/cc960241.aspx

There are no required system files in use, so the upgrade may proceed without restarting the server.

SQL server compatibility

State and description in wizard Explanation

SQL Server 2008 R2 is not supported.

This situation will only occur if you are upgrading from a previous version of Enterprise Console that was using SQL Server 2008 R2. SQL Server 2008 R2 is only supported from Enterprise Console version 4.7, so the previous installation was unsupported.

Once you've resolved any other fatal errors you've encountered when running the Upgrade Advisor, you should be able to proceed to run the setup program without further error. Please note: You must finish the Upgrade Advisor wizard before continuing. And then:

  • If you have not already downloaded and run the Endpoint Security and Control installation program, you can do so now.

  • If you have already downloaded and unpacked the Endpoint Security and Control installation program, run the setup.exe file. The default location for this file is C:\sec_47\ServerInstaller.

The SQL server used is no longer supported. The upgrade will involve upgrading the SQL server.

You may be running an old version of MSDE (SQL 2000) that cannot be upgraded automatically.

However, due to a known issue with the Upgrade Advisor, this may not apply. Please follow the chart below to determine what, if anything, you need to do.

Use the following links to the knowledgebase articles that are referenced in the diagram below:

Knowledgebase article 113030: How to check which SQL instance your Enterprise Console database is installed in

Knowledgebase article 113034: How to check which version of SQL and service pack your Enterprise Console database is installed in


 

Your version of SQL server is compatible with this version of Enterprise Console.

Running on Windows 2000 or 2008

State and description in wizard
Explanation

Windows 2008 can only support a maximum of 5000 clients.

Windows 2000 is no longer supported. Upgrade the server to a later Windows version.
If your management server is running Windows 2008, this warning restates previous guidance issued by Sophos about the number of endpoints that may be managed by Enterprise Console. In order to increase Enterprise Console performance on this operating system when it is managing more than 5000 clients, you should configure a message relay to offset the amount of network connections that Enterprise Console must process. This limitation was discovered during our testing of Enterprise Console performance on Windows 2008. For more information, see Using Enterprise Console and RMS on Microsoft Windows Server 2008.

If your management server is running Windows 2000, you will have to either upgrade your server's operating system or migrate to another server. The Upgrade Advisor will proceed and provide you with instructions for migrating to another server.
Your management server is running on Windows 2003 or Windows 2008 R2, which are both supported operating systems with no major performance issues.

Computer browser service

State and description in wizard Explanation


Computer search functionality will not work correctly.
If the Computer Browser server is disabled, certain operations may not work as expected. For example, with the “Computer Browser” service stopped, the computer Find functionality in Enterprise Console may not fully work due to the dependency on this service.

For more details regarding computer Find and the methods it can use to find computers refer to the knowledgebase article: Enterprise Console: the 'Find computers' wizard option 'on the network' may fail on Microsoft Windows Server 2008.
 
Your computer browser service is switched on and is accessible.

 

 

 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios