SafeGuard Enterprise: Imaging of Clients using a previously used hostname

  • ID dell'articolo: 110597
  • Aggiornato: 06 mag 2010
SafeGuard Enterprise: Imaging of Clients using a previously used hostname.

Known to apply to the following Sophos product(s) and version(s)
SafeGuard Enterprise Client 5.2x, 5.3x, 5.40.0

Operating System
Windows XP SP2, SP3, Windows Vista SP1, SP2, Windows 7

What to Do

When you install a new SafeGuard Enterprise (SGN) Client which has a previously used hostname, under certain circumstances the required key may not be correctly sent to the database.

Until the machine key is released, the machine will be unable to perform a challenge/ response and data may be lost!

How do I know if I am affected?
If you have re-imaged SGN machines, please run this SQL script statement below to see if the SGN machines in your network are affected.

SELECT Distinct SGD_NAME FROM SAFE_GUARD_DIR where SGD_SCHEMA_CLASS_NAME in ('sgcomputer','computer') AND SGD_NAME in (SELECT Distinct Substring(SUBSTRING(KIN_SYMBOLIC_NAME,0, (patindex('%@%', KIN_SYMBOLIC_NAME))),6,100) FROM KEY_INFO WHERE Substring(SUBSTRING(KIN_SYMBOLIC_NAME,0, (patindex('%@%', KIN_SYMBOLIC_NAME))),6,100) <> '' AND KIN_IN_USE = 0) AND SGD_ID not in (SELECT KAS_SGD_ID FROM KEY_ASSIGN)

Solutions

Q. How do I avoid having problems when installing images of an SGN client using a previously used hostname?
A. Update to SafeGuard Enterprise (SGN) 5.50

Q. What should I do if I have already installed an image of an SGN client with a previously used hostname and have not updated to SGN 5.50?
A. You must ensure that no machine key (e.g. boot_machinename@DSN) is assigned to the machine in the Management Center!

Before installing an SGN image which has a previously used hostname, it is strongly recommended that you check your database prior to any re-imaging, using the SQL script statement . This SQL statement will find and display which machines in the SQL database do not have their current machine key backed-up.

After identifying the “problem” machines, please follow these steps:
  1. Delete the "old" computer object in the SafeGuard Enterprise Management Center.
  2. The SafeGuard Enterprise Security Officer must ensure that the machine-key (e.g. boot_machinename@DSN) is no longer assigned to any object.

    A typical scenario would be that the key is assigned to a SafeGuard Enterprise user to perform recovery tasks. Once these actions are finished, un-assign the machine-key immediately. The key should then be displayed in the "inactive keys" area of the SafeGuard Enterprise Management Center. The new machine-key is not stored in the SafeGuard Enterprise Database until the "old" key is completely unassigned.

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti