In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Enterprise Console: when installed on a Windows 2003 domain controller some managed computers appear grayed out

When Enterprise Console is installed on a computer with Windows Server 2003, Service Pack 1 (SP1), which is used as a domain controller, some managed computers appear grayed out, and do not report back to Enterprise Console.

There are several reasons why managed computers appear grayed out. This article refers to a specific instance of this problem, which can occur when you have Enterprise Console installed on the following server specification:

• Windows Server 2003
• Service Pack 1 (SP1) applied
• used as a domain controller
• uses Internet Connection Sharing (ICS).

This issue can be a symptom of a more serious underlying problem, namely that your network has been configured in a way that is not recommended or supported by Microsoft.

If you have Enterprise Console installed on Windows Server 2003 as described here, and are experiencing the problem outlined at the start of this article, you should seek advice and/or consult the available literature published by Microsoft, including release notes and the product help. You may need to consider reconfiguring your network to ensure correct operation and security.

• When Windows Server 2003 (SP1) is used as a domain controller, Microsoft caution you that you must not attempt to use ICS.
• If you need to use Internet Connection Sharing (ICS), Microsoft recommend setting up Routing and Remote Access.
• There are issues around the use of Windows Firewall on Windows Server 2003 (SP1) in a network. You will need to ensure that your network is secure.
• If you are using Sophos Anti-Virus with the above server, you may need to specially configure the server.

What to do

WARNING: The following procedure is a workaround to enable managed computers to report to Sophos Enterprise Console. However, this will not remove any underlying problems with the network configuration, which we strongly recommend you deal with as a priority.

In many versions of Windows Server 2003, the Internet Connection Sharing service is combined with the Windows Firewall service. You may need to disable the combined service which is called Windows Firewall/Internet Connection Sharing (ICS).

Note that if you use Control Panel to turn off the Windows Firewall, it appears to be off, but when you check the service, it is still running.

1. Isolate your local network from the internet, for example, by unplugging it. This step is recommended because, by turning off the Windows Firewall, you will be unprotected, unless you have an alternative firewall in place.
2. Open Windows services.
3. Right-click the 'Windows Firewall/Internet Connection Sharing (ICS)' service.
4. Select 'Properties'.
5. In the 'Startup type' dropdown, select 'Disabled'.
6. Stop the service.
7. Your computers should now be able to update and report back. You can now check that all computers are uptodate.

If necessary, clear alerts from Enterprise Console, as described in 'Clear alerts from the console' in the Enterprise Console User manual.

If you need more information or guidance, then please contact technical support.

• Article ID: 14132
• Created: 1 Dec 2005
• Last updated: 17 Oct 2008

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement