Changing domain name, computer name, network type or OS when the Enterprise Console is installed

  • Article ID: 119532
  • Rating:
  • 8 customers rated this article 2.3 out of 6
  • Updated: 21 Mar 2016

This article is to confirm that we do not support any of the following actions when the Sophos Management Server/Enterprise Console is installed.

  • Change the Active Directory domain name.
  • Change the computer name (servername) of the Domain Controller (when the management server is installed on that computer).
  • Change the computer name (server name) of a member server (when the management server is installed on that computer).
  • Promote a computer to a domain controller (when the management server is installed on that computer).
  • Demote a domain controller (when the management server is installed on that computer).
  • Upgrading the OS

Applies to the following Sophos product(s) and version(s)
Enterprise Console

What is the supported method of carrying out the above actions?

The only supported methods are:

  1. Fully uninstall all components of the Sophos Management Server/Enterprise Console before carrying out any of the above tasks.
  2. Migrating the installation to a new server. Information on how to migrate is provided in article 28276.

Multiple errors and problem may occur and we are unable to support installations that have been subject to the actions listed above.

Why must the product be removed first?

During the installation of the Sophos Management Server/Enterprise Console domain names and computer hostnames are hard-coded into the Windows registry, local configuration files and the Sophos databases.  Furthermore promoting a computer to a DC or demoting a DC changes account security identifiers.

How do I re-install the management server components?

Almost all registry information has to be removed before reinstalling.  However if you preserve the 'CertAuthStor' key the management server will keep the same certificates that currently installed endpoints are using.  Therefore the high-level steps are:

  1. Fully remove the existing server components.
  2. Export just the CertAuthStore registry key (HKLM\Software\[Wow6432Node]\Sophos\Certification Manager\CertAuthStore).
  3. Delete the Sophos registry key (HKLM\Software\[Wow6432Node]\Sophos\).
  4. Import the CertAuthStore registry key back into the Windows registry.
  5. Install the required server components as normal.

Can I restore my databases from the previous installation?

The restored databases will have the previous configuration contained in them and hence you will experience problems if this information is not changed.  It is not easy to reconfigure them for continued use.  Therefore we would strongly recommend you do not restored your databases.

If it is important for you to continue using the previous database you will have to contact us.  We will need to know what changes have been made and the names of computers/domains/etc. before and after the change.  Plus where the management server was installed (DC or member server), etc.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent