1 2 Previous Next 13 Replies Latest reply on Jan 13, 2010 6:52 PM by hswoo2000

    Agent's Sync with Server

      Hi.All

       

      The reason I am asking this is that I believe there are many Laptops which has not been registered in the server, even though I deployed to all staff using GPO.

      For the nature of our company, many staff travel a lot. If they are not connected to the Internal network, encryption job can't be finished.

       

      When installing EEPC, PC must be rebooted for sycronization. However, if staff install the EEPC and turn off Laptop and disconnect a LAN. Later on, the staff swich on Laptop with network disconnected.

      In this event, Syncronization won't be completed, because agent is not connected to the server. Am I right? Then, does EEPC agent keep trying to syncronize again and again? or just once??

       

      Under the assumption that the latter is right,

       

      I just learned how to forcesync EEPC agents registered in the Server, using "SbAdmCL -AdminUser:xxxxxxx -adminpwd:xxxxxxx -Command:ForceSync "

      However, this is command from Server for the registered machine to syncronize.

       

      Are there any ways for the opposite??  A code or way to register and syncronize Unregistered PC to the Server....

       

       

      thank you

        • 1. Re: Agent's Sync with Server

          You don't need to write a custom client side script.

          Just set machine property under Synch tab, to sync on boot (with some delay) and Automatically resynchronize every so many minutes (240 would be fine).

          For initial synch properties, use "defscm.ini" with appropriate SynchInterval value, when you create client install set.

          • 2. Re: Agent's Sync with Server

            Same issue for us, same solution:

             

            Create defscm.ini in the \sbadmin\ folder

            Set synch interval to 10 minutes (We also added a 10 minuted initial delay, but it's not really needed)

            Set the synch interval for your group to 240 (or whatever), and set an initial delay (so the remote client can get VPN connected) to 10 mins.

            Now create the install set from the group

             

            When the client initially installs, it'll attempt to synch every 10 minutes. Once it successfully syncs, it'll pick up the group setting, and it'll back off syncing to whatever the group setting is (240 or whatever).

             

            The agent will attempt to resync at it's specified interval. If it fails, it'll go back to sleep until the next specified interval (there aren't any intermediate retries).

            • 3. Re: Agent's Sync with Server

              Along with the other's suggestions, we have also popped a hole in our firewall to the EEM server on port 5557 so our clients can sync over the Internet. This helps alot and McAfee assured us there were no known attacks against that port.

               

               

              Message was edited by: mining on 1/12/10 2:24:58 PM CST
              • 4. Re: Agent's Sync with Server

                Open port from the Internet makes it a bunch more complicated.

                 

                Name resolution: The client has to know both the inside name, and the public name (or IP).

                Individual companies may not permit direct Internet/inbound connections directly to internal servers. (we certainly don't)

                • 5. Re: Agent's Sync with Server

                  Port 5557? Did you customize it? Normally it is 5555.

                  • 6. Re: Agent's Sync with Server

                    Oops, no customization. 5555 it is.

                     

                    Our firewall group had concerns about doing this, but McAfee actually had a guide for allowing access through the Internet and were able to assure our firewall people that this was secure. Individual company policies are different though, so YMMV.

                    • 7. Re: Agent's Sync with Server

                      by default the client talks on 5555 and listens on 5556. 5557 is for the PDA's

                      • 8. Re: Agent's Sync with Server

                        thanks for your tips.

                         

                        But thing is we have already created and finished deploying installset.

                         

                        I think it'll be hard for me to create another installset for all staff and deply,,..

                         

                        Aren't there any other ways to force the 'never-synced PC'  to sync in server or client side?

                         

                         

                        Message was edited by: hswoo2000 on 1/13/10 10:22:36 AM GMT+09:00
                        • 9. Re: Agent's Sync with Server

                          In that case you have to modify each client's "SCM.INI" file located in "C:\Program Files\.......\your EE Client program directory".

                          Change:

                          [Defaults]
                          BootSynchDelay=
                          SynchInterval=

                          to:

                          [Defaults]
                          BootSynchDelay=5
                          SynchInterval=10

                          First sync will be performed 5 min after Windows startup, with retries every 10 min, until server is contacted. Then, encryption should start and group properties will be applied, hopefully with different settings (sync every 240 min, for example).

                          1 2 Previous Next