1 Reply Latest reply on May 31, 2012 2:28 AM by JoeBidgood

    Distributed Repository in DMZ not working

      Hi All,

       

      We have two EPO servers the main EPO server that the clients are connected to is in a sealed domain with no internet access so we have an additional EPO server that is sitting in a DMZ that does have internet access to download the latest DAT and HIPS updates along with all of the others. The Problem is the DMZ server is not joined to the domain like the primary EPO server is so it sits in a stand alone workgroup.

       

      Essentially what I want to be able to do is create a distributed repository via HTTP as port 80 is open on both of the EPO servers so that the primary EPO server can connect to the upstream DMZ server's repository and pull down the latest updates and patches. However when I create the distributed repository on the DMZ EPO server when I go to input the credentials for the Server to Repository replication account I typing in the local EPOAdmin account credentials and when I click test credentials it tells me that they are incorrect even though I know that they are right.

       

      Can anybody shed some light on this please and tell me if any of the above is possible is there any chance that you can tell me what I am missing or if there is any additional further configuration that I need to do regarding this setup?

       

      Both servers are using EPO 4.5

       

      Many thanks.

        • 1. Re: Distributed Repository in DMZ not working
          JoeBidgood

          Hi...

           

          Replication to an HTTP repository is actually done by copying to a UNC share, so the account you specify here needs to be an AD account with read/write access to the share, as opposed to an ePO account.

           

          A couple of things to note with your proposed solution:

          1) When configuring the DMZ server's distributed repo, make sure you confirgure it to only replicate updatable content, like DATs and engines. Whatever you do, do not replicate the agent package: otherwise you run the risk of the machines controlled by the primary server suddenly moving to the DMZ server.

          2) You will need to export the DMZ server's repository public key, and import it into the primary server - otherwise it will not accept the DMZ server's content.

           

          HTH -

           

          Joe

          1 of 1 people found this helpful