I'll get right to the details. We have two management servers in our production environment, one cluster (we'll call it LE1) for the internal network and one server (we'll call it LE2) in an internet facing zone (primarily used by international users). The physical facility which houses LE2 is being shut down, so we are having to set up a new internet facing server in a different physical location.
The current architecture involves using the \SBDATA folder from LE1 as a network share, and the Safeboot Database Server on LE2 points to that as a local drive. The original team that set this up is long gone, and now I'm trying to figure out how to set it up on my own.
We're going through planning and testing now. In our test environment, we have our primary test server (Test1) and our internet facing test server (Test2). I added Test2 to the list of SafeBoot servers under System tab > Endpoint Encryption Server Groups in EEM, created a new install-set which only points to Test2, and I deployed it to a test client. I was immediately hit with a "Error connecting to database [5c020004]: Authentication signature is not valid". To resolve this, I simply changed Authenticate=Yes to Authenticate=No on the client SDMCFG.INI, and the problem was fixed, but this is obviously not an ideal solution. I tried to no avail to follow the instructions in this KB article: https://kc.mcafee.com/corporate/index?page=content&id=KB67716&actp=search&viewlo cale=en_US&searchid=1324484661123
The problem is the SDMCFG.INI on Test2 does not have a server key listed at all. Here are the contents:
Additionally, when I tried to connect to Test2 using EEM (installed on my workstation), I initially had to turn off authentication too. I tried turning on authentication, at which point it asked me for a server key. I connected to Test1 using EEM, exported the public key for Test2, and then I supplied that as the server key for authentication to Test2. However, when I tried connecting after that, I get the same "Authentication signature is not valid". Then, I tried using the public key for Test1 for connections to Test2, and I was able to connect without issue.
Any idea on what to do on the client side? Do I need to import the SDMCFG.INI file from Test1 to Test2? Any recommendations?
Message was edited by: datasecanalyst on 1/10/13 4:39:23 PM CST