TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

Victor,

In order to have more than one System Scanner console to manage an agent the
Console must share the Console Certificates. This is explained in Chapter 6
- Managing Certificate - Installing Backup and Audit Console of the System
Scanner Administrators Guide.

I have reproduced below the key information from the Administrators Guide.
System Scanner has 3 user manuals - a Getting Started Guide , A Users Manual
and the Administrators Guide.

Installing Backup and Audit Consoles
====================================
Overview

You install backup and audit consoles using the same console software as the
primary console. However, remember that the agents must share a CA with a
console in order to work with it. Backup and audit consoles do not generate
their own CAs, because they would differ from the CA of the agents.
Therefore, you must use the primary console's Back Up Certificates and
Restore Certificates functions to give the backup console copies of the
primary console's certificates and agent list.

Procedure

To install a backup or audit console, follow these steps:

1. From the Maintenance menu, select Generate Console Certificate. Follow
the
instructions in the section "Generating certificates".

2. On the backup or audit console, create an NT user group that includes
users you want
to be able to run the console you are installing.

3. On the backup or audit console, install the console software according to
the
instructions in the System Scanner Getting Started Guide. On the Select
Console Type
window, select either Backup or Audit, to reflect the type of console you
are
installing.

4. Copy the licence key (iss.key) file into the console directory.

5. Start the backup console and type a passphrase.

6. From the backup console's Maintenance menu, select Certificates ->
Restore
Certificates. Follow the instructions in the section "Restoring a Console
from the
GUI".

7. Copy the four files in \requests\<backup or audit console name>\Manager
from the backup media to the <System Scanner Installation>\ssl directory on
the backup console.

I trust this will fix your problems

GO ISS

Nick
-----
Nick Connor,
Product Manager - Host Protection Products
Internet Security Systems
Tel: +44 118 959 3800
------------------------------------------------
Internet Security Systems - The Power to Protect
================================================

-----Original Message-----
From: Jeroen Veeren [mailto:j.veerenpointnet.nl]
Sent: 12 June 2001 15:22
To: 'Bonca, Victor'; 'issforumiss.net'
Cc: Torianyk, Greg
Subject: RE: Configuring a Backup S2 Admin Console (ISS System Scanner
v4. 1)

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

Hi,

I might be out of line because i never configured the backup console myself,
so i have never seen it actually work.
I am however doing some implementations on reasonably big sites quit
actively at this moment.
Maybe i can help you with my experience.

First of all: if you get to the point where you have to sign things from
you're backup console,
something has gone wrong. Signing should be only involved in adding new
agents, or putting new "things" on
the agents. (i.e. self made checks)
You should be able to run the sessions that are already defined on you're
agents.
That's how i understood it but then again, i never faced the issue myself.

Just as i was thinking about to implement the back-up console, ISS released
version 4.2, and if i read you correctly,
that just does exactly the things as you want them to be.
If you have the chance i would strongly suggest you to upgrade to this
version, and use the system scanner vista server
they provide with it. If you've set it up correctly, you can have you're
signing et all at the primary console, AND deploy access to the scans and
reports by simple http access.

When you have that, you can silently continue to get the back-up console to
work in the background...

Greetings,

Jeroen.

-----Oorspronkelijk bericht-----
Van: Bonca, Victor [mailto:VBoncaIOF.ORG]
Verzonden: vrijdag 8 juni 2001 18:39
Aan: 'issforumiss.net'
CC: Torianyk, Greg
Onderwerp: Configuring a Backup S2 Admin Console (ISS System Scanner
v4.1)
Urgentie: Hoog

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

We have struggled with this issue at our company for some time now and would
appreciate a simple yet truthful answer to the following question:

1. Has anyone got this thing to work when the Primary Console is offline? I
mean, besides being able to poll agents (big deal), the ISS manuals state
unequivocally that you can 'manage' agents. What does that mean? It
certainly does NOT mean that you can run sessions with existing built-in or
custom policies against those agents because the signing authority of the
Primary CA on the Backup is NOT recognized! In other words, whenever we try
to execute a session from the Backup Console (with the Primary down of
course), the CAL service just spins its wheels and does absolutely squat!
We've done everything by the book and more with NO SUCCESS whatsoever to
show for our efforts.

To date, we have yet to receive an adequate reply from ISS Tech Support or
the product developers overseas as to what we're doing wrong (if anything).

Anybody - please just tell us if you've got this thing to work as
advertised, or if its' just a pig in a poke!

Much obliged.

Victor Bonca, MCSE + Internet
Sr. Technical Analyst

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]