How to manually unenroll Protection Engine scanners on Linux

book

Article ID: 222691

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

In certain circumstances, it may be necessary to manually unenroll scanners from the Cloud console in order to re-enroll them. 

Resolution

Please note the following procedure is written for the default installation paths. Paths may require modification if the installation has been customized.


  1. Download the attached default CAFConfig.ini file. Rename it to CAFConfig.ini.
  2. Log in to the machine with root permissions, or run the command sudo su after login.
  3. Stop the CAF Agent and Protection Engine services:
    /etc/init.d/cafagent stop 
    /etc/init.d/symcscan stop
  4. Remove the existing CAFConfig.ini from /etc/caf/:
    rm -rf /etc/caf/CAFConfig.ini
  5. Copy the attached CAFConfig.ini to the /etc/caf/ directory using SCP, SFTP, or your preferred file copy method.
  6. Set the permissions and ownership on the new CAFConfig.ini:
    chmod 660 /etc/caf/CAFConfig.ini

    chown dcscaf:dcscaf /etc/caf/CAFConfig.ini
  7. Configure SPE to be unenrolled:
    cd /opt/SYMCScan/bin

    ./xmlmodifier -r /centralmgmt/Configuration/EnrollmentInfo/DeviceID/@value centralmgmt.xml

    ./xmlmodifier -s /centralmgmt/Configuration/EnrollmentInfo/Status/@value 0 centralmgmt.xml
  8. Start the Protection Engine service:
    /etc/init.d/symcscan start
  9. To re-enroll the scanner to the Cloud console, re-run the enrollment script:
    cd /opt/SYMCScan/bin

    ./enroll.sh

Attachments

1630011555083__CAFConfig.ini get_app