This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Server 2012 R2 no Heartbeat with "legacy" agent

3 days ago one of our few Server 2012 R2 lost heartbeat on the firewall with no visible reason. As it is rarely used, a few users started to complain about inaccessible file shares and other problems.

On the server, I first noticed Sophos components named "legacy". Since when are they called like this?

Severity,When,Event,User,"User Groups",Device,"Device Groups","IP Address"
Low,"2023-08-22T11:04:27+02:00","Update succeeded",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:44:47+02:00","Sophos Firewall SNXXXXXXXXXXXX reported computer resumed sending heartbeat signals",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:44:01+02:00","Reboot to complete update; computer stays protected in the meantime",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:36:35+02:00","Update succeeded",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:34:40+02:00","Update succeeded",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:33:05+02:00","Server re-protected: SERVERNAME",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:27:06+02:00","Central management has been suspended",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T10:19:08+02:00","Update succeeded",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-22T06:04:22+02:00","Reboot to complete update; computer stays protected in the meantime",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-21T06:04:21+02:00","Reboot to complete update; computer stays protected in the meantime",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-20T06:04:21+02:00","Reboot to complete update; computer stays protected in the meantime",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
High,"2023-08-19T06:10:54+02:00","Sophos Firewall SNXXXXXXXXXXXX reported computer not sending heartbeat signals",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-19T06:00:53+02:00","Scan 'Sophos Central Scheduled Scan' completed",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-19T05:59:10+02:00","Reboot to complete update; computer stays protected in the meantime",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx
Low,"2023-08-18T11:56:57+02:00","Update succeeded",n/a,,SERVERNAME,,xxx.xxx.xxx.xxx

The google searchability of the Sophos KB is very good, so I found this KB: https://support.sophos.com/support/s/article/KB-000045533?language=en_US

Sophos Endpoint and Server - Missing Security Heartbeat on Windows legacy platforms

we activated the MR1 fix in Central:

It was the only server having this issue in our environment currently. Eventually some more may come. If agent servers have pending Sophos update reboots, it may take some time until this fix is installed.

We did not try the fix, instead reinstalled the endpoint. The behaviour of the install was a bit strange: first after the message appeared, that the computer is now protected by Sophos, the endpoint showed: a lessage like: no s sophos components installed. Seems like a very "legacy" agent...

Even if not required, we restarted again and then the installed components were reflected by the endpoint agent. But we still had no heartbeat.

The xml file appeared only after the manual agent update and then heartbeat was established with firewall again.

Looks like Sophos is about to cut off Server 2012 R2 support  as soon as it is out of MS OS support and is already preparing for that date.



This thread was automatically locked due to age.
Parents Reply Children
No Data