Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 10157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS clients not registering with Console - TIME_WAIT against :8192

Sean de Fraine

Hi,

 

I have read loads of threads on this suspect and got no where.

Recently a basic install of the SOPHOS client on a 2012R2 server is not registering with the console.  We have doen 100's.  The last 15 not so successful.  The download is working fine.  Service Control Manager is failing to stay active, terminating unexpectedly.

The ReportData.XML has the correct Parent Address but the rest is Not Available.

The Logs show failed to get routers IOP from supplied address or port

mrinit.conf looks ok

but.....  on the console.....

netstat -a shows

the failing servers registered against 8192 but TIME_WAIT

good servers are ESTABLISHED against 8194.

 

Any tips appreicated,

Thanks,

Sean



This thread was automatically locked due to age.
Parents
  • 0

    Hello Sean,

    TIME_WAIT is the status of a socket after a TCP connection has been closed, it's normal and not unusual.

    What's supposed to happen is that an endpoint contacts the server on 8192 to obtain the IOR. As the log says supplied address and port there should be the parent's IOR in the log (after the line Received parent router's IOR:) and you can parse this IOR for example here. You'll get one or more lines saying reachable with IIOP 1.2 at host address (that it gives port 8193 is correct), where the address is either an IP or an FQDN. Apparently these servers aren't able to open a connection to port 8194 using the address(es) given. You can check with telnet address 8194. The normal behaviour is that the connection succeeds, no data is returned but also no error.

    Christian

  • 0 in reply to QC

    Thanks Christian,

    Well I have another problem then.  Can't use the parse program for security reasons.  I can telnet RMS: 8194 (putty) and just get Connection closed by remote host.

    Get this in log:

    25.02.2018 23:30:11 0848 W MSClient::Connect: failed to get router's IOR from supplied address and port.

    25.02.2018 23:30:11 0848 W NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.

    ClientConnection::Reconnect()

    The Computer name/Domain/Parent address are correct in the attached.

    Any further suggestions greatfully recieved.  200 VM's fine, the last 10+ all dont get logged in the Console and are sitting on 8192 TIME_WAIT

    Cheers again,


    Sean

     

  • 0 in reply to Sean de Fraine

    Hello Sean,

    telnet RMS: 8194
    can't say if this is to expected from putty, Windows telnet just linger for a while and then closes.
    As said, the TIME_WAIT and the logs indicate that these servers have obtained the IOR. Apparently they are unsuccessful to connect to the address returned in the IOR - without the IOR it's hard to say what they are. Your Parent address is rather short - just one IP or an FQDN? Did you configure RMS on the server to return a specific addres (IP or FQDN)?

    Christian

  • 0 in reply to QC

    Only 1 IP as I have been testing with 1 IP, 2 IP's and DNS names one by one.  I'll check routing back.

     

    Thanks for your help

  • 0 in reply to Sean de Fraine

    Hello Sean,

    indeed putty to 8194 returns Session closed when using telnet, for raw it lingers a few seconds then closes.
    As said, you have to test the address(es) returned in the IOR. If you can't use PARC's parser you could use this iordump.exe.

    Christian

Reply Children
No Data
Unfiltered HTML