SOPHOS CHILD NOT SHOWING IN UPDATE MANAGER SOPHOS CONSOLE

Hello john crisostomo,

ping doesn't tell much when it comes to TCP/UDP communication.

Maybe there's a firewall which blocks the required ports, 8192 and 8194 from child to HQ, 8194 from HQ to child. If this doesn't seem to be the cause please check the Network Communications Report and also the Router logs in %ProgramData%\Sophos\Remote Management System\3\Router\Logs\.

Christian

hi QC,

attached file is my network communication report. 

thanks

Hello john crisostomo,

this is just a SUM? How did you install it - did you use a copy of the SUMInstallSet share?
The last line indicates that RMS thinks it's on the management server. There are a few files named mrinit.conf under %ProgramFiles(x86)%\Sophos\, should be indentical. RMS thinks it's on the management server if the computer's IP or name matches on of the MRParentAddress values in mrinit.conf. 

Christian

Hi QC,

I get these report from the SEC. Should i get it from child?

last week i tried to install child using the Suminstallset coming from the SEC sharing but child did not show in update manager. So this monday i tried copying suminstallset to the child desktop then install for testing still child did not show in update manager. Also, i tried installing sophos endpoint to workstation and it successfully installed but did not appear on SEC.

thanks

Hello john crisostomo,

I see. Probably the same cause for SUM and Endpoint.
The clients' Report (and perhaps Router logs) should have the relevant information - if they can't reach/contact the server there's naturally nothing to see on the server.

Christian

Hi QC,

Do you have an idea on what do I need to check to solve this issue? Thank you for replying ^_^

Thanks

Hello john crisostomo,

as said, the Network Communications Report on the child, also its Router log (restart the Sophos Message Router service and take the new log).

Christian

24.05.2018 16:25:59 0FB4 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20180524-082559.log
24.05.2018 16:25:59 0FB4 I Sophos Messaging Router 4.1.0.140 starting...
24.05.2018 16:25:59 0FB4 I Setting ACE_FD_SETSIZE to 138
24.05.2018 16:25:59 0FB4 I Initializing CORBA...
24.05.2018 16:25:59 0FB4 I Connection cache limit is 10
24.05.2018 16:26:00 0FB4 I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
24.05.2018 16:26:00 0FB4 I Creating ORB runner with 4 threads
24.05.2018 16:26:00 0FB4 W No public key certificate found in the store. Requesting a new certificate.
24.05.2018 16:26:00 0FB4 I Getting parent router IOR from 192.168.10.159:8192
24.05.2018 16:26:00 0FB4 I This computer is part of the domain PRINCERETAIL
24.05.2018 16:26:18 0FB4 I This computer is part of the domain PRINCERETAIL
24.05.2018 16:26:18 0FB4 I Getting parent router IOR from fe80::88e0:ed4b:c5f7:34ca:8192
24.05.2018 16:26:18 0FB4 E ACE_INET_Addr::ACE_INET_Addr: fe80::88e0:ed4b:c5f7:34ca: Valid name, no data record for type
24.05.2018 16:26:18 0FB4 W Parent address unknown: Valid name, no data record for type (11004)
24.05.2018 16:26:18 0FB4 I Getting parent router IOR from SOPHOS-SVR.princeretail.net:8192
24.05.2018 16:26:37 0FB4 I Getting parent router IOR from SOPHOS-SVR:8192
24.05.2018 16:26:56 0FB4 I This computer is part of the domain PRINCERETAIL
24.05.2018 16:26:56 0FB4 E Failed to get parent router IOR
24.05.2018 16:26:56 0FB4 W Failed to get certificate, retrying in 600 seconds
24.05.2018 16:36:56 0FB4 I Getting parent router IOR from 192.168.10.159:8192
24.05.2018 16:37:14 0FB4 I Getting parent router IOR from fe80::88e0:ed4b:c5f7:34ca:8192
24.05.2018 16:37:14 0FB4 E ACE_INET_Addr::ACE_INET_Addr: fe80::88e0:ed4b:c5f7:34ca: Valid name, no data record for type
24.05.2018 16:37:14 0FB4 W Parent address unknown: Valid name, no data record for type (11004)
24.05.2018 16:37:14 0FB4 I Getting parent router IOR from SOPHOS-SVR.princeretail.net:8192
24.05.2018 16:37:33 0FB4 I Getting parent router IOR from SOPHOS-SVR:8192
24.05.2018 16:37:51 0FB4 E Failed to get parent router IOR
24.05.2018 16:37:51 0FB4 W Failed to get certificate, retrying in 600 seconds

Hi QC,

Please see attached files for router logs and network communication of my child that is not showing in update manager.

Thank you so much

Hello john crisostomo,

the Router log suggests that the SUM/endpoint can't connect to port 8192 on any of these 4 IPs/names. Apparently the management server works and other endpoints can communicate with it so something is blocking the request. You have been able to copy the SUMInstallSet using a UNC path (i.e. connecting to the share)?

Christian

"You have been able to copy the SUMInstallSet using a UNC path (i.e. connecting to the share)?" - Yes, I have been able to copy using a UNC path. 

So, I should ask the network guy to open port 8194 or 8192? 

Thanks QC

Hello john crisostomo,

open port 8194 or 8192
I think so. Please note though that it could also be the local firewall on the management server - permitting inbound connections to RouterNT.exe from a certain network/IP range only (but I assume you would be aware of such a setting). 

Christian

Hi john crisostomo,

Is the issue resolved post opening the required ports or do you still have the same problem with the child SUM?

Hi john crisostomo,

Is the issue resolved post opening the required ports or do you still have the same problem with the child SUM?