Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 6394 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protect Server failed

Boon Ken Tan

Hi,

I trying to sync with my AD and showns all the Server that I wanted to install the sophos endpoint.

But when I was choose to protect the server and install then sophos agent into server.

I check back the server has been installed successfully, i check back my console is showing the server is in unmanaged and the orange down arrow keep stucking there.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Barb@Sophos

    Hi,

     

    I am using Window Server 2012 R2

    Sophos Enterprise console 5.5.1

    AD sync i am using the Sophos provided.

    But i can see my PC was installed the sophos endpoint, just the sophos enterprise console is still showing unmanage and blank.

    Beside that, I received RMS connection message. Is it related this issue?

     

Children
  • 0 in reply to Boon Ken Tan

    Hello Boon Ken Tan,

    the server has been installed successfully
    it's a little bit surprising that the error code is 80070002 in this case. If you can indeed open the GUI on E09xx and everything appears normal (click bottom left View product information) the please check the Router logs (in %ProgramData%\Sophos\Remote Management System\3\Router\Logs\) on this server if they contain the error mentioned in the RMS article. If they do then likely the fixing update is missing on E09. If not there should nevertheless be some error messages as apparently establishing communication with the management server fails.

    Christian

  • 0 in reply to QC

    Fullscreen Router-20180912-061530.log Download 
    12.09.2018 14:15:30 0358 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20180912-061530.log
12.09.2018 14:15:30 0358 I Sophos Messaging Router 4.1.1.127 starting...
12.09.2018 14:15:30 0358 I Setting ACE_FD_SETSIZE to 138
12.09.2018 14:15:30 0358 I Initializing CORBA...
12.09.2018 14:15:30 0358 I Connection cache limit is 10
12.09.2018 14:15:30 0358 I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
12.09.2018 14:15:30 0358 I Creating ORB runner with 4 threads
12.09.2018 14:15:30 0358 W No public key certificate found in the store. Requesting a new certificate.
12.09.2018 14:15:30 0358 I Getting parent router IOR from 172.26.11.17:8192
12.09.2018 14:15:30 0358 I This computer is part of the domain MCS2
12.09.2018 14:15:30 0358 I Getting a new router certificate...
12.09.2018 14:16:13 0358 I SSL handshake done, local IP address = 172.26.10.151
12.09.2018 14:16:55 0358 I Current certificate name is 
12.09.2018 14:16:55 0358 I Sending unique token request...
12.09.2018 14:18:20 0358 I Got unique token: 18005
12.09.2018 14:18:20 0358 I New certificate name is Router$E09NMWS0001:18005
12.09.2018 14:18:20 0358 I Creating cryptographic key pair
12.09.2018 14:18:22 0358 I Installing new router certificate...
12.09.2018 14:18:22 0358 I Compliant certificate hashing algorithm.
12.09.2018 14:18:22 0358 I This computer is part of the domain MCS2
12.09.2018 14:18:22 0358 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a4000000010102010e0000003137322e32362e31302e3135310001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001c91501004f4154010000001800000001c915010100010001000000010001050901010000000000140000000800000001c9a60086000220
12.09.2018 14:18:22 0358 I Successfully validated this router's IOR
12.09.2018 14:18:22 0358 I Reading router table file
12.09.2018 14:18:22 0358 I Host name: E09NMWS0001
12.09.2018 14:18:22 0358 I Local IP addresses: 172.26.10.151 
12.09.2018 14:18:22 0358 I Resolved name: E09NMWS0001.MCS2.local
12.09.2018 14:18:22 0358 I Resolved alias/es: 
12.09.2018 14:18:22 0358 I Resolved IP addresses: 172.26.10.151 
12.09.2018 14:18:22 0358 I Resolved reverse names/aliases: E09NMWS0001.MCS2.local 
12.09.2018 14:18:22 0358 I Waiting for messages...
12.09.2018 14:18:22 2E4C I Getting parent router IOR from 172.26.11.17:8192
12.09.2018 14:18:22 2E4C I Received parent router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000400000000000000a4000000010102000e0000003139322e3136382e312e3136390001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572000000030000000000000008000000017c9501004f41540100000018000000017c950101000100010000000100010509010100000000001400000008000000017ca6008600022000000000a800000001010200100000003136392e3235342e3137332e31373200012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572000000030000000000000008000000017c9501004f41540100000018000000017c950101000100010000000100010509010100000000001400000008000000017ca6008600022000000000a4000000010102000d0000003137322e32362e31312e3137003701204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572757465030000000000000008000000017c9501004f41540100000018000000017c950101000100010000000100010509010100000000001400000008000000017ca6008600022000000000a4000000010102000d0000003137322e32362e31312e3138000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572000000030000000000000008000000017c9501004f41540100000018000000017c950101000100010000000100010509010100000000001400000008000000017ca60086000220
12.09.2018 14:18:22 2E4C I Successfully validated parent router's IOR
12.09.2018 14:18:22 0358 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 9, max number of user ports 15360
12.09.2018 14:18:22 2E4C I Accessing parent
12.09.2018 14:18:27 1BCC I Logged on Agent for certification
12.09.2018 14:18:28 2D6C I Routing to parent: id=0398AFB4, origin=Router$E09NMWS0001:18005.Agent, dest=CM, type=Certification.CertRequest
12.09.2018 14:28:29 1BCC I Logged off Agent
12.09.2018 14:28:29 1BCC I Logged on Agent for certification
12.09.2018 14:28:30 2D6C I Routing to parent: id=0198B20E, origin=Router$E09NMWS0001:18005.Agent, dest=CM, type=Certification.CertRequest
12.09.2018 14:28:52 0FEC W Delivery failed(Timeout) for message type Certification.CertRequest, originator Router$E09NMWS0001:18005.Agent
12.09.2018 14:29:04 2E4C I SSL handshake done, local IP address = 172.26.10.151
12.09.2018 14:29:04 2E4C I Parent is Router$I82DNC1002
12.09.2018 14:38:31 1BCC I Logged off Agent
12.09.2018 14:38:31 1BCC I Logged on Agent for certification
12.09.2018 14:38:32 2D6C I Routing to parent: id=0198B468, origin=Router$E09NMWS0001:18005.Agent, dest=CM, type=Certification.CertRequest
12.09.2018 14:39:22 0FEC W Delivery failed(Timeout) for message type Certification.CertRequest, originator Router$E09NMWS0001:18005.Agent
12.09.2018 14:48:33 1BCC I Logged off Agent
12.09.2018 14:48:33 1BCC I Logged on Agent for certification
12.09.2018 14:48:34 2D6C I Routing to parent: id=0198B6C2, origin=Router$E09NMWS0001:18005.Agent, dest=CM, type=Certification.CertRequest
12.09.2018 14:48:43 0FEC W Delivery failed(Timeout) for message type Certification.CertRequest, originator Router$E09NMWS0001:18005.Agent
12.09.2018 14:55:34 2E4C I SSL handshake done, local IP address = 172.26.10.151
12.09.2018 14:55:34 2E4C I Registered with parent router
12.09.2018 14:55:34 2E4C I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
12.09.2018 14:55:34 2E4C I RouterTableEntry state (router, logging on): Router$I82DNC1002 is passive consumer, passive supplier
12.09.2018 14:55:34 2E4C I Logged on to parent router as Router$E09NMWS0001:18005
12.09.2018 14:55:34 2E4C I This computer is part of the domain MCS2
12.09.2018 14:55:34 2CF0 W Expanded Envelope, id=0198B6C2, type=Certification.CertRequest, no Originator Cert
12.09.2018 14:55:34 1BCC I SSL handshake done, local IP address = 172.26.10.151
12.09.2018 14:58:35 10C8 I Logged off Agent
12.09.2018 14:58:35 10C8 I Logged on Agent for certification
12.09.2018 14:58:36 2D6C I Routing to parent: id=0198B91C, origin=Router$E09NMWS0001:18005.Agent, dest=CM, type=Certification.CertRequest

    Its showing installed successfully, but not communicate with the console itself.

    Hi this is the router log.

    the product information seem to be fine, just the console still showing installed fail.

    is there any refresh button ? i might suspect the console interface was hang.

  • 0 in reply to Boon Ken Tan

    Hello Boon Ken Tan,

    thanks. First of all, your management server advertises four IP addresses in its IOR - 192.168.1.169, 169.254.173.172, 172.26.11.17, and 172.26.11.18 - and this might not be desirable. Apparently not all addresses are reachable from E09 or "usable ", furthermore it looks like the connections attempts don't immediately fail.
    Eventually the management server could be contacted, initial communication has been established but I wonder what happened next - or was this the end of the log at the time you posted it? If so the router log from the management server from around 14:55 would help, there should be lines with either id=0198B6C2, id=0198B91C, or both. In addition the CertManager-2018mmdd....log (in %ProgramData%\Sophos\Remote Management System\3\CertificationManager\Logs\) might have some information in the lines that contain Router$E09NMWS0001: (there's either a 0 or 18005 following the colon).

    Christian

  • 0 in reply to Boon Ken Tan

    Hi Boo Ken Tan,

    Can you kindly please let me know if the Server is able to receive all other endpoints' status information without any issues? If not, I would begin with assigning the Enterprise Console's Router to use only 1 IP address of all 4 identified in this log. This can be achieved by following this KBA.

    Regards,

    Adithyan Thangaraj
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Unfiltered HTML