Enterprise console not updating from Sophos

Do the require a reboot (i.e. have you tried restarting the SUM service)?

Also take a look at the logs (SUMTracenn...nn.log deep down under \All Users\Application Data or \ProgramData). They should tell you whether it is "stuck" or contain at least a hint on what went wrong (hm, search for failed or error). As they can wrap pretty fast you should copy them somewhere else as soon as you see the alert.

Then we'll see ...

Christian

Thanks, Christian. I don't see and "failed" or "error" messages in those logs. When you mention restarting the SUM service, are you referncing the update servers and not the parent server?

The service on the server which doesn't update.

If SUM is chugging along but it constantly fails to complete the update it's not easy to find the error. Look at the timestamps, as I said, the logs can "wrap" within minutes (it keeps only the last 4 and they might cover only several minutes).

It is sometimes tricky to catch but it can be done :smileywink:

Christian

I checked alll 4 on each server. Fortunately for me, each one is written to for several hours so I had time to look at them all. I'll try the stop and start of the SUM service on my 2 update manager servers and see if that triggers them to update with the parent server. They are in sync each morning following the reboot then don't sync up again all day.

At first glance, it appears the service stop/start is not leading to my SUM servers synching with the parent.

Sorry, could not log in on Friday.

each one is written to for several hours

What's your schedule? Of course it also depends on the number of subscriptions. I haven't seen it not working without any error indication in the logs (just checked, failed is indeed a good candidate to search for).

In SUM's program directory (depending on the installation you performed it could be ...\Sophos\Enterprise Console\SUM...\Sophos\Update Manager or there's a program named logviewer.exe. You should see Information - The synchronize operation was successful, Information -  Update source status was checked succesfully and Information - Synchronization of protection data was successful in regular intervals. Select severity Error in the drop down - if you see a recent timestamp try to look up the time in the SUMTrace logs. That's what usually works for me (in most cases I don't really care as the error is most of the time transient). 

Christian

Here's what I have done that is allowing my update servers to update properly. I set up all 3 servers (1 master and 2 update) with 2 scheduled tasks. The first stops the Sophos Message Router service at :45 past the hour and the second job starts the Sophos Message Router service at :46 past the hour. I played with all the Sophos services and this seemed to be the one that would trigger my update servers to update from the parent server. It has run like this for 4 days and I'm experiencing no issues.

Is it true fix or just a band-aid? We'll have to wait and see.

QC, thanks for all the ideas. I just ran that logvierer.exe app and it looks like I've gotten no failures since making the aforementioned changes.

Hi,

From your last post, it looks like the data in SEC is becoming stale in part due to RMS problems.  Without the restarting of the Sophos Message Router service did the .msg files in the "Envelopes" directory "\ProgramData\Sophos\Remote Management System\3\Router\Envelopes\" backup?  It sounds like messages were created, queued and not delivered.  Now you are restarting the router regularly, these messages are getting sent up to the server and more accurately representing the status of SUM.  I would expect if they do backup without the router being restarted, the next time you start the router up, they all get delivered?

The restarting of the RMS service would have no bearing on the ability for SUM to update, unless the reason for the failure was an invalid configuration that a downstream messages from the management server fixed.

I would suggest to verify SUM is actually updating using the logviewer.exe in "C:\program files\sophos\Enterprise Console\SUM\" first, if you're confident it is, then check on RMS and it's ability to report the correct status up to the management server.

One thing I found is to ensure that the config file SUM_Status.xml in the same directory as above has the scheduler set to actually do software and data updates (note the IsRunning = 1 for both).  Without this, SUM will only perform updates when you tell it to through SEC.  If they are not 1, check the policy for the SUM in terms of the schedule is correct in SEC and send the configuration back down to, checking these values afterwards to fix it.

- <StateItem>
  <StringPair name="ID" value="DispatcherPrograms" /> 
  <StringPair name="ObjectType" value="Dispatcher" /> 
  <StringPair name="ObjectList" value="default" /> 
  <StringPair name="IsRunning" value="1" /> 
  <StringPair name="StartOnResume" value="0" /> 
  </StateItem>
- <StateItem>
  <StringPair name="ID" value="DispatcherSupplements" /> 
  <StringPair name="ObjectType" value="Dispatcher" /> 
  <StringPair name="ObjectList" value="default" /> 
  <StringPair name="IsRunning" value="1" /> 
  <StringPair name="StartOnResume" value="0" /> 
  </StateItem>

Thanks,

Jak