This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console showing incorrect data

Hi all. Noobie to Sophos. Sophos Enterprise console 4.5 clean installation, windows 2003 We have all clients currently showing up as "Up to date - Unknown". By looking at the IDE count I believe this is incorrect. The update manager is reporting out of data as well but this cannot be the case as our clients update from there. I can see no relevant errors anywhere. Can anyone tell me how to... Make sure our CID currently has the latest updates. Why the console is not reporting as it should. Jason.

This thread was automatically locked due to age.

0 jak over 14 years ago

Hi,

When you are looking at the ide count for machines, is this in SEC or locally at the endpoint?

If it's at SEC, that would at least suggest RMS is working for the most part. I.e. clients are sending in status messages. In the endpoints view, do the SUM servers have the right number of IDEs as well? Ultimately it is the status message from the SUM server(s) that need to be working in order to maintain a package list so up-to-dateness can be worked out for the clients.

Do you have multiple SUMs? What subscriptions do you have? Does each SUM have its own subscriptions?

Where are the clients all updating from? Do they have the same update location, is this a UNC path back to the SEC server?

Thanks,

Jak

N.B.

/search?q= 5078

is worth a read to understand up-to-dateness in some detail.

:5837
0 sob over 14 years ago

Thanks for the reply Jak.
IDE count is from SEC not the endpoint. I noticed yesterday that the IDE count changed for my two endpoints not long after Sophos advertised the latest IDE's for download. This tells me everything is actually working fine except SEC is not displaying correctly in the interface.
We have one SUM with on subscription and all our endpoints will update from here. Our SUM gets it's updates from another share in our organisation.
The endpoints use a UNC path back to our SUM.
Also another error has surfaced with one of our three test endpoints.
[e0080835 - Failed to repair database, error 11]?
To summerize it looks like everything is working fine except the SEC does not seem to be reporting some data correctly. Meaning "Update details unknown" for the endpoints and the updates feild on the dashboard is showing last updated 11 days ago for our update manager.
I am about to digest the contents of the link you provided to see if I can resolve the update unknown issue.
I would really like to get some of these problems resolved quickly if possible. We have a tight timeframe before going live.
Regards,
Jason.
:5853
0 jak over 14 years ago

Hi,

So there is another SUM on the network, that is essentially a parent to the SUM where SEC is, in as much as it creates the "warehouse" share?

That parent SUM however does not appear in SEC?

Does it help to make "your" SUM authoritative:

http://www.sophos.com/support/knowledgebase/article/57638.html

In the management service "services" log file it should tell you once you've made the change that your SUM is authoritative having read the created key correctly. Hopefully this will ensure that the management service enters the package info into the packages table.

Thanks

Jak

:5859
0 sob over 14 years ago

Our SUM simply updates from a standard (non sophos managed if you will) windows share in another part of our organisation.
This does not appear in SEC as any sort of parent SUM.
I have set our SUM authoritive but this seems to make no difference. Can you tell me where to find the "services" log so I can check?
Oh and thanks for your time on this. Very appreciated to know people take an interest.
Regards,
Jason.
:5863

0 jak over 14 years ago

Hi,

It's the management service log file under app data, e.g.

C:\documents and Settings\All Users\application data\Sophos\Sophos Endpoint Management\4.5\log\sophos-management-services.log

The management service creates a .1 -> .10. to save a history, the: sophos-management-services.log is the one in use however.

With the authoritative SUM specified, you should see something like:

INFO  {Sophos.Management.Services.Sddma.AuthoritativeServerSelector.GetOverride} ==> Authoritative server endpoint address override is Router$Server.
INFO  {Sophos.Management.Services.Sddma.AuthoritativeServerSelector.GetAuthoritativeServerFromOverride} ==> Attempting to use the overriding authoritative server endpoint address 'Router$Server'.
INFO  {Sophos.Management.Services.Sddma.AuthoritativeServerSelector.GetAuthoritativeServerFromOverride} ==> Found server with the endpoint address 'Router$Server'.
INFO  {Sophos.Management.Services.Sddma.StatusMonitor.HandleStatus} ==> Server is authoritative; looking for currency data.
INFO  {Sophos.Management.Services.Sddma.StatusMonitor.ExtractCurrencyData} ==> Found currency entity for SAVEEXP 9.0.5 VDL4.56G.

In this example the server is called Server.

Thanks

Jak

0 DGrenkevich over 14 years ago

I discovered yesterday that we had a very similiar problem--the Console was reporting that updates hadn't occured for over two weeks (yeah, we should have noticed this problem sooner), and when checking the stats on most of the PCs, they were showing data that was over two weeks old. And yet, when checking Sophos AV on an actual PC, I could see that it was up-to-date. It appeared that the "backend" was working, but Console just wasn't reported the facts. The time that it quite working coincided with a reboot after applying MS patches, but also somewhat coincides with when we retired an old Sophos server. The older server was not a SUM, but did have the EM Library installed. The two events must have been related. At any rate, I checked the sophos-management-servers log, and they reported that this current server was being used as the authoritative server, but I felt that adding the registry key to specify that setting could not hurt. In fact, that did the trick. After restarting the service and relaunching the Console, the numbers began to change before my eyes. Now, all seems well.
Thanks!
:6039
0 sob over 14 years ago

Jak - Sorry for the delay in replying. There was an issue with one of our dev servers and long story short we are about to bring up another sophos server. I guess that is why we are still in development. unfortunately I did not get a chance to look into the logs as you described.
Thanks for looking at the issue though. I still have a heap of questions so expect to see further posts.

Jason.
:6269