Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 9991 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console The Server Has Run Out of Memory

keystroke13

We are having issues with our Sophos Enterprise Console. Every other day this week the console displays the following error message 'Transient error while performing requested operation. The server has run out of memory'. error message.' The virtual machine has plenty of physical and kernel memory available.

Microsoft Windows 2008 R2 virtual machine

* 4 GB of virtual memory

* SEC version 5.0.0.8

Clicking on the advanced button I can view the error details:

[DBNETLIB][ConnectionWrite (send()).]General network error. Check your network documentation.----- [outer exception] -----   -- error: 0x829D0001   -- facility: Sophos Management Service Database Exception
   at void __thiscall bl::Filter::GetComputerList(class bl::ComputerList &) const   at void __thiscall CSystemSnapshot::TakeSnapshot(void)   at void __thiscall CMainFrame::RefreshEverything(void)   at __w64 long __thiscall CMainFrame::OnTriggerUpdate(unsigned int,__w64 unsigned int,__w64 long,int &)   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

:24271


This thread was automatically locked due to age.
  • 0

    Hi,

    I have a couple of questions:

    Is it a local or remote management console?  If remote, do you see the same locally?

    Does it co-inside with any particular event, editing a policy, etc?

    Are you keeping the console open all the time?

    If it is being kept open (used) is it with a certian filter when it happens?

    Is it being kept open (used) with one of the columns sorted when it happens?

    Some of the filters/sort orders are more expensive to refresh than others.  Which leads me on to the next question, how many clients are being managed?  The more clients, the more likely data is changing, causing a refresh, so with an expesive filter 'configured' it would be worse with many machines I would think.

    I suspect it's related to the amount of data returned by a query/lenth of query. Maybe the database needs to be looked at for performance/size.

    To get an overview of what's in the SOPHOS50 database; from SQL Server Management Studio (http://www.microsoft.com/en-us/download/details.aspx?id=7593 ), you can connect to the SQL instance and run the built in report (right click on the database) and choose : Reports - Standard Reports - Disk Usage by Table. It may well turn out to be a large number of a particular alerts for example.  PurgeDB.exe then might prove useful based on the outcome.  Maybe you could paste the output of this report?

    Regards,

    Jak

    :24291
  • 0

    Hi Keystroke13,

    have you tried solution suggested by Jak?, I'm having same issue except this error only appear when editting Antivirus & HIPS policy . 

    :24549
  • 0

    Hi Azwan,

    What version of SEC are you using? 4.5?  4.7?  5.0?

    I suspect it's due to the Authorization list in the SAV policy which is related to the ThreatMasterList table.  The output of:

    SQLCMD -E -S .\sophos -d SOPHOS47 -Q "SELECT ThreatType, Count(*) from threatmasterlist group by ThreatType"

    might be helpful.

    Note: In this case I've assumed you are running SEC 4.7, hence the SOPHOS47 database reference in the command.  See: http://www.sophos.com/support/knowledgebase/article/17323.html for the associated database to version.

    Also, PurgeDB.exe in later version allows you to purge the ThreatMasterList as a category.  I would advise upgrading to SEC 5.0 first and then see how it is if you haven't already.

    Jak

    :24559
  • 0

    Hi Jak,

    Customer just upgrade to SEC 5.0 and this issue only occured when we move sophos DB to SQL server and configure Console connect to SQL server using default instance MSSQLSERVER created by customer .

    Error only prompt out when editing Antivirus & HIPS policy and will crash if select Authorization option in Antivirus & HIPS polic y.

    Databse Report:

    http://imageshack.us/photo/my-images/560/databse.jpg/

    Azwan

    :24585
  • 0 in reply to jak

    thanks a lot... it solves!

    the query "SELECT ThreatType, Count(*) from threatmasterlist group by ThreatType" returned 1 million of entrys... so the PurgeDB.exe -category=threatMasterList solved the outofmemory error opening all the Antivirus policies!

       Mauro

Unfiltered HTML