Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 7152 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC missing computer details and unable to apply policies

CFB

We recently had a hard drive failure on our Windows 2003 Sophos Enterprise Console 4.5 server and discovered that our backup was corrupt.  The server has been rebuilt (same host/doman and IP address) and I've installed SEC 4.7.

Existing client computers are unable to pickup definition updates.  I can see them SEC, but am not able to not collect computer details or send them policies (greyed out).

On one client computer I uninstalled the Antivirus, Updater and Management components, restarted, then reinstalled using a command line to the Sophos server share.  It is able to pickup updates, but no computer details are showing and I am unable to send it policies.

Windows Group Policy is opening the three standard Sophos ports (UDP & TCP) on the client computers.

:15357


This thread was automatically locked due to age.
Parents
  • 0

    Router log from client;
    15.08.2011 15:23:26 09FC I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20110815-222326.log
    15.08.2011 15:23:26 09FC I Sophos Messaging Router 3.3.0.2059 starting...
    15.08.2011 15:23:26 09FC I Setting ACE_FD_SETSIZE to 138
    15.08.2011 15:23:26 09FC I Initializing CORBA...
    15.08.2011 15:23:26 09FC I Setting connection cache limit to 10
    15.08.2011 15:23:26 09FC I Creating ORB runner with 4 threads
    15.08.2011 15:23:26 09FC I Getting parent router IOR from ServerIP:8192
    15.08.2011 15:23:26 09FC I This computer is part of the domain DOMAIN
    15.08.2011 15:23:49 09FC I This computer is part of the domain DOMAIN
    15.08.2011 15:23:49 09FC I Getting parent router IOR from SERVERHOST.IPDOMAIN:8192
    15.08.2011 15:24:12 09FC I Getting parent router IOR from SERVERHOSTNAME:8192
    15.08.2011 15:24:35 09FC E Failed to get parent router IOR
    15.08.2011 15:24:35 09FC E Failed to get certificate, retrying in 600 seconds
    15.08.2011 15:34:37 09FC I Getting parent router IOR from ServerIP:8192
    15.08.2011 15:35:00 09FC I Getting parent router IOR from SERVERHOST.IPDOMAIN:8192
    15.08.2011 15:35:23 09FC I Getting parent router IOR from SERVERHOSTNAME:8192
    15.08.2011 15:35:46 09FC E Failed to get parent router IOR
    15.08.2011 15:35:46 09FC E Failed to get certificate, retrying in 600 seconds

    Router log from server;
    15.08.2011 14:47:16 092C I Sent message (id=004993E4) to EM
    15.08.2011 14:47:36 0950 I Routing to EM: id=004993F8, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 14:47:36 0930 I Sent message (id=004993F8) to EM
    15.08.2011 14:55:35 0950 I Routing to EM: id=004995D7, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 14:55:35 0934 I Sent message (id=004995D7) to EM
    15.08.2011 15:05:33 0950 I Routing to EM: id=0049982D, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:05:33 0938 I Sent message (id=0049982D) to EM
    15.08.2011 15:06:10 088C I RouterSystemCheck::onInfoPortsUsed() - number of user ports 33, max number of user ports 3976
    15.08.2011 15:15:35 0950 I Routing to EM: id=00499A87, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:15:35 092C I Sent message (id=00499A87) to EM
    15.08.2011 15:25:35 0950 I Routing to EM: id=00499CDF, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:25:35 0930 I Sent message (id=00499CDF) to EM
    15.08.2011 15:35:33 0950 I Routing to EM: id=00499F35, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:35:33 0934 I Sent message (id=00499F35) to EM

    Yes the parent address value, in the registry of the client, is valid for the server.

    No, I can't telnet from the server to client or client to server, on those ports, yet the firewall settings on both machines show that the ports are open, as I have set in Group Policy.  Nothing has changed on the single switch that sits between the test client and server.  I manually started the telnet service on the server and had to enable telnet on my Windows 7 client and used the following syntax "telnet IPOfServer 8192".  It says "Could not open connection to the host, on port 8192: Connect failed".

    :15661
Reply
  • 0

    Router log from client;
    15.08.2011 15:23:26 09FC I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20110815-222326.log
    15.08.2011 15:23:26 09FC I Sophos Messaging Router 3.3.0.2059 starting...
    15.08.2011 15:23:26 09FC I Setting ACE_FD_SETSIZE to 138
    15.08.2011 15:23:26 09FC I Initializing CORBA...
    15.08.2011 15:23:26 09FC I Setting connection cache limit to 10
    15.08.2011 15:23:26 09FC I Creating ORB runner with 4 threads
    15.08.2011 15:23:26 09FC I Getting parent router IOR from ServerIP:8192
    15.08.2011 15:23:26 09FC I This computer is part of the domain DOMAIN
    15.08.2011 15:23:49 09FC I This computer is part of the domain DOMAIN
    15.08.2011 15:23:49 09FC I Getting parent router IOR from SERVERHOST.IPDOMAIN:8192
    15.08.2011 15:24:12 09FC I Getting parent router IOR from SERVERHOSTNAME:8192
    15.08.2011 15:24:35 09FC E Failed to get parent router IOR
    15.08.2011 15:24:35 09FC E Failed to get certificate, retrying in 600 seconds
    15.08.2011 15:34:37 09FC I Getting parent router IOR from ServerIP:8192
    15.08.2011 15:35:00 09FC I Getting parent router IOR from SERVERHOST.IPDOMAIN:8192
    15.08.2011 15:35:23 09FC I Getting parent router IOR from SERVERHOSTNAME:8192
    15.08.2011 15:35:46 09FC E Failed to get parent router IOR
    15.08.2011 15:35:46 09FC E Failed to get certificate, retrying in 600 seconds

    Router log from server;
    15.08.2011 14:47:16 092C I Sent message (id=004993E4) to EM
    15.08.2011 14:47:36 0950 I Routing to EM: id=004993F8, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 14:47:36 0930 I Sent message (id=004993F8) to EM
    15.08.2011 14:55:35 0950 I Routing to EM: id=004995D7, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 14:55:35 0934 I Sent message (id=004995D7) to EM
    15.08.2011 15:05:33 0950 I Routing to EM: id=0049982D, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:05:33 0938 I Sent message (id=0049982D) to EM
    15.08.2011 15:06:10 088C I RouterSystemCheck::onInfoPortsUsed() - number of user ports 33, max number of user ports 3976
    15.08.2011 15:15:35 0950 I Routing to EM: id=00499A87, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:15:35 092C I Sent message (id=00499A87) to EM
    15.08.2011 15:25:35 0950 I Routing to EM: id=00499CDF, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:25:35 0930 I Sent message (id=00499CDF) to EM
    15.08.2011 15:35:33 0950 I Routing to EM: id=00499F35, origin=Router$PSYT0589.Agent, dest=EM, type=EM-GetStatus-Reply
    15.08.2011 15:35:33 0934 I Sent message (id=00499F35) to EM

    Yes the parent address value, in the registry of the client, is valid for the server.

    No, I can't telnet from the server to client or client to server, on those ports, yet the firewall settings on both machines show that the ports are open, as I have set in Group Policy.  Nothing has changed on the single switch that sits between the test client and server.  I manually started the telnet service on the server and had to enable telnet on my Windows 7 client and used the following syntax "telnet IPOfServer 8192".  It says "Could not open connection to the host, on port 8192: Connect failed".

    :15661
Children
No Data
Unfiltered HTML