Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 19321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ports and UNC paths

CDEvans

8192 is used for the clients to report back to the enterprise server (according to Sophos telephone support), would that port be displayed on the client as a remote port or a local one.

A number of clients are displaying it as a local port, but not a remote one, they are also not reporting back to the EC, and I'm trying to find out why.

Another issue is.

How can I force Sophos EC to use IP's rather then machines names, Sophos refuses to allow me to use \\<ip> and insist on me using \\<machinename>

One other thing,

On the main screen of the EC it tells me that :

An update manager has not updated since 04 march 2011 16:31

However, looking at the update managers of which are 3, only the one with the EC has an error of "Software delivery failed" which only deliveres to itself and updates direct from Sophos just like the other two.

So as far as I understand it, it's failing to update itself but quite happy to update what little clients it wants to respond to, how would this even be possible, the UM should download the update and place it into the share that the clients use, this it is doing according to the clients but it isn't according to the server?

:11229


This thread was automatically locked due to age.
  • 0

    Hello CDEvans,

    please do not put several unrelated questions in one post as this will result in a convoluted thread. 

    I've split my reply and changed the subjects accordingly.

    RMS ports (8192-8194): Please see Summary of port configurations in Sophos applications under RMS and also the related article 12340. On the clients failing to report you should also check the Sophos Network Communications Report.

    Christian

    :11241
  • 0

    How can I force Sophos EC to use IP's rather then machines names

    Where do you want to use the IP address, the updating policy? It should accept it for an update location - although it will prompt you with the "...may no contain ..." message.

    Christian

    :11243
  • 0

    EC has an error of "Software delivery failed"

    This is usually accompanied by another error. Searching the knowledgebase for software delivery failed gives quite a number of results. From the Update managers view please View Update Manager Details for the related error. Also compare the contents of the CIDs on the different SUMs (or check the number of IDEs on the clients) - this should tell you if it is really updating the share.

    Please follow up with what you've found out.

    Christian

    :11251
  • 0

    Many thanks for your answers.

    First off, I'm aware that it's old, time harderened practice, however the ability to copy and paste from almost everything in history except your program just add's annoyance to anyone who has to type the information back out. customer friendly isn't in this case.

    On the Update manager view, the follow errors are:

    Software subscriptions status:

    Recommended, \\<server-name>\SophosUpdate, Never, 00000002, Cound not read from the update source location.

    Outstanding alerts and errors:

    80040406 - Delivery failed for software subscription "recommended" access to the source update location is denied or the location is otherwise unavailable

    80040404 Thread detection data update failed...

    80040401 Software update failed.

    What account should//is Sophos using to update that directory?

    Ports:

    All of those lack information, it gives a port range but doesn't state if they are all active, or are opened "as and when"

    Port 8192 is listed as a local port on our clients on all our clients, but not a remote port on all, hence my question.

    EG: FTP uses port 21, this is opend on a client as a local and a remote port.

    IP's

    Configure update manager, distribution, add, browse for folder,

    Entering the IP tells me that it cannot be used, and adding a share to the end of it tells me that it's a restricted sophos share that cannot be used, I'm guessing because the program whats to add the share name to whatever I enter as a path..

    Do sophos do a removal tool for all products, (other then the windows uninstaller) Sophos does tend to leave a lot of junk behind on uninstall.

    :11317
  • 0

    however the ability to copy and paste from almost everything in history except your program

    Funny, second time within 24 hours I seem to be mistaken for a Sophos representative :smileyvery-happy:. While it's, granted, not exactly brilliant (as selecting the interesting parts involves an extra step using a text editor) you can copy the window's entire contents (that's what the copy button is for) to the clipboard.

    Could not read from the update source location.

    The Software subscriptions status says it has never successfully delivered this subscription. Did you get a warning when you configured the source for this SUM? The LogViewer.exe in %ProgramFiles%\Sophos\Update Manager\ will tell you more. Should be the lowermost line of a "block" (i.e. with similar timestamps) of lines, severity Error and the message starting with Failed to check update source status or Synchronize operation failed.  Otherwise I won't ask you to copy such a block (as it  supports copy - but with selection! - no until 4.7) but it might be helpful.

    Guess it's not a deployment error as it doesn't seem to get that far.

    Christian

    :11325
  • 0

    All of those lack information, it gives a port range but doesn't state if they are all active, or are opened "as and when"

    Port 8192 is listed as a local port on our clients on all our clients, but not a remote port on all, hence my question.

    Client connects (from an arbitrary port) to 8192 on the server for RMS session initiation afterwards it is closed. Client connects  to 8194 on the server (persistent)  for sending status messages. Server connects to 8194 on the client for sending configuration messages (if it can't the C->S connection is used two-way). Client also connects locally to these ports (again 8194 persistent).

    Christian 

    :11327
  • 0

    Configure update manager, distribution, add, browse for folder,

    Entering the IP tells me that it cannot be used, and adding a share to the end of it tells me that it's a restricted sophos share that cannot be used

    I see. Correct - it doesn't accept the IP alone (\\nnn.nnn.nnn.nnn). If you type the IP and can access this address it will list the available shares, otherwise type a (valid) share name. You can't use SophosUpdate though - this name is reserved. This has been introduced with 4.5 to prevent inadvertent writing to another SUM's default share. 

    Christian 

    :11331
  • 0

    Sorry bout that, QC.. Anger released at wrong person :(

    It's the default location that it sets up (so no error) as it's the share on the EC, (it's the same physical server as the EC)

    From what I can tell, the server has full access to it, but decides not to use it., which is driving me insane.

    So port 8194 would be the port that stops a client reporting back to the server it's status, some of our clients are updating fine, they are just not telling the server that. :smileymad: I'll need to find out what is blocking that port on our network.. thank you sir.

    If I type in the IP then a share  \\nnn.nnn.nnn.nnn\Shared will sophos know to drop the share and look in the location of \\nnn.nnn.nnn.nnn\SophosUpdate ?

    Every change I make looks like it breaks something else, so trying not to "play" too much.

    Thank you for your time to answer the questions QC.

    :11333
  • 0

    Sorry bout that, QC.. Anger released at wrong person

    No problem - I didn't take it personally :smileyhappy:.

    It's the default location that it sets up

    Might be a misunderstanding here. If I understood the details you posted correctly it is the source location for SUM and according to your first post (and updates direct from Sophos) this is Sophos - of course it can't write to its distribution share as a consequence. So please use the logviewer.

    Christian 

    :11339
  • 0

    If I type in the IP then a share  \\nnn.nnn.nnn.nnn\Shared will sophos know to drop the share and look in the location of \\nnn.nnn.nnn.nnn\SophosUpdate ?

    Nope, it will use whatever you have specified. Why do you need the IP instead of the name? And I'm not sure why you are using the word look - SUM will try to access the specified path and create the required subfolders (starting with \CIDs) under it.

    Christian

    :11343
Unfiltered HTML