This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console 4.5 -- Out-of-Date Computers increases dramatically

We manage about 1,200 systems on our 4.5 Enterprise Console.  I notice that the number of Out-of-Date computers will hover around 10 or so, then the number of out-of-date systems it will expand out to 300 really fast (1 to 2 minutes), then reduce back down over the next half hour to a more reasonable number.

What's going on?

:9729


This thread was automatically locked due to age.
  • Hi,

    I've posted a couple of posts to this forum on the subject of "up to date", they may be worth a read:

    Essentially the mechanism works for any given client by matching a few fields the client has sent in within a status message (stored in the packages table of the Sophos database) against a package entry containing the same few fields that has been stored sent in by either a SUM or EMLibrary.  The package information put into the system by SUM/EMlibrary is essentially the authority to which all the clients are compared against.

    So if the clients show "up to date" unknown but the IDE count, version number etc. is correct, chances are the status message from the current authoritative SUM hasn't arrived yet carrying the currency data to update the packages table with the authoritative package data.

    Therefore I would suggest where possible to add the registry key on the SUM where the management server is (I assume that is update from Sophos):

    http://www.sophos.com/support/knowledgebase/article/57638.html

    to forcibly make that SUM authoritative.  

    Making the SUM authoritative means that any status messages coming from that SUM are accepted as the authority as opposed to it being worked out which SUM is and possibly changing.  When doing this you should ensure that the chosen authoritative SUM has subscribed to all subscriptions that all the other SUMs are maintaining to ensure that all package information/conbinations are entered into the database.

    The reason for the sudden decrease in out of date machines is when the status message arrives from the SUM.  If you can get that arriving before the clients have the package you will not see machine in the out of date state that aren't in terms of version and data out of date.

    If you have any questions after reading the above 2 posts, please reply.

    Regards,

    Jak

    :9731
    • Good day Dennis

      Which Operating System are you using where the console is situated?

      what is uopdating policy for the endpoints configured as? how often do they need to search for updates etc?

      Kind regards.

      :9733
      • The Operating System is Windows 2008 Server Standard, 32-bit, Service Pack 2.

        I currently have the Updating Policy set for checking updates every 90 minutes.  If we have 1,200 systems, that means a system could possibly be checking in every 4 seconds or so.

        :9783
        • Hi dennis, 1200 client is an important number ... I suggest you implement multiple CID also split the traffic with the message relay, you can fin usefull information here

          http://www.sophos.com/support/knowledgebase/article/12592.html

          http://www.sophos.com/support/knowledgebase/article/14635.html

          with web cid you can limit the overhead in the network when updating client also the load of the server is less

          :9795
          • 90 mins is dangerous ... reduce this value to 60

            :9797
            • Hi Again,

              How many SUMs do you have and how many CIDs/Distribution points do they each maintain?

              Regards,
              Jak

              :9801