This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Computer Details - IP address - RMS

Not exactly a can of worms but ...

In case you wonder about the problems mentioned here: I'm in an "academic environment" and only a part of the computers is under our control.

  • Sometimes the Computer Details - IP Address field is empty even though Sophos is successfully installed.Why is it missing?
  • Sometimes a private or APIPA address is reported. I assume that these machines have a second adapter (I have one client which reports 5.5.5.5 and this is indeed the address configured on the second NI). How does Sophos select the address/NI it reports? 
  • Last question (in this post): I see two-way connections (again using TcpView) with some clients but they don't show in the Console (I'm pretty sure they are not among those without a reported address - but who knows). The security log suggests they are connecting to the CID. The router logs don't contain addresses, just names, and the ones I'd expect can't be found.

All thoughts are welcome

Christian  

:93


This thread was automatically locked due to age.
Parents

  • Elmo wrote:

    I suspect on next ide or full update the IP address is sent correctly?


    Yes and no.

    Yes - an empty address is a "known transient condition", this doesn't worry me .

    No - a number of clients report an up-to-date status, but the "wrong" address stays.

    So far I identified the following cases (for currently active and managed clients):

    1. There is only a one-way connection Client->Server (sometimes more than one). These clients report no,  a 10.0.n.n, a 172.16.n.n or a 19 2.168.n.n address. One reports 169.254.32.2
    2. There is a two-way connection but another NI is reported (the 5.5.5.5 case f or example).
    3. There is a two-way connection but 10.37.129.2 is reported (Macbooks)

    Only a few dozen out of some 2000 clients show this behaviour - not a big problem, but I aim for 100%. And there's still a number of clients which update and have at least a one-way connection but don't show in the console.

    I can't tell whether these are all symptoms of the same underlying error (that the problematic clients are partially "clustered", i.e. located at the same sub-department suggests some incorrect client-side setting) or some minor "misbehaviour" of RMS is also triggered.

    Regards

    Christian

    :122
Reply

  • Elmo wrote:

    I suspect on next ide or full update the IP address is sent correctly?


    Yes and no.

    Yes - an empty address is a "known transient condition", this doesn't worry me .

    No - a number of clients report an up-to-date status, but the "wrong" address stays.

    So far I identified the following cases (for currently active and managed clients):

    1. There is only a one-way connection Client->Server (sometimes more than one). These clients report no,  a 10.0.n.n, a 172.16.n.n or a 19 2.168.n.n address. One reports 169.254.32.2
    2. There is a two-way connection but another NI is reported (the 5.5.5.5 case f or example).
    3. There is a two-way connection but 10.37.129.2 is reported (Macbooks)

    Only a few dozen out of some 2000 clients show this behaviour - not a big problem, but I aim for 100%. And there's still a number of clients which update and have at least a one-way connection but don't show in the console.

    I can't tell whether these are all symptoms of the same underlying error (that the problematic clients are partially "clustered", i.e. located at the same sub-department suggests some incorrect client-side setting) or some minor "misbehaviour" of RMS is also triggered.

    Regards

    Christian

    :122
Children
No Data