Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC - "Awaiting policy transfer"

Michael Serino

Hello,

I recently inherited a network running Sophos on all client machines. Our client machines are primarily all running Mac OSX although we do have a few booting into W7. When I connected to our Sophos server, I'm noticed a message on the majority of our computers saying "awaiting policy transfer." Most of these are all under the same group (named Mac), but there are one or two exception machines from this Mac group which seem to be updating just fine. All of the clients are pointing to the same location for their primary/secondary updates.

Based on what I'm seeing from the SEC, the last time most of these machines received updates was the summer of last year. I have limited documentation, so I'm hoping some members of the community may know what's going on. Do note that the majority, if not all, of our Windows 7 boots are receiving updates correctly.

Researching this issue, I've seen people mentions firewall ports, accessibility problems accessing the update folder, and more. The clients should have no problem connecting to the update server as the location given is correct, and I'm doubting it's the firewall as the necessary ports are open. I'm wondering if we simply need to re-download the Sophos client on each machine, as my understanding is that my organization pushes out a new image every Summer.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Michael Serino,

    there's quite a lot of topics addressed in your post - I'll try to untangle them. If you need more information on certain aspects I'd suggest that you start individual threads.

    First of all, updating and management are distinct parts - one might work while the other doesn't. Policies are transferred to and status is received from the endpoints with the remote management system (RMS) which uses ports 8192 and 8194. Updates are done over UNC/SMB or HTTP.

    awaiting policy transfer
    means that one or more policies have changed (either a setting has changed or a different policy has been applied) and the endpoint has not yet reported its compliance status. Note that the Policy compliance column in the Status tab is an aggregate value showing the "most severe" (Comparison failure, Differs from policy, Awaiting policy from console, Awaiting policy transfer, Same as policy) from the individual policies.
    Whenever a policy is changed messages are built and enqueued to inform the affected endpoints and the status is changed to Awaiting policy transfer. The messages eventually time out and if they can't be sent the are deleted but the status remains the same. If later the endpoint is communicating again a right-click Comply with ... will cause the policies to be re-sent.

    what I'm seeing from the SEC, the last time most of these machines received updates
    what you see is the last reported status - it doesn't necessarily reflect the actual state of the endpoint. If there is a communication (RMS) issue the status won't get updated. If the computer icon has a red cross overlaid there's no communication (the green overlay is not absolutely reliable, you should check the Last message time column under the Computer Details tab.

    I hope I've given you enough information so that you can better assess the situation. A reinstall might or might not resolve a communication issue (apparently not all Macs suffer problems).

    Last but no least:
    a new image every Summer
    with the OS and all, Windows and OS X alike? It has to be done correctly, I assume this was the case.

    Christian   

Reply
  • 0

    Hello Michael Serino,

    there's quite a lot of topics addressed in your post - I'll try to untangle them. If you need more information on certain aspects I'd suggest that you start individual threads.

    First of all, updating and management are distinct parts - one might work while the other doesn't. Policies are transferred to and status is received from the endpoints with the remote management system (RMS) which uses ports 8192 and 8194. Updates are done over UNC/SMB or HTTP.

    awaiting policy transfer
    means that one or more policies have changed (either a setting has changed or a different policy has been applied) and the endpoint has not yet reported its compliance status. Note that the Policy compliance column in the Status tab is an aggregate value showing the "most severe" (Comparison failure, Differs from policy, Awaiting policy from console, Awaiting policy transfer, Same as policy) from the individual policies.
    Whenever a policy is changed messages are built and enqueued to inform the affected endpoints and the status is changed to Awaiting policy transfer. The messages eventually time out and if they can't be sent the are deleted but the status remains the same. If later the endpoint is communicating again a right-click Comply with ... will cause the policies to be re-sent.

    what I'm seeing from the SEC, the last time most of these machines received updates
    what you see is the last reported status - it doesn't necessarily reflect the actual state of the endpoint. If there is a communication (RMS) issue the status won't get updated. If the computer icon has a red cross overlaid there's no communication (the green overlay is not absolutely reliable, you should check the Last message time column under the Computer Details tab.

    I hope I've given you enough information so that you can better assess the situation. A reinstall might or might not resolve a communication issue (apparently not all Macs suffer problems).

    Last but no least:
    a new image every Summer
    with the OS and all, Windows and OS X alike? It has to be done correctly, I assume this was the case.

    Christian   

Children
No Data
Unfiltered HTML