This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update manager - timeout error

Hello!

We installed new SEC 5.5. Before that it was Control Center ver 4.0.x.

When SEC runs Update wizard shows and after user name and password is entered its trying to connect (I guess) but the time out error pop up.

 

Also Sophos Management Service is not running properly - it starts then it stops.

Inside the folder "C:\ProgramData\Sophos\Remote Management System\3\Router\Logs" 2 log files are being created every minute with the same error.

 

Error in Router log:

18.07.2017 10:32:02 04F0 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20170718-083202.log
18.07.2017 10:32:02 04F0 I Sophos Messaging Router 4.1.0.140 starting...
18.07.2017 10:32:02 04F0 I Setting ACE_FD_SETSIZE to 20640
18.07.2017 10:32:02 04F0 I Initializing CORBA...
18.07.2017 10:32:02 04F0 I Connection cache limit is 20512
18.07.2017 10:32:03 04F0 I Creating ORB runner with 16 threads
18.07.2017 10:32:04 04F0 I Compliant certificate hashing algorithm.
18.07.2017 10:32:04 04F0 E This machine may have more IP addresses than are supported or the port may already be in use.
18.07.2017 10:32:04 04F0 E Router::Start: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_PARAM:1.0'
TAO exception, minor code = 40 (endpoint initialization failure in Acceptor Registry; low 7 bits of errno: 64 Unknown error), completed = NO

 

What could be wrong?

 

Regards,

Miha

 

 



This thread was automatically locked due to age.
Parents
  • Hello Miha,

    so this is a fresh install, which Server version (I assume it's a new one)?
    more IP addresses than are supported would be more than 62 - I don't think this is the case. Is some process using 8194 (netstat -nao | find ":8194")?

    Christian

  • Hello QC!

    No, the command doesnt return anything.

    BR

  • What about full of errors from "C:\ProgramData\Sophos\Remote Management System\3\Agent\Logs\Agent-20170718-080534.log":

    18.07.2017 16:06:19 1F24 W MSClient::Connect: failed to get router's IOR from supplied address and port.
    18.07.2017 16:06:19 1F24 W NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
    ClientConnection::Reconnect()

     

    Log starts with:

    18.07.2017 10:05:34 16C0 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Agent/Logs/Agent-20170718-080534.log
    18.07.2017 10:05:34 16C0 I Sophos Management Agent 4.1.0.140 starting...
    18.07.2017 10:05:34 16C0 I Starting AdapterManager ...
    18.07.2017 10:05:34 1F54 I Starting AdapterMonitor thread ...
    18.07.2017 10:05:34 1F54 I Loading new adapters: 1 registered adapters; 0 loaded adapters.
    18.07.2017 10:05:34 1F54 I Detected new adapter SDDM.
    18.07.2017 10:05:34 1F54 I Loading adapter SDDM ...
    18.07.2017 10:05:34 1F54 I SDDMA: Using host 127.0.0.1 and port 51234.
    18.07.2017 10:05:34 4998 I SDDMA: Connecting to SDDM...
    18.07.2017 10:05:34 4998 I SDDMA: An uninitialized socket was created.
    18.07.2017 10:05:34 4998 I SDDMA: Connection to SDDM successful.
    18.07.2017 10:05:34 4998 I SDDMA: Logon key written successfully.
    18.07.2017 10:05:34 1F54 I Adapter SDDM has been loaded successfully.
    18.07.2017 10:05:34 4998 I SDDMA: Logon key sent.
    18.07.2017 10:05:34 4998 I SDDMA: Socket connection authenticated.
    18.07.2017 10:05:34 4894 I SDDMA: IndicationsProcessor::ConnectionCallback() called.
    18.07.2017 10:05:34 37F0 I SDDMA: The adapter is connected to SDDM.
    18.07.2017 10:05:34 37F0 I SDDMA: Sending a Status Report upstream (forced)...
    18.07.2017 10:05:34 37F0 I SDDM state observer notified that SDDM is running
    18.07.2017 10:05:34 37F0 I SDDM state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" xmlns:xsi="www.w3.org/.../XMLSchema-instance" type="sddm"><csc:CompRes policyType="9" Res="Same" RevID="ebf82b11-a9cd-4d08-b05c-251bcf7d5ce1"/><csc:CompRes policyType="10" Res="Same" RevID="76c87d99-0e0d-4853-b02e-ba5aeb316b54"/><csc:CompRes policyType="11" Res="Same" RevID="09cdcf02-6673-45e2-9049-36619153b9aa"/><csc:CompRes policyType="12" Res="Same" RevID="5354a0ea-0371-4947-ba03-ad5bfd84adfa"/><csc:CompRes policyType="13" Res="Same" RevID="ea42c825-5324-46b4-9923-c34a66faa735"/><version number="1"/><updateManager xmlns="www.sophos.com/.../common.xsd" status="OK" softwareVersion="1.6.1.124"><updateOperation id="programsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><updateOperation id="supplementsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><defaultShare user="BIZILJ\master" password="Bwi18K5yyF80ZSQkQzBTD8FKbi2IrGnMUPU="/><currency></currency></updateManager></status>
    18.07.2017 10:05:34 37F0 I SDDMA: Status report dispatched.
    18.07.2017 10:05:36 16C0 I InitialiseClientLibraryLocal Agent, SOFTWARE\Sophos\Remote Management System\ManagementAgent\Private, , 1, ...

  • Hello Miha,

    these are caused by the router not listening.
    The verbose router log doesn't tell more - it looks like the router can't get the port, it might check all three though: 8192,8193,8194.

    Christian

  • Hello QC!

    What do you advise?

    BR, Miha

  • Hello Miha,

    thanks - but I can't scroll in the screenshot [:D]. You say there isn't any output for 8194?

    I assume that RouterNT.exe creates a new process when restarting. In the screenshot it's the process with ID 3740, it listens (and even has two remote connections) on 8192 and should do so on 8193 and 8194 as well. Apparently it doesn't - what's the process with ID 3608 that listens on port 8193? 

    Christian

  • Hello Miha,

    thanks. Obviously it's the Exchange Service Host that's using port 8193 - can't say why though. I'm pretty sure this is the cause for the CORBA exception.

    In principle you could change the ports RMS uses - as you have existing endpoints it's not simple though. Thus changing this port for the Exchange Service Host is the preferred action (it doesn't seem to be a "standard" settings as otherwise there'd likely be an article or at least already some reports).

    Christian

  • Hello QC!

    Because there are only few clients in this SEC (less than 10) I would prefer change the RMS ports and then redeploy clients.

    Is this the right procedure for my scenario?

    https://community.sophos.com/kb/en-us/25780

     

    Regards, 

    Miha

  • Hello Miha,

    yup, this is it.
    And you don't need to reprotect the endpoints if you follow the procedure outlined here (starting at 1.2, i.e. copying mrinit.conf to the \rms subfolder).

    Christian

  • Hello QC!

    I changed ServiceArgs frog 8193 to 8195 

    but netstat is showing 8195 is not used

    Regards,

    Miha

  • Hello Miha,

    I assume you've made sure that the service was stopped and started. What does the router log say?

    Christian

Reply Children
  •  

    19.07.2017 12:49:00 4778 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20170719-104900.log
    19.07.2017 12:49:00 4778 I Sophos Messaging Router 4.1.0.140 starting...
    19.07.2017 12:49:00 4778 I Setting ACE_FD_SETSIZE to 20640
    19.07.2017 12:49:00 4778 I Initializing CORBA...
    19.07.2017 12:49:00 4778 I Connection cache limit is 20512
    19.07.2017 12:49:00 4778 D New context options = 1000004
    19.07.2017 12:49:00 4778 D Router::ConfigureSslContext: configuration finished.
    19.07.2017 12:49:00 4778 T IPAddressSet::InitialiseWithHost() called
    19.07.2017 12:49:00 4778 T Added host network address:192.168.0.2:0
    19.07.2017 12:49:00 4778 T Added host network address:127.0.0.1:0
    19.07.2017 12:49:00 4778 T IPAddressSet::InitialiseWithHost() returns
    19.07.2017 12:49:00 4778 D Creating ORB...
    19.07.2017 12:49:00 4778 I Creating ORB runner with 16 threads
    19.07.2017 12:49:00 52EC D RunORB thread started
    19.07.2017 12:49:00 5020 D RunORB thread started
    19.07.2017 12:49:00 47BC D RunORB thread started
    19.07.2017 12:49:00 4844 D RunORB thread started
    19.07.2017 12:49:00 1958 D RunORB thread started
    19.07.2017 12:49:00 48EC D RunORB thread started
    19.07.2017 12:49:00 4DF0 D RunORB thread started
    19.07.2017 12:49:00 3BB4 D RunORB thread started
    19.07.2017 12:49:00 39CC D RunORB thread started
    19.07.2017 12:49:00 53BC D RunORB thread started
    19.07.2017 12:49:00 3DCC D RunORB thread started
    19.07.2017 12:49:00 5094 D RunORB thread started
    19.07.2017 12:49:00 1A94 D RunORB thread started
    19.07.2017 12:49:00 07A4 D RunORB thread started
    19.07.2017 12:49:00 2558 D RunORB thread started
    19.07.2017 12:49:00 1960 D RunORB thread started
    19.07.2017 12:49:01 4778 I Compliant certificate hashing algorithm.
    19.07.2017 12:49:01 4778 D Not requesting a new certificate.
    19.07.2017 12:49:01 4778 D Resolving the root object adapter...
    19.07.2017 12:49:01 4778 E This machine may have more IP addresses than are supported or the port may already be in use.
    19.07.2017 12:49:01 4778 E Router::Start: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_PARAM:1.0'
    TAO exception, minor code = 40 (endpoint initialization failure in Acceptor Registry; low 7 bits of errno: 64 Unknown error), completed = NO

    19.07.2017 12:49:01 4778 I Restarting...

  • Hello Miha,

    please check the Path to executable (click on the path, you can then shift it in the display) in the Sophos Message Router service's Properties just to make sure it has picked up the changes. It looks like it's still trying to use a taken port (is 8194 indeed unassigned?).
    You can't stop (at least for a short time) the Exchange service, can you? Just to verify that the router can then start.

    Christian

  • Hello QC!

    I stoped Exchang service host, restarted Message router and it service is working now. 

    Router log is bigger now 33kb vs 3kb 

      

  • In my previus post I forgot Exchange service host is also running.

  • I restarted Exchange Trotheling service and now netstat is showing

    1332 - sophos message router

  • Hello Miha,

    so process 3740 is also an Exchange service.
    In this case change all three ports for the router and in mrinit.conf. Make sure you select free ones [;)]

    BTW: I wonder why Exchange is sitting on just these ports, as said - we would have heard if this were standard.

    Christian

  • Hello Christian!

    Thank you for all you patience and answers.

    Can you give a bit mor explanations here: change all three ports for the router 

    Do you mean the value?

    Regards,

    Miha

  • Hello Miha,

    you'd have to change the occurrences of 8193 (0x00002001) and 8194 (0x00002002) in the registry and mrinit.conf, also the ClientIORPort and IORSenderPort (again registry and mrinit) from 0x00002000 (8192) to an appropriate value.

    Christian