Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 3 subscribers
  • Views 31146 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client not reporting to the the console Management

SecureIA Ltd

Hi All,

 

Not sure if this is the right place to post this but sure someone can advise or move it to the correct place if not.

 

At first it wasn't showing in the Management console at all.

So went through everything I can think of and all the guides given on the Sophos community. My first check was of the ReportData.xml file in C:\ProgramData\Sophos\Remote Management System\3\Router\NetworkReport\ and made sure the IPs where correct (which they are).

 

I then reset the Sophos Message Router Service to find it then started showing in the Sophos Enterprise console on the Management server, but now it is greyed out. I did the usual and made sure it was assigned to a group which it is and it isn't forcing the Policy on to the client. I have tried 3 Administrator accounts which are all connected through the domain the client is on.

 

I know the firewalls are all correct and everything has been set correctly, this is a new project I have recently took on as it has been an issue for a year. But the thing is the Endpoint client is updating perfectly fine.

 

So I tried a reinstallation from the Share folder (but I didn't use the SophosUpdateMgr account) which is set up in the SUM because who ever set it up previously have not saved the details to this account in our register we use for this particular infrastructure. Could this be the issue? If not, what could it be? There is the error message "The installation credentials you entered in the "Protect Computers Wizard" are either incorrect or do not give administrator access to the computer over the network, which I know they do because these are all connected to the domain. 

 

So I am now at a loss at to what this can be? 



This thread was automatically locked due to age.
  • 0 in reply to QC

    HI QC,

     

    I am very sorry for such a delayed response, unfortunately the EICAR detection didn't forward to the logs. On the current machine Windows firewall is disabled, I mean would this be required to run Sophos and get it connected to the console?

     

    Regards,

     

    James

  • 0 in reply to SecureIA Ltd

    Hello James,

    RMS communication requires TCP remote ports 8192 and 8194 OUT to server_ip for RouterNT.exe (and ideally local port 8194 IN). If you can telnet, as you've said in a previous post, this requirement is apparently met and the endpoint should appear in the console as connected.

    Christian 

  • 0 in reply to QC

    Understandable I have checked both through our own external and internal firewalls, windows and also wireshark and can see traffic between the 2. So it is an absolute mystery to why its not reporting its status to the console.

     

    If you require any additional information, I am currently on Sophos today on another infrastructure so I can jump on to this one if required and get it. I did try the Migration tool to see if trying to a repoint to the server would work but we can rule that out.

     

    I do believe there is an issue with the RMS or someone along the communication side of things, but finding it and diagnosing it is becoming a nuisance. I am going through patching to in regards to all the vulnerabilities from intel etc. So I am going to follow the uninstallation guide that Sophos sent to me and do exactly the way it says then go through the instillation process again. Hopefully I can do this by the end of the week and I will update the post to whether it worked or not.

     

    Regards,

    James

  • 0 in reply to SecureIA Ltd

    Hello James,

    you've a snippet from the Router log where it says Failed to get messages and then reconnects - still the same behaviour?
    But as you're about to patch it's probably better to un- and reinstall and check if this resolves the issue.

    Christian

  • 0 in reply to QC

    I'll take another look through the logs as these seem quite old now the last ones, I will do the EICAR thing again as I can't remember if the logs caught that or not. And post anything here I find.

     

    Yes thats correct I am hopefully getting through it this week so the plan was to throw Sophos in to all this at same time haha! One way to get around it without having to do paperwork etc. 

     

    Regards,

    James

Unfiltered HTML