Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 13000 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console V5.5

Leec

Hi

I have an issue with a sophos enterprise console running on a windows 2008 server, Issue is the console opens but then shows that it hasnt updated definitions from sophos. and none of the clients are talking to the server. I know that the server is getting the updates, and i can see the warehouse files updating when it is run. Even the clients are updating from the server and say they are up to date.

Any help would be most appriecated 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Lee Calvert,

    look like communication is stuck.
    If you view the management server in the Endpoints view, tab Computer Details, what is the Last message time? On the dashboard - what are the numbers for Managed and Connected Computers? I assume Connected is much less than you expect. If you didn't reboot the server recently please restart the Sophos Message Router service.

    Christian

  • 0 in reply to QC

    Hi Christian

    Thanks for the reply server has been restarted many times, console say 130 managed connected 0.

    Below is log from updating log for server client, which also isnt reporting to itself. last update time is 23/02/2018 09:19:20.

  • 0 in reply to Leec

    Hello Lee Calvert,

    connected 0 is a communication problem.
    Please restart the mentioned service on the management server, and after a minute or so check the latest Router- log (%ProgramData%\Sophos\Remote Management System\3\Router\Logs\).

    Christian

  • 0 in reply to QC

    Hi Christian

     

    have restart service and have got the agent file log from the server, as im doing this remotely at present, so sorry for the slow response working on different site.

    i also have the router log if you need that as well

     

    lee

    Agent-20180223-141233.log

  • 0 in reply to Leec

    Router-20180223-150055.logHi Christian 

     

    here is the router log for the server client

     

    tks

  • 0 in reply to Leec

    Hello Lee,

    yes, it's the Router log that should have some more information, SUM seems to be running fine and also talks to the Agent.

    Christian

  • 0 in reply to QC

    Based on the IOR of the server router:

    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000300000000000000a8000000010102000f0000003136392e3235342e3234302e39340000012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001004000004f4154010000001800000001004000010001000100000001000105090101000000000014000000080000000100a6008600022000000000a4000000010102000d00000031302e32312e32372e323533003401204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657275746503000000000000000800000001004000004f4154010000001800000001004000010001000100000001000105090101000000000014000000080000000100a6008600022000000000a800000001010200100000003136392e3235342e3139322e31393600012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001004000004f4154010000001800000001004000010001000100000001000105090101000000000014000000080000000100a60086000220

    Which equates to the 3 IPs:

    Profiles:
1. IIOP 1.2 169.254.240.94 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
            TAG_ORB_TYPE 0x54414f00
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: 
            
            TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134

2. IIOP 1.2 10.21.27.253 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
            TAG_ORB_TYPE 0x54414f00
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: 
            
            TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134

3. IIOP 1.2 169.254.192.196 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
            TAG_ORB_TYPE 0x54414f00
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: 
            
            TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134

    I assume that the clients that connect to this server all reference it on the 10.21.27.253 interface.

    As a result. I would suggest to edit:
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router"
    changing the value for ImagePath from:

    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194
    to
    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://10.21.27.253:8193/ssl_port=8194

    Then edit: 
    "HKEY_LOCAL_MACHINE\SOFTWARE\sophos\Messaging System\Router"(32bit) or "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\sophos\Messaging System\Router"(64bit)
    changing the value for ServiceArgs from:

    "-ORBListenEndpoints iiop://:8193/ssl_port=8194"
    to
    "-ORBListenEndpoints iiop://10.21.27.253:8193/ssl_port=8194"

    Restart the Sophos Message Router Service and then restart the Sophos Agent service.

    If this still fails. Can you provide the new Sophos Message Router and Sophos Agent log file?

    Regards,

    Jak

Reply
  • 0 in reply to QC

    Based on the IOR of the server router:

    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000300000000000000a8000000010102000f0000003136392e3235342e3234302e39340000012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001004000004f4154010000001800000001004000010001000100000001000105090101000000000014000000080000000100a6008600022000000000a4000000010102000d00000031302e32312e32372e323533003401204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657275746503000000000000000800000001004000004f4154010000001800000001004000010001000100000001000105090101000000000014000000080000000100a6008600022000000000a800000001010200100000003136392e3235342e3139322e31393600012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001004000004f4154010000001800000001004000010001000100000001000105090101000000000014000000080000000100a60086000220

    Which equates to the 3 IPs:

    Profiles:
1. IIOP 1.2 169.254.240.94 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
            TAG_ORB_TYPE 0x54414f00
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: 
            
            TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134

2. IIOP 1.2 10.21.27.253 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
            TAG_ORB_TYPE 0x54414f00
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: 
            
            TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134

3. IIOP 1.2 169.254.192.196 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
            TAG_ORB_TYPE 0x54414f00
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: 
            
            TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134

    I assume that the clients that connect to this server all reference it on the 10.21.27.253 interface.

    As a result. I would suggest to edit:
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router"
    changing the value for ImagePath from:

    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194
    to
    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://10.21.27.253:8193/ssl_port=8194

    Then edit: 
    "HKEY_LOCAL_MACHINE\SOFTWARE\sophos\Messaging System\Router"(32bit) or "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\sophos\Messaging System\Router"(64bit)
    changing the value for ServiceArgs from:

    "-ORBListenEndpoints iiop://:8193/ssl_port=8194"
    to
    "-ORBListenEndpoints iiop://10.21.27.253:8193/ssl_port=8194"

    Restart the Sophos Message Router Service and then restart the Sophos Agent service.

    If this still fails. Can you provide the new Sophos Message Router and Sophos Agent log file?

    Regards,

    Jak

Children
No Data
Unfiltered HTML