Cause with protecting clients in SEC

Hello Marvin Harms,

Protect requires that the management server can "find" the computer - i.e. it must be able to resolve the names (that you have probably imported by some means) with Windows networking or DNS. Nothing would be strange, something should happen - at least you should get an error message.

Who has administrative rights on these laptops? It might be simpler to install with a package.

Christian

Hello Christian,

thanks for your fast reply. I imported the clients from the Active Directory.

The error ist 0000002E (or more "0" :D )

I think all has administrative rights, we are all external consultants and work from home or in projects.

I tried it with the standalone installer. The client is protected but not shown as protected in die Enterprise console.

Marvin

Hello Marvin,

0x0000002e is the installation could not be started. Various causes but in your case likely that the computer couldn't be found.

The standalone version is just that - standalone, in other words: unmanaged. It's rather easy though to create a managed package using the Deployment Packager.

Christian

Hello Christian,

with this way i protect the client and see the client as protected and managed in my SEC ?

I tried it in the morning, but i think not right.

I will try it and give you a feedback.

Marvin

Hello Christian,

with this way i protect the client and see the client as protected and managed in my SEC ?

I tried it in the morning, but i think not right.

I will try it and give you a feedback.

Marvin

Hello Marvin,

you have to select the RMS component, this is the thingy responsible for management - otherwise it's in principle a SA install. It should work (we're mostly using packages).

Christian

Hello Christian,

i deployed my SophosEndpoint.exe to my Laptop and installed it. After installation there is no connection to the Enterprise Console. My Server crendentials are in the Sophos AutoUpdate.

I think there is an other cause,too... Can´t reach my server over UNC path and can´t ping the server from client and the client from the server.

Marvin

Hello Marvin,

can´t ping
at least the endpoint must be able to resolve the server's name (NetBIOS or FQDN) and reach the SMB ports or, if updating via HTTP, port 80, and for communication ports 8192 and 8194. ICMP (ping) isn't necessary. Protect from the console has additional requirements but this comes second.

Do you ping with the name or IP and what is the error?

Christian

Hello Christian,

i ping with the IP and with the name.

Made GPO like the Sophos Support on the Domain Server.  https://www.youtube.com/watch?v=3bZJxvadoT0

Unfortunately, I do not know how to continue with my error.

Do I understand this in the right way if i can not reach the server about the UNC path and can´t ping, the installation / protection can not start?

Marvin

Hello Marvin,

of course the endpoint must be able to reach the server - how else could it download and update the software (or report its status).
The screenshot suggests that the route to 192.168.xxx.xxx is broken - it gets as far as the 62.x.x.x and then gets the Zielhost nicht erreichbar. It's a network problem, not a problem with your installation.

Christian

Hello Christian,

I have come further with my problems.. If i click protect, theyellow arrow is there.

Now i have two other errors.

Error fffffffd computer not managed

and

80070002 The installation could not be started

Have seen the articles, but it doesnt help, or I can not get on with it.

Here is a screenshot from the alc.log (c:\ProgramData\Sophos\AutoUpdate\logs\alc.log)

Marvin

Hello Marvin,

the screenshot can't be from shortly after Protect as it is apparently already installed. Did you try to Protect a computer where Sophos is already installed?
Strange that it shows failed downloads RMSNT, SAVXP, AutoUpdate, and SSP due to error 86 (password incorrect) - the latter three are then downloaded from Sophos - but succeeds with NTP and SED. The credentials should be the same so why do they suddenly work? Is this a domain account?

As to the errors: The second says that the install task couldn't be created or started, the first tell that it was started but RMS failed to report back (either it's not running on the endpoint or it could not reach port 8192 or 8194 on the server).

Christian

Hello Christian,

Yes, i tried protect the computer where sophos AutoUpdate is installed.

0Sophos is my account like "SophosUpdateMgr".

After uninstall AutoUpdate and protect computer again i have this error :

If i make telnet connections from client to server, i see these:

Telnet to Server on Port 8192

Telnet to Server on Port 8194

I see the Cursor flicker

Marvin

Hello Marvin,

so the install has succeeded. The server answers on port 8192 - is 192.168.158.139 the IP you have used for telnet? - and the response on 8194 is the expected one. If so, please check the Router log in %ProgramData%\Sophos\Remote Management System\3\Router\Logs\. This should tell why the endpoint can't communicate with the server.

Christian

Hello Christian,

09.03.2018 10:48:27 1C8C I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20180309-094827.log
09.03.2018 10:48:27 1C8C I Sophos Messaging Router 4.1.1.127 starting...
09.03.2018 10:48:27 1C8C I Setting ACE_FD_SETSIZE to 138
09.03.2018 10:48:27 1C8C I Initializing CORBA...
09.03.2018 10:48:27 1C8C I Connection cache limit is 10
09.03.2018 10:48:28 1C8C I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
09.03.2018 10:48:28 1C8C I Creating ORB runner with 4 threads
09.03.2018 10:48:28 1C8C W No public key certificate found in the store. Requesting a new certificate.
09.03.2018 10:48:28 1C8C I Getting parent router IOR from 192.168.158.139:8192
09.03.2018 10:48:28 1C8C I This computer is part of the domain PARADOX
09.03.2018 10:48:49 1C8C I This computer is part of the domain PARADOX
09.03.2018 10:48:49 1C8C I Getting parent router IOR from fe80::bc28:431e:a704:4f2:8192
09.03.2018 10:48:49 1C8C E ACE_INET_Addr::ACE_INET_Addr: fe80::bc28:431e:a704:4f2: Authoritive: Host not found
09.03.2018 10:48:49 1C8C W Parent address unknown: Authoritive: Host not found (11001)
09.03.2018 10:48:49 1C8C I Getting parent router IOR from PXNPAPP07.paradox.local:8192
09.03.2018 10:49:10 1C8C I Getting parent router IOR from PXNPAPP07:8192
09.03.2018 10:49:32 1C8C I This computer is part of the domain PARADOX
09.03.2018 10:49:32 1C8C E Failed to get parent router IOR
09.03.2018 10:49:32 1C8C W Failed to get certificate, retrying in 600 seconds
09.03.2018 10:59:33 1C8C I Getting parent router IOR from 192.168.158.139:8192
09.03.2018 10:59:54 1C8C I Getting parent router IOR from fe80::bc28:431e:a704:4f2:8192
09.03.2018 10:59:54 1C8C E ACE_INET_Addr::ACE_INET_Addr: fe80::bc28:431e:a704:4f2: Authoritive: Host not found
09.03.2018 10:59:54 1C8C W Parent address unknown: Authoritive: Host not found (11001)
09.03.2018 10:59:54 1C8C I Getting parent router IOR from PXNPAPP07.paradox.local:8192
09.03.2018 11:00:15 1C8C I Getting parent router IOR from PXNPAPP07:8192
09.03.2018 11:00:36 1C8C E Failed to get parent router IOR
09.03.2018 11:00:36 1C8C W Failed to get certificate, retrying in 600 seconds
09.03.2018 11:08:32 1C8C E Router::Start: Caught Router stopped before certificate obtained

This is the Logfile... The only entry is from the 09.03 ?

Have you a idea? I am so desperate....

Marvin