This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ENTERPRISE CONSOLE - REMOTE CLIENT NOT CONNECTED

Good morning, our securty enterprise console from a couple of months is no longer able to communicate with customers' computers, even update managers have not been updated for months; client-side updates instead work correctly.
I tried with the following solutions:
- correct communication of  server-side ports and telnet tests from clients
- control of services started
- community.sophos.com/.../time-of-last-binary-update-is-a-long-time-ago
- https: //community.sophos.com/products/endpoint-security-control/f/sophos-enterprise-console/96059/most-clients-shown-as-disconnected-in-sec-5-5-0

I have not solved
thank you

Emanuele


This thread was automatically locked due to age.
Parents
  • Hello Emanuele,

    are you an MSP?

    client side updates [...] work correctly
    did you also check the Network Communication Report? You say that telnet yourSECserver 8192 works - you did get an IOR: in response= If so, you can parse it here (you have to remove the CRLFs so that the IOR: is a single line).

    Christian

  • Yes i am a partner.

     

    Network report says it's everything ok, 

     

    telet result internal network:

     

    _IIOP_ParseCDR:  byte order LittleEndian, repository id <IDL:SophosMessaging/MessageRouter:1.0>, 1 profile
    _IIOP_ParseCDR:  profile 1 is 164 bytes, tag 0 (INTERNET), LittleEndian byte order
    (iiop.c:parse_IIOP_Profile):  bo=LittleEndian, version=1.2, hostname=10.234.0.53, port=8193, object_key=<....NUP...!........RootPOA.RouterPersistent.........MessageRouter>
    (iiop.c:parse_IIOP_Profile):  encoded object key is <%14%01%0F%00NUP%00%00%00%21%00%00%00%00%01%00%00%00RootPOA%00RouterPersistent%00%03%00%00%00%01%00%00%00MessageRouter>
    (iiop.c:parse_IIOP_Profile):  non-native cinfo is <iiop_1_2_1_%2514%2501%250F%2500NUP%2500%2500%2500%2521%2500%2500%2500%2500%2501%2500%2500%2500RootPOA%2500RouterPersistent%2500%2503%2500%2500%2500%2501%2500%2500%2500MessageRouter@tcp_10.234.0.53_8193>
    object key is <#14#01#0F#00NUP#00#00#00!#00#00#00#00#01#00#00#00RootPOA#00RouterPersistent#00#03#00#00#00#01#00#00#00MessageRouter>;
     no trustworthy most-specific-type info; unrecognized ORB type;
     reachable with IIOP 1.2 at host "10.234.0.53", port 8193

    object key is <#14#01#0F#00NUP#00#00#00!#00#00#00#00#01#00#00#00RootPOA#00RouterPersistent#00#03#00#00#00#01#00#00#00MessageRouter>;
     no trustworthy most-specific-type info; unrecognized ORB type;
     reachable with IIOP 1.2 at host "10.234.0.53", port 8193



    telnet from remote client:

    _IIOP_ParseCDR:  byte order LittleEndian, repository id <IDL:SophosMessaging/MessageRouter:1.0>, 1 profile
    _IIOP_ParseCDR:  profile 1 is 164 bytes, tag 0 (INTERNET), LittleEndian byte order
    (iiop.c:parse_IIOP_Profile):  bo=LittleEndian, version=1.2, hostname=10.234.0.54, port=8193, object_key=<....NUP...!........RootPOA.RouterPersistent.........MessageRouter>
    (iiop.c:parse_IIOP_Profile):  encoded object key is <%14%01%0F%00NUP%00%00%00%21%00%00%00%00%01%00%00%00RootPOA%00RouterPersistent%00%03%00%00%00%01%00%00%00MessageRouter>
    (iiop.c:parse_IIOP_Profile):  non-native cinfo is <iiop_1_2_1_%2514%2501%250F%2500NUP%2500%2500%2500%2521%2500%2500%2500%2500%2501%2500%2500%2500RootPOA%2500RouterPersistent%2500%2503%2500%2500%2500%2501%2500%2500%2500MessageRouter@tcp_10.234.0.54_8193>
    object key is <#14#01#0F#00NUP#00#00#00!#00#00#00#00#01#00#00#00RootPOA#00RouterPersistent#00#03#00#00#00#01#00#00#00MessageRouter>;
     no trustworthy most-specific-type info; unrecognized ORB type;
     reachable with IIOP 1.2 at host "10.234.0.54", port 8193

    object key is <#14#01#0F#00NUP#00#00#00!#00#00#00#00#01#00#00#00RootPOA#00RouterPersistent#00#03#00#00#00#01#00#00#00MessageRouter>;
     no trustworthy most-specific-type info; unrecognized ORB type;
     reachable with IIOP 1.2 at host "10.234.0.54", port 8193


     

  • Hello Emanuele,

    only this customer's computers are out of date (are they also disconnected  )?
    Next thing I'd check is the Router log (%ProgramData%\Sophos\Remote Management System\3\Router\Logs\ on one of the remote endpoints.

    Christian

  • Yes, our computers are ok, so i thought it was a n outgoing connection problem and test telnet to ports.

    Customer's computer are updated ( they reach name.domain.xxx :8181) , i only see them disconnected from the console

    I forgot to tell that i've also updated sec to 5.5.1.

     

    Router log on remote endpoint ( also update manager )

     

    Last entries: 

     

    04.07.2018 10:22:44 06DC I Getting parent router IOR from update.xx.xxx:8192
    04.07.2018 10:22:44 06DC I Received parent router's IOR:
    IOR:54765897890.......
    04.07.2018 10:22:44 06DC I Successfully validated parent router's IOR
    04.07.2018 10:22:44 06DC I Accessing parent
    04.07.2018 10:25:17 0D10 I RouterTableEntry state (router, logging on): Router$workstation:153099 is active consumer (will try to notify), active supplier
    04.07.2018 10:25:17 0D10 I Writing router table file
    04.07.2018 10:25:17 0D10 W Notification threshold calls will not be attempted, because the number of notification threshold threads is 0
    04.07.2018 10:25:17 0D10 I Logged on Router$WRK575HP:153099 as a router
    04.07.2018 10:25:17 0640 I Routing to parent: id=013C846D, origin=Router$upmang:144026, dest=EM, type=EM-RouterLogon
    04.07.2018 10:25:31 0D10 I RouterTableEntry state (router, logging on): Router$WRK569bis:153103 is active consumer (will try to notify), active supplier
    04.07.2018 10:25:31 0D10 W Notification threshold calls will not be attempted, because the number of notification threshold threads is 0
    04.07.2018 10:25:31 0D10 I Logged on Router$WRK569bis:153103 as a router
    04.07.2018 10:25:31 0640 I Routing to parent: id=013C847B, origin=Router$upmang:144026, dest=EM, type=EM-RouterLogon
    04.07.2018 10:25:49 0E7C I RouterTableEntry state (router, logging on): Router$WRK569HP:153071 is active consumer (will try to notify), active supplier
    04.07.2018 10:25:49 0E7C W Notification threshold calls will not be attempted, because the number of notification threshold threads is 0
    04.07.2018 10:25:49 0E7C I Logged on Router$WRK569HP:153071 as a router
    04.07.2018 10:25:49 0640 I Routing to parent: id=013C848D, origin=Router$upmang:144026, dest=EM, type=EM-RouterLogon
    04.07.2018 10:26:01 0D10 I RouterTableEntry state (router, logging on): Router$WRK556HPZ:153234 is active consumer (will try to notify), active supplier
    04.07.2018 10:26:01 0D10 W Notification threshold calls will not be attempted, because the number of notification threshold threads is 0
    04.07.2018 10:26:01 0D10 I Logged on Router$WRK556HPZ:153234 as a router
    04.07.2018 10:26:01 0640 I Routing to parent: id=013C8499, origin=Router$upmang:144026, dest=EM, type=EM-RouterLogon
    04.07.2018 10:26:44 13D4 W Delivery failed(Timeout) for message type EM-GetStatus-Reply, originator Router$ELSUM01:144026.Agent
    04.07.2018 10:28:27 0640 I Routing to parent: id=013C852B, origin=Router$upmang:144026.Agent, dest=EM, type=EM-GetStatus-Reply
    04.07.2018 10:30:53 0640 I Routing to parent: id=013C85BD, origin=Router$upmang:144026.Router$WRK568Z:0, dest=CM, type=Certification.UniqueTokenRequest
    04.07.2018 10:31:24 13D4 W Delivery failed(Timeout) for message type Certification.UniqueTokenRequest, originator Router$ELSUM01:144026.Router$WRK568Z:0
    04.07.2018 10:32:07 0640 I Routing to parent: id=013C8607, origin=Router$upmang:144026.Agent, dest=EM, type=EM-EntityEvent
    04.07.2018 10:32:08 0640 I Routing to parent: id=013C8608, origin=Router$upmang:144026.Agent, dest=EM, type=EM-EntityEvent
    04.07.2018 10:32:12 0640 I Routing to parent: id=013C860C, origin=Router$upmang:144026.Agent, dest=EM, type=EM-EntityEvent
    04.07.2018 10:32:32 0640 I Routing to parent: id=013C8620, origin=Router$upmang:144026.Agent, dest=EM, type=EM-GetStatus-Reply
    04.07.2018 10:33:24 06DC E ParentLogon::RegisterParent: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'
    OMG minor code (2), described as '*unknown description*', completed = NO

     

     


    04.07.2018 11:07:24 06DC I Getting parent router IOR from name.domain.com:8192
    04.07.2018 11:07:24 06DC I Received parent router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312ecc...
    04.07.2018 11:07:24 06DC I Successfully validated parent router's IOR
    04.07.2018 11:07:24 06DC I Accessing parent
    04.07.2018 11:07:34 13D4 W Delivery failed(Timeout) for message type EM-GetStatus-Reply, originator Router$updatemang:144026.Agent

  • Hello Emanuele,

    as far as I can see this SUM/relay is communicating with its clients, it can also connect to the management server but when it tries to actually send a message it encounters a timeout. What's missing are the lines after Accessing parent:
    Accessing parent
    SSL handshake done, local IP address = xxx.xxx.xxx.xxx
    Parent is Router$UpstreamServer

    It looks like establishing the connection to port 8194 fails with a timeout.

    Christian

  • Hello, if i telnet 8194 i receive no error, after some second the connection drops.

    Same behavior from internal and external

     

    Other test i can do?

Reply Children