Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 6057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 551 - Problems with client status

Klaussophos

Hello,

we have changed our Sophos Server to a new Server 2016. We have about 660 clients to manage with Sophos Anti-Virus. Through a logon script we deploy the new client software. About 40 clients have problems with the deployment. Most of these clients has the new software and get the new virus information, but the RMS Software isn't installed or is installed but send no information to the SEC console. I have tried to update manually on the concerned clients, but this didn't solved the problem. On this clients in RMS folder there is only 2 files (cac.pem and mrinit.conf). I tried to delete the RMS folder and reinstalled SAVSCFXP Software again, with the same result, only the two 2 files are installed. In the log-file at Windows/Temp there is the same content as at clients, which RMS is correctly installed. What can I do for my 40 clients, that they will appaer at SEC?

Klaussophos



This thread was automatically locked due to age.
Parents
  • 0

    Hi Klaussophos,

    For both the scenarios where RMS installed with no reporting back and RMS not getting installed we need to dig up few more details.

    RMS not installed:

    1. On the affected endpoint navigate to the taskbar, click Start|Run. Type appwiz.cpl and press return.
    2. Confirm Sophos Remote Management System is installed.
    3. If Sophos Remote Management System is not installed, please check AutoUpdate log for any errors installing RMS and correct them.

    Can you also look into the Windows temp for RMS install log. You can for Return value 3 and share the details here or share the entire log. It might give us some more additional information on why the installation is failing.

    RMS installed and not reporting:

    This could be because of some communication issue. Navigate to C:\ProgramData\Sophos\Remote Management System\3 Agent & Router logs(Check the log with the latest timestamp).

    Check for any errors in those log files and based on that we can determine if there are any incorrect Parent address or Port conflict which could be causing the communication issue.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Hi Gowtham Mani,

    in the alc.log file there is written for RMS:

    Zeit: 23.07.2018 15:11:07
    Meldung: Installation des Produkts RMSNT konnte nicht abgeschlossen werden
    Modul: ALUpdate
    Prozess-ID: 5148
    Thread-ID: 6720

    Zeit: 23.07.2018 15:11:06
    Meldung: Produkt RMSNT wird installiert
    Modul: ALUpdate
    Prozess-ID: 5148
    Thread-ID: 6720

     

    The last file of sophos RMS Install Log_20180723_153107.txt you can find her:

    Install from:[C:\ProgramData\Sophos\AutoUpdate\cache\rms]
    Install to  :[(null)]
    TP: Successfully requested Sophos Endpoint Defense disable tamper protection of RMS.
    TP: WaitOnServicesStoppable: Failed to open service handle.
    TP: WaitOnServicesStoppable: Failed to open service handle.
    MsiPackagePath: [C:\ProgramData\Sophos\AutoUpdate\cache\rms\Sophos Remote Management System.msi].
    Result of loading C:\Program Files (x86)\Sophos\AutoUpdate\SAUConfigDLL.dll is: [6a810000]
    LOGIC: Installed version is less than 4 (minor upgrade is n/a).
    LOGIC: Unistall needed
    Uninstallation of installed RMS required
    UNINSTALL: Using backup path C:\ProgramData\Sophos\AutoUpdate\cache\rms\installer_backup
    RMS-BACKUP: Starting back up...
    RMS-BACKUP: Get list of processes and services to stop.
    RMS-BACKUP: Retrieved [].
    RMS-BACKUP: Parsed WaitForProcesses and ListOfServices - OK.
    RMS-BACKUP: Try to stop services.
    RMS-BACKUP: Stopped services with ServiceController() - OK.
    RMS-BACKUP: Waiting for processes to disappear.
    RMS-BACKUP: Waited for processes - OK.
    RMS-BACKUP: Retrieving the CommonAppData folder.
    RMS-BACKUP: Retrieved source: [C:\ProgramData\Sophos\Remote Management System\3].
    RMS-BACKUP: Retrieved backup: [C:\ProgramData\Sophos\AutoUpdate\cache\rms\installer_backup].
    RMS-BACKUP: Directory: [C:\ProgramData\Sophos\AutoUpdate\cache\rms\installer_backup] existed.
    RMS-BACKUP: Network Report: [C:\ProgramData\Sophos\AutoUpdate\cache\rms\installer_backup\Router\NetworkReport] existed. Erasing from the backup set.
    RMS-BACKUP: Backing up registry content
    Running Command: regedit /E "C:\ProgramData\Sophos\AutoUpdate\cache\rms\installer_backup_reg\rms_registry.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System"
    Command returned 0
    Running Command: regedit /E "C:\ProgramData\Sophos\AutoUpdate\cache\rms\installer_backup_reg\messaging_registry.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System"
    Command returned 0
    UNINSTALL: Preserving cac.pem and mrinit.conf files
    UNINSTALL: cac.pem and mrinit.conf files preserved
    UNINSTALL: Removing RMS using cached msi with command: REBOOT=ReallySuppress SOPHOS_TP_TOKEN=1
    UNINSTALL: removing RMS using package msi by running MsiInstallProduct(C:\ProgramData\Sophos\AutoUpdate\cache\rms\Sophos Remote Management System.msi, "REBOOT=ReallySuppress REMOVE=ALL SOPHOS_TP_TOKEN=1")
    UNINSTALL: !RMS Setup plugin: Removal of old RMS returned exit code 1605
    TP: Successfully registered for tamper protection with Sophos Endpoint Defense.

     

    Do you have an answer for our Problems?

    Best regards

    Klaussophos

  • 0 in reply to Klaussophos

    Dear community,

    additional Information for my problem.  The affected Clients are shown in the SEC with the wrong IP addresses. What can I do, to delete those ip addresses? One of the affected Client showed in the ReportData.XML that everything is o.k. No Problems with DNS, but there is no Information about the Client IP.

    Klaussophos 

  • 0 in reply to Klaussophos

    We had to changing the IP of our SEC server it this confused a number of our endpoints as RMS pretty much failed to communicate after the changed.

    I think there is a hidden reference to the IP that RMS uses and sometimes it just wont update.

    In some cases I had to have the PC re-imaged.  Some PCs I was able to un-install sohpos endpoints and others I was not able and had to rip it out as sohpos doesn't a force un-install like other AV vendors.

    Also found that RMS relies on DNS way to much where as other processes of sohpos endpoint don't.

    Check DNS for duplicate IPs for the problem PCs.  If DNS scavenging is not setup your will have sohpos RMS issues as you will see duplicates.

    If you have multiple DNS environments are these end points using different DNS IPs, if so check all DNS to makes sure these other DNS servers don't have stale IPs for the problem PCs.

    Check SEC for duplicate names for problem PCs.

    You can also contact sohpos support for the SQL query commons to find and remove duplicates.

Reply
  • 0 in reply to Klaussophos

    We had to changing the IP of our SEC server it this confused a number of our endpoints as RMS pretty much failed to communicate after the changed.

    I think there is a hidden reference to the IP that RMS uses and sometimes it just wont update.

    In some cases I had to have the PC re-imaged.  Some PCs I was able to un-install sohpos endpoints and others I was not able and had to rip it out as sohpos doesn't a force un-install like other AV vendors.

    Also found that RMS relies on DNS way to much where as other processes of sohpos endpoint don't.

    Check DNS for duplicate IPs for the problem PCs.  If DNS scavenging is not setup your will have sohpos RMS issues as you will see duplicates.

    If you have multiple DNS environments are these end points using different DNS IPs, if so check all DNS to makes sure these other DNS servers don't have stale IPs for the problem PCs.

    Check SEC for duplicate names for problem PCs.

    You can also contact sohpos support for the SQL query commons to find and remove duplicates.

Children
  • 0 in reply to Navar Holmes

    The problem with clients who had the RMS installed, but not shown in the SEC console is solved. These clients were Laptops and they were connected with LAN and WLAN at the same time. Deactivating WLAN and deleting those clients from SEC console solved my problem.

    The only problem with a client who can't install the RMS Software is not solved. I think I will install the client from scratch.

     

    Klaussophos

Unfiltered HTML