This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console.

SEC 5.5.0
SUM 1.7.0.316

Hi,

had a problem with SEC updating since 17th September. Followed KB 111428 as we were getting the Timeout error described. I Checked and added all the https urls to our firewall.

Now Enterprise Console opens, but shows "Downloading Binaries" all the time. There are no errors shown in the Update Manager details. Originally Logviewer reported these messages:

17/10/2018 10:33:52            Warning         There was an error during HTTPS (secure) synchronization. The problem was related to the usage of HTTPS.
17/10/2018 10:33:52            Error               Failed to obtain product release list from update source.
17/10/2018 10:33:52            Warning         The connection is falling back to HTTP.

Yesterday I got the following errors, but not today:

22/10/2018 04:12:57 Error Decoding of product release Windows Endpoint Security and Control version RECOMMENDED was not done because the synchronization failed.
22/10/2018 04:12:57 Error Version information for product 'Windows Endpoint Security and Control' was not gathered by dispatcher 'DispatcherPrograms-2018-10-22T03-12-37-35', as the last synchronization of that product failed.
22/10/2018 04:12:57 Error Synchronize operation failed. Details: Failed to download valid remote customer file content.
22/10/2018 04:12:57 Error Failed to update the log viewer dictionary: 'Could not authenticate Sophos warehouse user. URL was: dci.sophosupd.net/.../'.
22/10/2018 04:12:57 Error Failed to check update source status: 'Could not authenticate Sophos warehouse user. URL was: https://dci.sophosupd.net/update/'.

Today I see these Messages:

23/10/2018 10:23:03 Information The synchronization of product release 'Sophos Update Manager' was successful, and no new data files were downloaded. Version synchronized: 76.15
23/10/2018 10:22:57 Information The log viewer dictionary was updated successfully.
23/10/2018 10:22:57 Information Update source status was checked successfully.
23/10/2018 08:35:08 Information The maintenance operation was successful.
23/10/2018 08:35:08 Information Sophos Update Manager has started up.
23/10/2018 08:35:06 Success ##### Could not format string #####
23/10/2018 08:35:06 Success ##### Could not format string #####

All previously connected computers have now disappeared from the list and it shows 0 connected, but still lists them under Managed.

I think updates are going ahead as there are newly dated files in the SAVXP folders so maybe SUM is working. In Warehouse, fileliststore.dat has today's date and a time.

I have raised a Sophos Support and sent in my SDU files, but I am still waiting a response. I am now looking at migrating to a new Server 2016 (Hyper-V) created just for SEC, but our current server (2008R2) is a DC. The migration documentation say it shouldn't be a DC, but doesn't say what to do if it is. I followed the document through the backup process and created the database backup and associated files just fine...  but I was looking for some advice before I took the next step.

What could be wrong with SEC, should I try and reinstall over the top  (5.5.0) to repair it and connect to the existing computers?

Should I just go ahead with the migration even though the old serve is a DC?

Many thanks for any advice.



This thread was automatically locked due to age.
Parents
  • Hello tstan,

    so it's actually two distinct questions.

    shows "Downloading Binaries" [...] All previously connected computers have now disappeared
    are the Sophos Message Router and Sophos Agent services running? The symptoms suggest a communication issue

    [migration] it shouldn't be a DC
    this is only mentioned under Assumptions. Off the top of my head I can't say why the source ("old") shouldn't be a DC. Guess it's only because of some details like in chapter 6.1: If you are using a workgroup/local account on the new server, you must create a new Windows user account with the same account name and password on the new server as on the old server.
    Is the database local or remote?

    Christian

  • Hi, thanks for the fast reply.

    Yes the services are running.  I did restart them and also the server to see if that helped.

    Yes, the database is local to the SEC server.

     

    Trev

  • Hell Trev,

    services are running
    please restart them and check the logs (under %ProgramData%\Sophos\Remote Management System\3\) created after startup. Primarily the Router log.

    database is local
    haven't done it but I think there shouldn't be insurmountable obstacles.

    Christian

  •  

    Lots of lines like these:

    23.10.2018 14:48:32 1E14 I Routing to EM: id=01CF26B0, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:48:32 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:32 1194 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:33 24A0 I RouterTableEntry state (router, logging on): Router$PC140:351102 is active consumer (will try to notify), active supplier
    23.10.2018 14:48:33 24A0 I Logged on Router$PC140:351102 as a router
    23.10.2018 14:48:33 1E14 I Routing to EM: id=01CF26B1, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:48:36 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:37 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:37 1194 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:42 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:43 1194 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:43 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:43 1B04 I Logged off Router$PC1020198:396083
    23.10.2018 14:48:43 1E14 I Routing to EM: id=01CF26BB, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogoff
    23.10.2018 14:48:46 1B04 I RouterTableEntry state (router, logging on): Router$Server3:351336 is active consumer (will try to notify), active supplier
    23.10.2018 14:48:46 1B04 I Writing router table file
    23.10.2018 14:48:46 1B04 I Logged on Router$Server3:351336 as a router
    23.10.2018 14:48:46 1E14 I Routing to EM: id=01CF26BE, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:48:47 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:48 1194 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:48 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:51 1194 I RouterTableEntry state (router, logging on): Router$PC1030231:396088 is active consumer (will try to notify), active supplier
    23.10.2018 14:48:51 1194 I Logged on Router$PC1030231:396088 as a router
    23.10.2018 14:48:51 1E14 I Routing to EM: id=01CF26C3, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:48:52 24A0 I RouterTableEntry state (router, logging on): Router$PC229:387055 is active consumer (will try to notify), active supplier
    23.10.2018 14:48:52 24A0 I Logged on Router$PC229:387055 as a router
    23.10.2018 14:48:52 1E14 I Routing to EM: id=01CF26C4, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:48:53 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:53 1194 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:53 33FC E Attempt to get client interface from non-local caller
    23.10.2018 14:48:58 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:58 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:48:59 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:00 33FC I RouterTableEntry state (router, logging on): Router$PC100:351107 is active consumer (will try to notify), active supplier
    23.10.2018 14:49:00 33FC I Logged on Router$PC100:351107 as a router
    23.10.2018 14:49:00 1E14 I Routing to EM: id=01CF26CC, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:49:04 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:04 33FC E Attempt to get client interface from non-local caller
    23.10.2018 14:49:04 33FC E Attempt to get client interface from non-local caller
    23.10.2018 14:49:06 24A0 I RouterTableEntry state (router, logging on): Router$server2:360052 is active consumer (will try to notify), active supplier
    23.10.2018 14:49:06 24A0 I Logged on Router$server2:360052 as a router
    23.10.2018 14:49:06 1E14 I Routing to EM: id=01CF26D2, origin=Router$Sophosserver, dest=Router$Sophosserver.EM, type=EM-RouterLogon
    23.10.2018 14:49:09 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:09 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:10 1B04 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:14 33FC E Attempt to get client interface from non-local caller
    23.10.2018 14:49:14 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:15 33FC E Attempt to get client interface from non-local caller
    23.10.2018 14:49:19 2720 W Delivery failed(Timeout) for message type EM-RouterLogon, originator Router$Sophosserver
    23.10.2018 14:49:20 24A0 E Attempt to get client interface from non-local caller
    23.10.2018 14:49:20 1194 E Attempt to get client interface from non-local caller

  • Hi, 

    Sophos Support have just sent me this.

    "I have been looking at the logs, from the errors seen in the Agent and router logs it looks as if this machine is configured with multiple network cards. Can you please work through the kba below to fix the IP address to be used, this will need to be configure even if the other cards are not in use."

    Article ID: 46313
    Title: Sophos Endpoint Security and Control: Windows computer with multiple IP addresses or multiple network cards generates error logs
    URL: https://sophos.com/kb/46313

    I went through this and the update error disappeared and the computers appeared in the connected list. I am just going through and making them update..

    Not sure why this would error, as this server has always had 2 NIC's.. 

     

    Trev

Reply
  • Hi, 

    Sophos Support have just sent me this.

    "I have been looking at the logs, from the errors seen in the Agent and router logs it looks as if this machine is configured with multiple network cards. Can you please work through the kba below to fix the IP address to be used, this will need to be configure even if the other cards are not in use."

    Article ID: 46313
    Title: Sophos Endpoint Security and Control: Windows computer with multiple IP addresses or multiple network cards generates error logs
    URL: https://sophos.com/kb/46313

    I went through this and the update error disappeared and the computers appeared in the connected list. I am just going through and making them update..

    Not sure why this would error, as this server has always had 2 NIC's.. 

     

    Trev

Children
  • Hello Trev,

    thanks for the update. Virtual or real server? Networking can be perfidious.

    Just in case you have communication issues in the future - in most cases not the tail of the Agent and Router logs is of interest but what's logged after startup  And in case of Router it's seldom the first nn lines but one or two minutes, maybe more (unless you know what to look for).

    Christian