Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 4 subscribers
  • Views 5342 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console - Secondary Update Server

Cashfac IT

Hi All,

 

Currently having an issue where we have the Primary and Secondary Update servers listed on the SEC.

The primary, which is our on-prem server shows up on client machines but the secondary does not (this is linked to the account username and licencing key).

Is there a reason the secondary is not showing up?

 

All help appreciated.

 

Kind Regards

Stephen



This thread was automatically locked due to age.
Parents
  • 0

    Hi Stephen,

     

    Is this secondary SUM newly installed?

    Can you confirm that you applied the SUM to the applicable machines AutoUpdate policy?

    Please see the following article on configuring policies to use a secondary update location for failover purposes, the article does specify using Sophos, but you can use which ever update location you choose: https://community.sophos.com/kb/en-us/12354

     Let me know if this helps.

    Thanks,

    ZGV
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link
  • 0 in reply to ZGV

    SUM already existed 

     

    Client machines do not see it, but the installed client on the server sees the secondary location???

    All client machines have the message awaiting transfer policy

  • 0 in reply to Cashfac IT

    Hello Stephen,

    it's not clear what you mean by machines do not see it. As you mention Awaiting policy transfer - are you perhaps talking about the Update Details view in the Console and the Secondary location is blank? If so, and if the (most, the ones that are running) endpoints show as Connected (the green icon) select them, right-click Comply with  → Group updating policy.

    Christian

  • 0 in reply to QC

    Hi CHristian,

     

    All machines have a cross through them and have the Awaiting policy transfer  apart from the client software installed on the SEC server itself

     

    Kind Regards

    Stephen

  • 0 in reply to Cashfac IT

    Hello Stephen,

    you did reprotect them and they did connect after install, i.e. the down-arrow and the hourglass disappeared from the computer icon and there are no error messages?
    You can in addition check from the Computer Details view, column Last message time.

    Christian

  • 0 in reply to QC

    Hi Christian,

    I reprotected them, got the hourglass, then they went back to a cross next to the machine

     

     

    Above is what I am currently seeing

     

    Kind Regards

    Stephen

  • 0 in reply to Cashfac IT

    Hello Stephen,

    guess the error reported are install errors, could you check the Alert and Error Details view, the Update errors column is on the far right. Or double-click a computer to view its details.

    Could it be that a firewall (network or server-local, unlikely on the endpoints) is blocking the connection? Simple test is to try to telnet to port 8192 on the management server from an endpoint.

    Christian

Reply
  • 0 in reply to Cashfac IT

    Hello Stephen,

    guess the error reported are install errors, could you check the Alert and Error Details view, the Update errors column is on the far right. Or double-click a computer to view its details.

    Could it be that a firewall (network or server-local, unlikely on the endpoints) is blocking the connection? Simple test is to try to telnet to port 8192 on the management server from an endpoint.

    Christian

Children
  • 0 in reply to QC

    Hi Christian,

     

    I get the following on the install error section on most of the endpoints.

     

    Kind Regards

    Stephen

  • 0 in reply to Cashfac IT

    There's also nothing blocking ports as far as I can see

  • 0 in reply to Cashfac IT

    Hello Stephen,

    the could not be started can have several reasons, but it seems the install has run on those not yet managed. This usually means that the install task has been run the endpoint has not yet "called back".
    Can you confirm that a telnet connection from one of these endpoints to the server's 8192 succeeds?

    Christian

  • 0 in reply to QC

    Hi CHristian,

     

    I have tested this and it is not getting blocked

     

    Kind Regards

    Stephen

  • 0 in reply to Cashfac IT

    Hello Stephen,

    so you do get back a string that starts with IOR: followed by quite a number of hex digits?

    Christian

  • 0 in reply to QC

    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a4000000010102000e0000003139322e3136382e312e3134310001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100fc00004f415401000000180000000100fc00010001000100000001000105090101000000000014000000080000000100a60086000220

    Connection to host lost.

  • 0 in reply to Cashfac IT

    Hello Stephen,

    guess I don't disclose any secret information here. The IOR advertises 192.168.1.141 as the management server's IP, is this the correct address?
    If so, and if this endpoint does not appear connected please restart the Sophos Message Router service on the endpoint and then check the latest Router-202001....log in %ProgramData%\Sophos\Remote Management System\3\Router\Logs. It should help to determine why the endpoints don't talk to the server.

    Christian

  • 0 in reply to QC

    16.01.2020 08:34:53 481C I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20200116-083453.log
    16.01.2020 08:34:54 481C I Sophos Messaging Router 4.1.2.24 starting...
    16.01.2020 08:34:54 481C I Setting ACE_FD_SETSIZE to 138
    16.01.2020 08:34:54 481C I Initializing CORBA...
    16.01.2020 08:34:54 481C I Connection cache limit is 10
    16.01.2020 08:34:54 481C I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
    16.01.2020 08:34:54 481C I Creating ORB runner with 4 threads
    16.01.2020 08:34:54 481C W No public key certificate found in the store. Requesting a new certificate.
    16.01.2020 08:34:54 481C I Getting parent router IOR from 192.168.1.141:8192
    16.01.2020 08:34:54 481C I This computer is part of the domain CASHFACSOLUTION
    16.01.2020 08:34:54 481C I Getting a new router certificate...
    16.01.2020 08:34:54 481C W SSL connection alert, peer address 192.168.1.141
    16.01.2020 08:34:54 481C W Cannot verify peer's SSL certificate, unknown CA
    16.01.2020 08:34:54 481C E Router::ReportInvalidCertificate: Caught Empty IOR string from iiopAddressesInIOR
    16.01.2020 08:34:58 481C I This computer is part of the domain CASHFACSOLUTION
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336134278 - error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336462231 - error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336462231 - error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336462231 - error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
    16.01.2020 08:34:58 481C W SSL connection alert, peer address 192.168.1.141
    16.01.2020 08:34:58 481C W Cannot verify peer's SSL certificate, unknown CA
    16.01.2020 08:34:58 481C E Router::ReportInvalidCertificate: Caught Empty IOR string from iiopAddressesInIOR
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336134278 - error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336462231 - error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336462231 - error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
    16.01.2020 08:34:58 481C E ACE_SSL (24552|18460) error code: 336462231 - error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
    16.01.2020 08:34:58 481C E Router::GetCertificate: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'
    OMG minor code (2), described as '*unknown description*', completed = NO

    16.01.2020 08:34:58 481C W Failed to get certificate, retrying in 600 seconds

  • 0 in reply to Cashfac IT

    Hello Stephen,

    sorry for the delay, just migrating one of my management servers [:)].

    On this endpoint: Has Protect worked? A bunch of Install logs in \Windows\Temp\ would be an indicator.
    It looks like an issue with the certificates. Did you import the certificates from the old server? If you didn't, Protect (i.e. a reinstall on the endpoints) or using the Migration Utility is required. If you did (correctly) endpoints won't see a change. Now apparently the endpoint contacts the correct server (or did you reuse the old's IP for the new one?) - this suggests it is using the current mrinit.conf and in turn the certificates should be correct. Only if the certificates have been imported in the new server after initial install of the management component there could be a mismatch.

    I'd compare the relevant entries on the server and this endpoint, and also the server's registry entries to the values in the CID's mrinit.conf

    Christian 

  • 0 in reply to QC

    Hi Christian,

     

    Thanks for all your help on this, looks like we may be forced to go down the Sophos Central route as we are being told our Servers OS is not supported directly by Sophos.

     

    Again thanks for all your invaluable help.

     

    Kind Regards

    Stephen

Unfiltered HTML