SUM fail to connect on 8194

Hi,

That does seem odd as the RouterNT process is listening on all interfaces.  Can you connect locally with:

telnet 10.116.218.56 8194

is it just failing using loopback, i.e.:

telnet 127.0.0.1 8194

What about:

telnet hostname 8194

or

telnet fqdn 8194

It would also be interesting to know if connecting to a port that's not using SSL (8194 is the SSL port of the router) works using the above method.  E.g.:

telnet 127.0.0.1 8192

This should return the IOR of the Router. Does that work?

Regards,

Jak

Dear Jak,

Thanks for your reply, I have tried all the methods but it still fail. this server can be connected on port 8192 ,8193,80,443 except 8194. 

I try reinstall SUM application , even reinstall server 2008 R2, but still have this problem, look forward your next professional response , thank you.

--------------------------------------------------------------------------------------------------------------------

telnet port 8194:

C:\Users\winsvruser>telnet 10.116.218.56 8194
Connecting To 10.116.218.56...Could not open connection to the host, on port 819
4: Connect failed

C:\Users\winsvruser>telnet cnsz17vw0549 8194
Connecting To cnsz17vw0549...Could not open connection to the host, on port 8194
: Connect failed

C:\Users\winsvruser>telnet cnsz17vw0549.sf.com 8194
Connecting To cnsz17vw0549.sf.com...Could not open connection to the host, on po
rt 8194: Connect failed

C:\Users\winsvruser>telnet 0.0.0.0 8194
Connecting To 0.0.0.0...Could not open connection to the host, on port 8194: Con
nect failed

-----------------------------------------------------------------------------------------------------

telnet port 8192 :

IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f75
7465723a312e300000000100000000000000a4000000010102000e00000031302e3131362e323138
2e35360001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f75
74657250657273697374656e740003000000010000004d657373616765526f757465720000000300
000000000000080000000100ae00004f415401000000180000000100ae0001000100010000000100
0105090101000000000014000000080000000100a60086000220

Connection to host lost.

----------------------------------------------------------------------------------------------------

Hello BenkitShi

Have you solve this issue ? it also happens to me after i change our existing router (act as GW of SEC).

Hello oki.herdian,

the original poster described that the server apparently could not connect to itself. The post doesn't mention the preceding issue that lead to this test in the first place.
Is it indeed that the server can't connect to itself but the endpoints can or are the endpoints unable to connect to the server? What is the issue that caused you to investigate?

Christian

I have seen an issue with the Direct Access role in single NIC mode where the local Sophos Agent process can't connect to the local router process on 8194 using the IP address in the IOR which has to be the name/IP as the server.  

Note: The IOR can't contain the loopback or anything that resolves to the loopback address.

Direct Access uses the port range: 6000-47000

Just using, with PythonV2:

python -m SimpleHTTPServer 5999

vs

python -m SimpleHTTPServer 6000

You can see the issue (in that you can't connect to 6000 but 5999 will) but you can remove a few ports from this range for RMS using the Powershell command:

Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("10.0.0.1, 6001-8097", "10.0.0.1, 8099-47000")

Changing the IP as required.

Regards,

Jak

Hello QC,

in my case, every connection (both same segment and different segement) using 8194 port to SEC server (message relay in the same server) is failed after i migrate the existing gateway to the new one. i wonder if there's any validation process using gateway value or something so that the 8194 connection is failed.

Need advice. 

Hello Jak,

In my case, endpoint agents in both segment (same segment and different segment) is failed to connect using 8194 only, is your advice applicable to our case ? because it's been almost 15000 agents here, and i just worry if there's any config changes, it will affect other services.

Thanks 
Oki

Hello Oki,

just to get the terminology clear. A message relay is a computer/server other than your management server (aka SEC), you're not referring to a message relay, are you? And gateway in the meaning of a device connecting networks or something with more functionality (as routers usually aren't migrated)?

RMS just listens on ports 8192 and 8194 (usually IPv4 any - e.g.  0.0.0.0:8194), it doesn't verify the network "behind" the adapter. If you see it only LISTENING but no connections on x.x.x.x:8194 then something else is probably blocking the connections.

Christian   

Hi QC,

A message relay is a computer/server other than your management server (aka SEC), you're not referring to a message relay, are you?
- there's no dedicated server for message relay. 


And gateway in the meaning of a device connecting networks or something with more functionality (as routers usually aren't migrated)?
- Yes actually we deploy a new firewall to replace the old one (but there's no network conf. changed).

when the first time, i thought it's because of certain rule in the new firewall blocked 8194, or inspect the connection so that it cannot be established, but i try to test "telnet localhost 8194" it's unable as well.

Hello Oki,

what exactly is unable - which error do you get? netstat -ab (from an elevated cmd prompt) shows RouterNT.exe listening?

Christian