This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM fail to connect on 8194

I have a SUM server connected several thousands of clients, in command netstat -an , I can see lots of clients have established the connection to this server on port 8194

C:\Users\winsvruser>netstat -an | findstr :8194
  TCP    0.0.0.0:8194           0.0.0.0:0              LISTENING
  TCP    10.116.218.56:8194     10.12.24.32:52781      FIN_WAIT_1
  TCP    10.116.218.56:8194     10.12.46.33:65403      ESTABLISHED
  TCP    10.116.218.56:8194     10.13.19.149:53312     ESTABLISHED
  TCP    10.116.218.56:8194     10.14.110.31:52731     ESTABLISHED
  TCP    10.116.218.56:8194     10.16.205.2:55731      FIN_WAIT_1
  TCP    10.116.218.56:8194     10.26.82.159:61126     ESTABLISHED
  TCP    10.116.218.56:8194     10.27.51.31:54096      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.82.15:57170      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.82.31:50926      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.97.31:58211      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.203.51:53286     ESTABLISHED
  TCP    10.116.218.56:8194     10.30.67.47:59904      ESTABLISHED
  TCP    10.116.218.56:8194     10.30.78.31:51429      ESTABLISHED
  TCP    10.116.218.56:8194     10.30.113.21:53755     ESTABLISHED
  TCP    10.116.218.56:8194     10.30.162.72:61626     ESTABLISHED
  TCP    10.116.218.56:8194     10.30.162.113:49742    ESTABLISHED
  TCP    10.116.218.56:8194     10.32.36.25:59584      ESTABLISHED
  TCP    10.116.218.56:8194     10.35.44.31:57023      ESTABLISHED
  TCP    10.116.218.56:8194     10.35.222.66:59997     ESTABLISHED
  TCP    10.116.218.56:8194     10.37.116.246:52857    ESTABLISHED

but if I try to test the port on local , the port cannot be connected:

C:\Users\winsvruser>telnet 127.0.0.1 8194
Connecting To 127.0.0.1...Could not open connection to the host, on port 8194: C
onnect failed

I want to know why this happen? This problem still exist even I reinstall the sum client or OS . 

Thanks.



This thread was automatically locked due to age.
Parents
  • Hello BenkitShi

    Have you solve this issue ? it also happens to me after i change our existing router (act as GW of SEC).

  • Hello oki.herdian,

    the original poster described that the server apparently could not connect to itself. The post doesn't mention the preceding issue that lead to this test in the first place.
    Is it indeed that the server can't connect to itself but the endpoints can or are the endpoints unable to connect to the server? What is the issue that caused you to investigate?

    Christian

Reply
  • Hello oki.herdian,

    the original poster described that the server apparently could not connect to itself. The post doesn't mention the preceding issue that lead to this test in the first place.
    Is it indeed that the server can't connect to itself but the endpoints can or are the endpoints unable to connect to the server? What is the issue that caused you to investigate?

    Christian

Children
  • I have seen an issue with the Direct Access role in single NIC mode where the local Sophos Agent process can't connect to the local router process on 8194 using the IP address in the IOR which has to be the name/IP as the server.  

    Note: The IOR can't contain the loopback or anything that resolves to the loopback address.

    Direct Access uses the port range: 6000-47000

    Just using, with PythonV2:

    python -m SimpleHTTPServer 5999

    vs

    python -m SimpleHTTPServer 6000

    You can see the issue (in that you can't connect to 6000 but 5999 will) but you can remove a few ports from this range for RMS using the Powershell command:

    Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("10.0.0.1, 6001-8097", "10.0.0.1, 8099-47000")

    Changing the IP as required.

    Regards,

    Jak

  • Hello QC,

    in my case, every connection (both same segment and different segement) using 8194 port to SEC server (message relay in the same server) is failed after i migrate the existing gateway to the new one. i wonder if there's any validation process using gateway value or something so that the 8194 connection is failed.

    Need advice. 

  • Hello Jak,

    In my case, endpoint agents in both segment (same segment and different segment) is failed to connect using 8194 only, is your advice applicable to our case ? because it's been almost 15000 agents here, and i just worry if there's any config changes, it will affect other services.

    Thanks 
    Oki

  • Hello Oki,

    just to get the terminology clear. A message relay is a computer/server other than your management server (aka SEC), you're not referring to a message relay, are you? And gateway in the meaning of a device connecting networks or something with more functionality (as routers usually aren't migrated)?

    RMS just listens on ports 8192 and 8194 (usually IPv4 any - e.g.  0.0.0.0:8194), it doesn't verify the network "behind" the adapter. If you see it only LISTENING but no connections on x.x.x.x:8194 then something else is probably blocking the connections.

    Christian   

  • Hi QC,

    A message relay is a computer/server other than your management server (aka SEC), you're not referring to a message relay, are you?
    - there's no dedicated server for message relay. 


    And gateway in the meaning of a device connecting networks or something with more functionality (as routers usually aren't migrated)?
    - Yes actually we deploy a new firewall to replace the old one (but there's no network conf. changed).

    when the first time, i thought it's because of certain rule in the new firewall blocked 8194, or inspect the connection so that it cannot be established, but i try to test "telnet localhost 8194" it's unable as well.

  • Hello Oki,

    what exactly is unable - which error do you get? netstat -ab (from an elevated cmd prompt) shows RouterNT.exe listening?

    Christian