Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 3751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SUM - Off prem devices setup

freebird317

I have installed Sophos and deployed to most of my PCs internally.  I am how ever having some problems getting a SUM setup for off prem devices, it is not working.  I am seeing some errors I am not understanding.  It looks like the device is communicating to my remote SUM )(in DMZ with NAT pub IP\Ports to SUM) server but something is causing a failure.  When the device is inside my network it updates from my SUM.

From agent ALUpdate log

Trace(2016-Sep-30 11:45:47): CIDUpdate(Info): \\1.1.1.1\SophosUpdate, DOMAIN\svcSophosUpdateMgr, 53
Trace(2016-Sep-30 11:45:47): Custom certificate already present.
Trace(2016-Sep-30 11:45:47): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\escdp.dat
Trace(2016-Sep-30 11:45:47): Remote connection over UNC.
Trace(2016-Sep-30 11:46:26): File master.upd not found (Remote). Return code 0x80040f04
Trace(2016-Sep-30 11:46:26): Unable to read file master.upd (Remote)
Trace(2016-Sep-30 11:46:26): Unable to synchronise file root.upd.
Trace(2016-Sep-30 11:46:26): Unable to synchronise file escdp.dat.
Trace(2016-Sep-30 11:46:26): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\ProductID.dat
Trace(2016-Sep-30 11:46:26): Unable to synchronise file ProductID.dat.
Trace(2016-Sep-30 11:46:26): File root.upd recovered.
Trace(2016-Sep-30 11:46:26): File escdp.dat recovered.
Trace(2016-Sep-30 11:46:26): File ProductID.dat recovered.
Trace(2016-Sep-30 11:46:26): Error -2147217660 in ReadCustomerIDFile
Trace(2016-Sep-30 11:46:26): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2016-Sep-30 11:46:26): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
Trace(2016-Sep-30 11:46:26): CIDUpdate(SyncProduct.Start): RMSNT, \\1.1.1.1\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2016-Sep-30 11:46:26): CIDUpdateLocation::Sync - Updating from local CID: \\1.1.1.1\SophosUpdate\CIDs\S000\SAVSCFXP\rms
Trace(2016-Sep-30 11:46:26): CIDSync(CidSyncMessage):
Trace(2016-Sep-30 11:46:26): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2016-Sep-30 11:46:26): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\rms.map
Trace(2016-Sep-30 11:46:26): CIDSync(CidSyncMessage): \\1.1.1.1\SophosUpdate\CIDs\S000\SAVSCFXP\rms,
Trace(2016-Sep-30 11:46:26): CIDUpdateLocation::SyncProduct: Failed to update product (RMSNT) from "\\1.1.1.1\SophosUpdate\CIDs\S000\SAVSCFXP\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)

From agent Router Log

30.09.2016 11:42:43 1F44 I Getting parent router IOR from 1.1.1.1:8192
30.09.2016 11:42:43 1F44 I Received parent router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000a00000031302e302e322e33300001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001008301004f4154010000001800000001008301010001000100000001000105090101000000000014000000080000000100a60086000220
30.09.2016 11:42:43 1F44 I Successfully validated parent router's IOR
30.09.2016 11:42:43 1F44 I Accessing parent
30.09.2016 11:44:50 1F44 I Parent is Router$AVP02:36687
30.09.2016 11:44:50 1F44 I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
30.09.2016 11:44:50 1F44 I RouterTableEntry state (router, logging on): Router$AVP02:36687 is passive consumer, passive supplier
30.09.2016 11:44:50 1F44 I Logged on to parent router as Router$044-DSC-LT-005:36688
30.09.2016 11:44:50 1F44 I This computer is part of the domain DOMAIN
30.09.2016 11:44:50 12A8 I Sent message (id=01EEA7C2) to Router$AVP02:36687
30.09.2016 11:44:50 12A8 I Sent message (id=01EEA94C) to Router$AVP02:36687
30.09.2016 11:45:08 0EF8 I Host IP Addresses have changed
30.09.2016 11:45:08 0DC0 I Shutting down...
30.09.2016 11:45:08 0DC0 I Writing router table file
30.09.2016 11:45:08 0DC0 I Creating ORB runner with 4 threads
30.09.2016 11:45:08 0DC0 I Compliant certificate hashing algorithm.
30.09.2016 11:45:08 0DC0 I This computer is part of the domain DOMAIN
30.09.2016 11:45:08 0DC0 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a40000000101027c0d0000003139322e3136382e34352e37003f01204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f75746572132a420300000000000000080000000101a600004f415401000000180000000101a600010001000100000001000105090101000000000014000000080000000101a60086000220
30.09.2016 11:45:08 0DC0 I Successfully validated this router's IOR
30.09.2016 11:45:08 0DC0 I Reading router table file
30.09.2016 11:45:08 0DC0 I Host name: 044-DSC-LT-005
30.09.2016 11:45:08 0DC0 I Local IP addresses: 192.168.45.7
30.09.2016 11:45:08 0DC0 I Resolved name: 044-DSC-LT-005.DOMAIN.com
30.09.2016 11:45:08 0DC0 I Resolved alias/es:
30.09.2016 11:45:08 0DC0 I Resolved IP addresses: 192.168.45.7
30.09.2016 11:45:08 0DC0 I Resolved reverse names/aliases: 044-DSC-LT-005.DOMAIN.com
30.09.2016 11:45:08 0DC0 I Waiting for messages...
30.09.2016 11:45:08 207C I Getting parent router IOR from 1.1.1.1:8192

My policy is setup like \\SUMNAME\sophosupdate for primary and for secondary \\1.1.1.1\sophosupdate

This error in the agent log might be the cause but i am not sure

:Exception: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'



This thread was automatically locked due to age.
Parents
  • 0

    Hello JasonLehman,

    first of all, communication (RMS, the CORBA stuff) and updating are different things. So one might work and the other not, both work, or both fail.


    Is 1.1.1.1 both SUM and Message Relay? Looks like it needs some additional setup 'cause in the IOR it advertises 10.0.2.30 as the communication address for RMS.

    Apparently there is (also) a problem with updating: CIDUpdate(Info): \\1.1.1.1\SophosUpdate, DOMAIN\svcSophosUpdateMgr, 53. Meaning The network path was not found - usual NetBIOS troubleshooting procedures apply (an "exposed" NetBIOS/UNC share is a little bit unusual though).

    Christian

  • 0 in reply to QC

    I have changed how I am updating devices that are off prem.  I am using IIS (did not know you could) and now all seems to be updating.  This is my first experience with Sophos and things are progressing great but I am unsure on my setup.  I have professional services with my SOW so I am reaching out to them...to many questions.  :)

     

    Thanks for your help

Reply
  • 0 in reply to QC

    I have changed how I am updating devices that are off prem.  I am using IIS (did not know you could) and now all seems to be updating.  This is my first experience with Sophos and things are progressing great but I am unsure on my setup.  I have professional services with my SOW so I am reaching out to them...to many questions.  :)

     

    Thanks for your help

Children
No Data
Unfiltered HTML