Delay in Console Showing Client Status

Hello JP,

the management server generally relies on the endpoints sending status and events. While some time passes until AutoUpdate has installed all components once the install is complete it shouldn't take that long to see the result. How do you assess that the installation has completed? I rarely use Protect for deployment but I haven't observed any significant changes. It takes these 20-30 minutes from the moment the client status changes to managed until the Restart warning, or?

Christian

Hi Christian,

Thank you for your prompt reply.

I observed the time taken for deployment to the client by being connected to the client (via RDP) and visually checking the installation status. Once Endpoint Security had been successfully deployed I switched back to the Enterprise Console Server to observer how long it took for the client to reappear as managed and connected (albeit with a restart warning). This is where I came up with the 20-30 minute timeframe.

I appreciate that our method of deployment (using Protect) may not be the optimum method of installing SAV on to client PCs. Our network isn't overly large (approx 600 clients), all with static IP addresses. When a new client PC is rolled out, we discover by IP range and subsequently protect the PC.

I should add that our Enterprise Console is running on a virtual server. It has two NICs, one for the production network and the second for backup. The backup NIC is on a non-routable subnet (NOT in DNS) and is used by DPM (our backup solution). I redeployed SAV to a test PC whilst running Network Monitor and observed the test PC trying to connect to the backup NIC over port 8194 (I imagine this is RMS reporting the client status back to the console server). It would appear that during deployment of SAV to the client, the backup IP address of the console server is being supplied to the client. The client subsequently tries to establish contact with the console server (on port 8194) on the backup IP address. I'm wondering if this could contribute to the delay in clients appearing in the console.

I will disable the backup interface on the console server, remove SAV from the test PC and re-install from the console to see if the client reports it status back quicker.

Apologies for the long-winded reply.

JP

Hi Christian,

Just to follow up on my previous post.

I disabled the backup NIC on the Console Server, and re-protected our test PC (after manually removing SAV). Good news is, the client appeared back in the Console Server as managed and connected winthin 5 minutes!!!

A colleague of mine has found an article on the Sophos site which may explain what was happening here:

http://www.sophos.com/en-us/support/knowledgebase/111862.aspx

I think we can safely say that the culprit has at last been found. We will give the recommendations contained in the above article a go to see if that finally rectifies our issue.

Many thanks again for your input,

JP

Hi All,

Just to confirm that our issue was because of the server hosting Enterprise Server having two NICs. By following the recommendations in the article below, we were able to rectify our problem. Hope this helps.

http://www.sophos.com/en-us/support/knowledgebase/111862.aspx

JP