Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 5870 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clients doesn´t report to Enterprise Consoie

PhilippZ

Hello,

I have noticed over the last couple of weeks that certain clients doesn´t report to the Enterprise Console wether they are up-to-date ot not. For example, i have two clients in the console which are not updated since September 8 and September 23, altough they are online every day. As far as I can see all sophos services are running.

However, when checking Sophos on these clients, it´s always up-to-date. I had 10 clients so far on which this problem occurs. I resolved the problem by reinstalling the client software with the enterprise console, but this helps only for a couple of days.

We have an internal IT audit in a couple of weeks, and this is something they´re looking at of course, I have to fix this until they arrive. Any ideas?

Thanks,

Philipp

:53849


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Q1, If you stop the Sophos Mesage Router Service on the client do the clients show as disconnected?  They should do in a couple of seconds.  Likewise, if you then start the service, does the computer show as connected?

    This will at least confirm Router to Router is working and the management service is also updating the database based on on the log-on/logoff.

    Q2, After establishing the Logon/off is working I would test status messages being sent from the client.

    When the Sophos Agent service starts up, it loads all the adapaters for the managed components, i.e. SAV, AutoUpdate, Patch, SCF, etc.. 20 seconds after starting, the Sophos Agent service, creates a status message in order to report on the status of the endpoint accross all components bieng managed. This status message has information such as SAV Version, IDE checksum, VirusData version, the values that enable the management service to determine if a computer is up to date.

    So restarting the Sophos Agent, should cause the last message time in SEC for the client to update 20 seconds after starting it plus any additional time for the message to get up to SEC and into the database, which should be a second or 2 in addition.

    A status message will also be sent if the config of the managed components changes.  For example, stopping on-access scanning on the client would cause a status message.  So does SEC reflect these messages?

    These 2 questions should rule out the individual clients and their ability to message the server in a timely manor being the problem.

    Logs of interest here in terms of tracing messages are:

    • The Router and Agent logs of the client.
    • The Router logs of the management server.
    • The MSGN logs of the management server.

    Regards,

    Jak

    :53851
Reply
  • 0

    Hello,

    Q1, If you stop the Sophos Mesage Router Service on the client do the clients show as disconnected?  They should do in a couple of seconds.  Likewise, if you then start the service, does the computer show as connected?

    This will at least confirm Router to Router is working and the management service is also updating the database based on on the log-on/logoff.

    Q2, After establishing the Logon/off is working I would test status messages being sent from the client.

    When the Sophos Agent service starts up, it loads all the adapaters for the managed components, i.e. SAV, AutoUpdate, Patch, SCF, etc.. 20 seconds after starting, the Sophos Agent service, creates a status message in order to report on the status of the endpoint accross all components bieng managed. This status message has information such as SAV Version, IDE checksum, VirusData version, the values that enable the management service to determine if a computer is up to date.

    So restarting the Sophos Agent, should cause the last message time in SEC for the client to update 20 seconds after starting it plus any additional time for the message to get up to SEC and into the database, which should be a second or 2 in addition.

    A status message will also be sent if the config of the managed components changes.  For example, stopping on-access scanning on the client would cause a status message.  So does SEC reflect these messages?

    These 2 questions should rule out the individual clients and their ability to message the server in a timely manor being the problem.

    Logs of interest here in terms of tracing messages are:

    • The Router and Agent logs of the client.
    • The Router logs of the management server.
    • The MSGN logs of the management server.

    Regards,

    Jak

    :53851
Children
No Data
Unfiltered HTML