Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 19581 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replacing SUM server in SEC

Ian Withers

 Hi. Would appreciate any advice on the following.

We have a setup with a SEC server and approx 6 remote SUM servers. As one of these SUM servers was a 2008 server and we are migrating to 2012 we decided to replace it. This was done by creating a new 2012 server and giving it a temp name and IP. We then renamed and re-IP's the old 2008 server and gave the original name and IP to the new 2012 server. This seems to have worked OK and the clients seem to be taking their updates OK from the new 2012 server. However i think I still have an issue with the messaging service. I have noticed a large build up of messages in the envelopes folder on the SEC. Messages still seem to be moving through the folder (possible form the existing SUM servers) but there is still an increase in size. I think a lot of these could be messages for either the old 2008 physical box or the new 20112 server temporary name neither of which exists anymore (if this makes sense!). I have tried rebooting both the SEC and the SUM with no effect. I have also tried stopping and staring the Update manager service on the SEC as well as the Message Router service with no effect. Finally I have tried renaming the Envelopes folder but the size builds up again. I was going to delete the servers from the SEC and add in the correct one again but having read other posts on this forum have held off from doing this. I am confident this is not an actual updating issue and more of a messaging issue. Grateful if you could confirm I am right in my assumptions and also of a course of action.



This thread was automatically locked due to age.
  • 0 in reply to Ian Withers

    Hello Ian,

    as to the SSL errors - these might be endpoints with outdated installations, unless you keep an eye on every endpoint there are always some with installation or updating issues. Can't remember if a verbose router log would reveal the offending IP.

    Comparison failure
    is IIRC the result of some internal communication issue on the endpoint. You can turn on verbose logging for the Sophos Agent service on your laptop, dunno if it will give any insight though. After setting the registry key and restarting the Agent service request Comply with for the policy (often AV) with the failure, then check the Agent log. As you see, communication with the management server is working.

    Christian

  • 0 in reply to Ian Withers

    Hi Christian,

     

    Quick update to this.

    Firstly I have removed the error against my endpoint simply by initiating check for updates from my laptop. Therefore it seems there is at least communication upward it seems.

    Just for completeness I have extracted and sanitised the corresponding logs on our new SUM Server to the communication as provided in my previous post. There seems to be so sign of the previous errors.

     

    18.09.2017 14:29:26 12A8 I Routing to Router$MY_ENDPOINT:608190: id=01BFCA36, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:26 0660 I Supplying message (id=01BFCA36) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:26 12A8 I Routing to Router$MY_ENDPOINT:608190: id=03BFCA36, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:26 0660 I Supplying message (id=03BFCA36) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:26 12A8 I Routing to Router$MY_ENDPOINT:608190: id=05BFCA36, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:26 043C I Supplying message (id=05BFCA36) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:27 12A8 I Routing to parent: id=01BFCA37, origin=Router$OTHER_ENDPOINT_01:711468.Agent, dest=EM, type=EM-GetStatus-Reply

    18.09.2017 14:29:27 12A4 I Sent message (id=01BFCA37) to Router$SECSERVER

    18.09.2017 14:29:27 12A8 I Routing to parent: id=01BFCA37, origin=Router$OTHER_ENDPOINT_02:607677.Agent, dest=EM, type=EM-GetStatus-Reply

    18.09.2017 14:29:27 06C0 I Sent message (id=01BFCA37) to Router$SECSERVER

    18.09.2017 14:29:28 12A8 I Routing to Router$MY_ENDPOINT:608190: id=01BFCA37, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:28 12A8 I Routing to Router$MY_ENDPOINT:608190: id=01BFCA38, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:28 12A8 I Routing to parent: id=01BFCA38, origin=Router$$OTHER_SUMSERVER_01:675266.Router$$OTHER_ENDPOINT_03:609488.Agent, dest=EM, type=EM-GetStatus-Reply

    18.09.2017 14:29:28 0F5C I Sent message (id=01BFCA38) to Router$SECSERVER

    18.09.2017 14:29:28 12A8 I Routing to parent: id=01BFCA38, origin=Router$$OTHER_SUMSERVER_02:604092.Router$$OTHER_ENDPOINT_04:608532.Agent, dest=EM, type=EM-GetStatus-Reply

    18.09.2017 14:29:28 0984 I Sent message (id=01BFCA38) to Router$SECSERVER

    18.09.2017 14:29:28 12A8 I Routing to Router$MY_ENDPOINT:608190: id=03BFCA38, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:28 12A8 I Routing to Router$MY_ENDPOINT:608190: id=05BFCA38, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:28 12A8 I Routing to Router$MY_ENDPOINT:608190: id=07BFCA38, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:28 12A8 I Routing to Router$MY_ENDPOINT:608190: id=09BFCA38, origin=Router$SECSERVER.EM, dest=Router$NEWSUMSERVER:611235.Router$MY_ENDPOINT:608190.Agent, type=EM-SetConfiguration

    18.09.2017 14:29:28 099C I Supplying message (id=01BFCA37) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:28 12A8 I Routing to parent: id=01BFCA39, origin=Router$$OTHER_SUMSERVER_01:675266, dest=EM, type=EM-RouterLogoff

    18.09.2017 14:29:29 12A8 I Routing to parent: id=01BFCA39, origin=Router$CAH-ST011779:609679.Agent, dest=EM, type=EM-GetStatus-Reply

    18.09.2017 14:29:29 12A8 I Routing to parent: id=01BFCA38, origin=Router$$OTHER_SUMSERVER_02:604092.Router$$OTHER_ENDPOINT_05:606434.Agent, dest=EM, type=EM-GetStatus-Reply

    18.09.2017 14:29:29 0930 I Sent message (id=01BFCA39) to Router$SECSERVER

    18.09.2017 14:29:29 0660 I Supplying message (id=01BFCA38) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:29 0930 I Sent message (id=01BFCA39) to Router$SECSERVER

    18.09.2017 14:29:29 0AAC I Supplying message (id=03BFCA38) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:29 0930 I Sent message (id=01BFCA38) to Router$SECSERVER

    18.09.2017 14:29:29 0AAC I Supplying message (id=05BFCA38) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:29 0660 I Supplying message (id=07BFCA38) to Router$MY_ENDPOINT:608190

    18.09.2017 14:29:29 0660 I Supplying message (id=09BFCA38) to Router$MY_ENDPOINT:608190

     

    Once again your help is appreciated.

Unfiltered HTML