All mac's disconnected

Question

Hi,

I've got an issue with all 255 of our mac's not showing connected in SEC. They were last seen by the SEC a few days ago.

The clients are getting updates from our local update server (on the same server as the SEC), the SEC is downloading updates from Sophos on a regular basis without any problems. It seems to me theres a problem with the message router.

I've got connectivity to the serer via ip & dns. I've been table to telnet to ports 8192 and 8194 on the server.

On writing this message I realised that the day the SEC stopped getting messages from the mac's was the same day I installed the sophos av client on the same server as the SEC. I've just removed it and restarted all the sophos services on the server. Rebooted my client on my mac but the messages are still not getting to the SEC.

Restarted the SEC server as well now and still nothing from the clients.

Router Log shows:

03.07.2015 13:10:55 7000 I Getting parent router IOR from fe80::dd75:8faf:8d45:50be:8192
03.07.2015 13:10:55 7000 E ACE_INET_Addr::ACE_INET_Addr: fe80::dd75:8faf:8d45:50be: Operation not supported
03.07.2015 13:10:55 7000 I Getting parent router IOR from <unknown>:8192
03.07.2015 13:10:55 7000 E ACE_INET_Addr::ACE_INET_Addr: <unknown>: Operation not supported
03.07.2015 13:10:55 7000 I Getting parent router IOR from WINSRV01:8192

Sophos Management Agent Log:

03.07.2015 12:29:31 41D4 I SOF: /Library/Logs/SophosManagementAgent/Agent-20150703-112931.log
03.07.2015 12:29:31 41D4 I Sophos Management Agent 3.0.14.1748 starting...
03.07.2015 12:29:32 1000 I AdapterManager::LoadAdapter, adapter ALC does not export GetAdapterVersion
03.07.2015 12:29:33 1000 I ALC state observer received a configuration
03.07.2015 12:29:33 7000 I ALC state observer notified that ALC is running
03.07.2015 12:29:33 7000 I ALC state observer received a status: <?xml version="1.0" encoding="UTF-8"?>
<status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" type="ALC"><csc:CompRes Res="Same" RevID="{2A1A4C3D-629C-47B4-9331-DA02BD3F2F49}"/></status>

03.07.2015 12:29:33 1000 I ALC adapter loaded
03.07.2015 12:29:33 1000 I AdapterManager::LoadAdapter, adapter SAV does not export GetAdapterVersion
03.07.2015 12:29:33 F000 I SAV state observer notified that SAV is not running
03.07.2015 12:29:33 F000 I SAV state observer received an empty status when not running
03.07.2015 12:29:33 1000 I SAV state observer received a configuration
03.07.2015 12:29:33 1000 I SAV adapter loaded
03.07.2015 12:29:34 3000 E Failed to read in the router's IOR from the supplied address and port.
03.07.2015 12:29:34 3000 E NoRouterIORException: Caught MessagingSystemClientLib::NoRouterIORException (failed to get router's IOR from supplied address and port) ClientConnection::Reconnect()

03.07.2015 12:29:40 3000 I Got EM-ClientLogoff message from Router$CAP-MBP-09 (2):9014
03.07.2015 12:29:40 5000 I Connected to router...
03.07.2015 12:29:40 3000 I Got EM-ClientLogon message from Router$CAP-MBP-09 (2):9014
03.07.2015 12:29:40 3000 I Got EM-NotifyClientUpdates-Reply message from Router$CAP-MBP-09 (2):9014
03.07.2015 12:29:40 3000 I Got EM-GetClientStatus-Reply message from Router$CAP-MBP-09 (2):9014
03.07.2015 12:30:00 5000 I SendStatus: computer name is CAP-MBP-2
03.07.2015 12:30:00 5000 I This computer is part of the workgroup WORKGROUP
03.07.2015 12:30:00 5000 I SendStatus: workgroup/domain name is WORKGROUP
03.07.2015 12:30:00 5000 I SendStatus: computer description is CAP-MBP-09
03.07.2015 12:30:00 5000 I SendStatus: Sent EM-GetStatus-Reply (id=01967238) to EM
03.07.2015 12:30:13 F000 I SAV state observer received a configuration
03.07.2015 12:30:13 F000 I SAV state observer notified that SAV is running
03.07.2015 12:30:13 F000 I SAV state observer received a status: <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml was here>
03.07.2015 12:30:33 5000 I SendStatus: Sent EM-GetStatus-Reply (id=01967259) to EM

Network Report:

<?xml version='1.0' encoding='UTF-8' ?> <?xml-stylesheet type='text/xsl' href='transform.xslt' ?>

<RMS_status_report> <string msg='explanation' /> <sections> <section name='DNS'> <string msg='OK' />

</section>

</sections> <computer_data> <language> C </language>

<local_time> Fri Jul 3 13:18:39 2015 </local_time> <GMT> Fri Jul 3 12:18:39 2015 </GMT>

<computer_name> CAP-MBP-2 </computer_name>

<workgroup> WORKGROUP </workgroup>

<router_name> Router$CAP-MBP-09 (2):9014 </router_name>

<IOR_port>8192</IOR_port>

<SSLIOP_port>8194</SSLIOP_port>

<parent_addresses> 10.0.0.14,fe80::dd75:8faf:8d45:50be,<unknown>,WINSRV01 </parent_addresses>

<actual_parent> <string msg='not_available' /> </actual_parent>

<router_type> endpoint </router_type> </computer_data> </RMS_status_report>

This thread was automatically locked due to age.

C Fri Jul 3 13:18:39 2015 Fri Jul 3 12:18:39 2015 CAP-MBP-2 WORKGROUP Router$CAP-MBP-09 (2):9014 8192 8194 10.0.0.14,fe80::dd75:8faf:8d45:50be,,WINSRV01 endpoint :57841

QC · Accepted Answer

Hello mattous, telnet to [WINSRV01's] ports 8192 and 8194 what is the response you receive? For 8194 the connection is made but otherwise "nothing" happens. For 8192 you should get an  IOR (here's a parser ) - but it looks like the endpoint doesn't see a valid response. The Router log and Network Report from the server could perhaps give some insight. Which SAV version did you install (what's your SEC version, BTW) and which components did you remove? Christian :57842