Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 63 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 119127 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Most Clients Shown As 'Disconnected' in SEC 5.5.0

isoffice

Hi folks,

We are running Sophos Enterprise Console (SEC) 5.5.0 on a Windows 2008 R2 Enterprise (64-bit) Server.

I have recently noticed that more than 50% of our client PCs to which Sophos Endpoint Security & Control has been deployed are shown as 'disconnected' in SEC. I have carried out a ping-sweep of the network and can confirm that most, if not all, of these PCs are actually powered on, connected to the network and working fine.

Only after I restart the Sophos Message Router Service on the client PCs do they then change their status to 'connected' in SEC. I have no wish to carry this task out on several hundred client PCs individually as you can imagine, so I'm hoping someone can possibly shed some light on what may be happening here and suggest a solution to this issue?

Many thanks,

John P



This thread was automatically locked due to age.
Parents
  • 0

    I'm sure there will be others offering advice, but from my experience, it's most likely that the Remote Management System (RMS) that cannot communicate on the required ports.  You can try with the telnet command from the server to the endpoint and vice versa on the required ports.

    You may like to watch the video below on setting up a GPO to allow the required ports (this means you don't have to go round to each computer).  Watch from the 9 minute mark...

    There is also the deployment guide which mentions the ports. http://www.sophos.com/deployment - click the 'Allowing computers to report' link on the right-hand rail.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to ruckus

    Hi guys,

    Thank you for your prompt and helpful replies.

    Christian, I have to admit that I may be a bit lax in checking my SEC installation. Unfortunately, my duties dictate that I cannot spend as much time as I'd like (or indeed, need) to monitor our SEC installation. Wearing too many hats at times methinks!!

    Fullscreen Before and After Service ReStart.txt Download 
    19.09.2017 08:28:19 0B28 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20170919-072819.log
19.09.2017 08:28:19 0B28 I Sophos Messaging Router 4.1.1.127 starting...
19.09.2017 08:28:19 0B28 I Setting ACE_FD_SETSIZE to 138
19.09.2017 08:28:19 0B28 I Initializing CORBA...
19.09.2017 08:28:19 0B28 I Connection cache limit is 10
19.09.2017 08:28:20 0B28 I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
19.09.2017 08:28:20 0B28 I Creating ORB runner with 4 threads
19.09.2017 08:28:20 0B28 I Compliant certificate hashing algorithm.
19.09.2017 08:28:20 0B28 I This computer is part of the domain SECRAT
19.09.2017 08:28:20 0B28 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000a0000003132372e302e302e310001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001000e01004f4154010000001800000001000e01010001000100000001000105090101000000000014000000080000000100a60086000220
19.09.2017 08:28:20 0B28 E Localhost address (e.g. 127/8) found in the IOR
19.09.2017 08:28:20 0B28 E This router's IOR is invalid
19.09.2017 08:28:20 0B28 I This computer is part of the domain ****
19.09.2017 08:28:20 0B28 I Reading router table file
19.09.2017 08:28:20 0B28 I Host name: DNIA16807
19.09.2017 08:28:20 0B28 I Local IP addresses: 10.63.14.118 
19.09.2017 08:28:20 0B28 I Resolved name: DNIA16807.****.****.****
19.09.2017 08:28:20 0B28 I Resolved alias/es: 
19.09.2017 08:28:20 0B28 I Resolved IP addresses: 127.0.0.1 
19.09.2017 08:28:20 0B28 I Resolved reverse names/aliases: DNIA16807.****.****.**** 
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01AE532F, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01AE8D1F, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01AFA2D6, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01AFDE91, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0B28 I Waiting for messages...
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B0F5D5, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B13019, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B245FF, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B28197, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B63A35, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B67608, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B78F73, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B7C79E, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B8DE7B, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01B91916, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BA3121, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BA6A99, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BB8324, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BBBBFE, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BF7130, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BF7254, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BF726D, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BF9C9C, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BFB08B, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:28:20 0CB8 I Routing to parent: id=01BFC6D0, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 08:28:20 0CCC W Delivery failed(Timeout) for message type EM-GetStatus-Reply, originator Router$DNIA16807:450391.Agent
19.09.2017 08:28:20 0CCC W Delivery failed(Timeout) for message type EM-GetStatus-Reply, originator Router$DNIA16807:450391.Agent
19.09.2017 08:28:20 0CCC W Delivery failed(Timeout) for message type EM-GetStatus-Reply, originator Router$DNIA16807:450391.Agent
19.09.2017 08:28:20 0B28 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 3, max number of user ports 15360
19.09.2017 08:28:20 0CCC W Delivery failed(Timeout) for message type EM-GetStatus-Reply, originator Router$DNIA16807:450391.Agent
19.09.2017 08:28:22 0C94 I Client::LogonPushPush() successfully called back to client
19.09.2017 08:28:22 0C94 I Logged on Agent as a client
19.09.2017 08:28:22 0CB8 I Routing to Agent: id=03C0C716, origin=Router$DNIA16807:450391, dest=Router$DNIA16807:450391.Agent, type=EM-ClientLogon
19.09.2017 08:28:22 0CAC I Sent message (id=03C0C716) to Agent
19.09.2017 08:28:22 0CB8 I Received message for this router
19.09.2017 08:28:22 0CB8 I EM-NotifyClientUpdates originator Router$DNIA16807:450391.Agent
19.09.2017 08:28:22 0CB8 I Routing to Agent: id=07C0C716, origin=Router$DNIA16807:450391, dest=Router$DNIA16807:450391.Agent, type=EM-NotifyClientUpdates-Reply
19.09.2017 08:28:22 0CB0 I Sent message (id=07C0C716) to Agent
19.09.2017 08:28:57 0CB8 I Routing to parent: id=01C0C739, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 08:33:48 0CB8 I Routing to parent: id=01C0C85C, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 08:34:10 0CCC W Delivery failed(Timeout) for message type EM-EntityEvent, originator Router$DNIA16807:450391.Agent
19.09.2017 08:34:14 0CB8 I Routing to parent: id=01C0C876, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 09:28:20 0B28 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360
19.09.2017 10:28:20 0B28 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360
19.09.2017 11:28:21 0B28 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360
19.09.2017 12:28:21 0B28 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360
19.09.2017 12:40:21 0CCC W Delivery failed(Timeout) for message type EM-EntityEvent, originator Router$DNIA16807:450391.Agent
19.09.2017 12:40:50 0CB8 I Routing to parent: id=01C10242, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:28:21 0B28 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360



19.09.2017 13:36:47 1AA4 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20170919-123647.log
19.09.2017 13:36:47 1AA4 I Sophos Messaging Router 4.1.1.127 starting...
19.09.2017 13:36:47 1AA4 I Setting ACE_FD_SETSIZE to 138
19.09.2017 13:36:47 1AA4 I Initializing CORBA...
19.09.2017 13:36:47 1AA4 I Connection cache limit is 10
19.09.2017 13:36:48 1AA4 I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
19.09.2017 13:36:48 1AA4 I Creating ORB runner with 4 threads
19.09.2017 13:36:48 1AA4 I Compliant certificate hashing algorithm.
19.09.2017 13:36:48 1AA4 I This computer is part of the domain ****
19.09.2017 13:36:48 1AA4 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a4000000010102000d00000031302e36332e31342e313138000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001001d01004f4154010000001800000001001d01010001000100000001000105090101000000000014000000080000000100a60086000220
19.09.2017 13:36:48 1AA4 I Successfully validated this router's IOR
19.09.2017 13:36:48 1AA4 I Reading router table file
19.09.2017 13:36:48 1AA4 I Host name: DNIA16807
19.09.2017 13:36:48 1AA4 I Local IP addresses: 10.63.14.118 
19.09.2017 13:36:48 1AA4 I Resolved name: DNIA16807.****.****.****
19.09.2017 13:36:48 1AA4 I Resolved alias/es: 
19.09.2017 13:36:48 1AA4 I Resolved IP addresses: 10.63.14.118 
19.09.2017 13:36:48 1AA4 I Resolved reverse names/aliases: DNIA16807.****.****.**** 
19.09.2017 13:36:48 1AA4 I Waiting for messages...
19.09.2017 13:36:48 1988 I Routing to parent: id=01AFA2D6, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1AA4 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 4, max number of user ports 15360
19.09.2017 13:36:48 1988 I Routing to parent: id=01AFDE91, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B0F5D5, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B13019, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B245FF, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B28197, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1B2C I Getting parent router IOR from 10.63.20.72:8192
19.09.2017 13:36:48 1988 I Routing to parent: id=01B63A35, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B67608, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B78F73, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B7C79E, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B8DE7B, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01B91916, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01BA3121, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01BA6A99, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01BB8324, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01BBBBFE, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01BF7254, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01BFB08B, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01C0C739, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 13:36:48 1988 I Routing to parent: id=01C0C85C, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1988 I Routing to parent: id=01C0C876, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-GetStatus-Reply
19.09.2017 13:36:48 1988 I Routing to parent: id=01C10242, origin=Router$DNIA16807:450391.Agent, dest=EM, type=EM-EntityEvent
19.09.2017 13:36:48 1B2C I Received parent router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a4000000010102000c00000031302e36332e32302e3732004fc000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100b700004f415401000000180000000100b700010001000100000001000105090101000000000014000000080000000100a60086000220
19.09.2017 13:36:48 1B2C I Successfully validated parent router's IOR
19.09.2017 13:36:48 1B2C I Accessing parent
19.09.2017 13:36:48 1B2C I SSL handshake done, local IP address = 10.63.14.118
19.09.2017 13:36:48 1B2C I Parent is Router$SV-AV-01
19.09.2017 13:36:48 1B2C I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
19.09.2017 13:36:48 1B0C I SSL handshake done, local IP address = 10.63.14.118
19.09.2017 13:36:48 1B2C I RouterTableEntry state (router, logging on): Router$SV-AV-01 is passive consumer, passive supplier
19.09.2017 13:36:48 1B2C I Logged on to parent router as Router$DNIA16807:450391
19.09.2017 13:36:48 1B2C I This computer is part of the domain SECRAT
19.09.2017 13:36:48 1C14 I Sent message (id=01AFA2D6) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01AFDE91) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B0F5D5) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B13019) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B245FF) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B28197) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B63A35) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B67608) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B78F73) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B7C79E) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B8DE7B) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01B91916) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01BA3121) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01BA6A99) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01BB8324) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01BBBBFE) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01BF7254) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01BFB08B) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01C0C739) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01C0C85C) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01C0C876) to Router$SV-AV-01
19.09.2017 13:36:48 1C14 I Sent message (id=01C10242) to Router$SV-AV-01

    Anyway, attached (I hope) is a copy of the client message router logs showing the situation before and after the Sophos Message Router service restart.

    Hope this helps.

    Ruckus, many thanks for your input. I will review the material you suggested and will keep you posted of any developments.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • 0 in reply to WorEen

    FYI:  I edited your reply and attached the full log as a file to make reading it easier.  Hope it helps.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to ruckus

    Hi Ruckus,

    Many thanks for this which is much appreciated.

    Ian.

  • 0 in reply to WorEen

    Hi Ian,

    Have you heard anything back from Sophos Support on this issue? I have submitted extracts to them from the Remote Management System Router Logs which bear some similarity to those you submitted, but I haven't had any response, even to acknowledge their receipt.

    Many thanks,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • 0 in reply to isoffice

    Hi all,

    I have been comparing Registry settings on a PC displayed as 'disconnected' in SEC against one shown as 'connected'.

    One difference I can see is in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router. On a PC shown as 'connected' the entry HostIPToParent is displayed as a REG_DWORD value of 0x0a3f0f37 (171904823) or similar (differs slightly on 'connected' PCs).

    However, on all 'disconnected' PCs, this entry is shown as a REG_DWORD value of 0x00000000 (0).

    I have no idea if this is relevant to this issue, but thought I'd highlight it anyway.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • 0 in reply to isoffice

    Hello John P, Ian, and other interested parties,

    (I thought I've done so but) I've not yet explicitly said that verbose logging showed that

    • the adapter is considered already active (otherwise a check-loop is entered)
    • the first call to IPAddressSet::InitialiseWithHost() correctly adds both localhost and the actual IP4 address
    • either Resolving the root object adapter... or Creating MessageRouter CORBA object... take localhost as resolved IP

    Unless there some additional debugging option (which Support would have to reveal) further attempts from our (your) side to find or help in finding the prime reason are purportless (but perhaps educating). Inspecting other logs, network traces, registry and other comparisons will just show the (expected) consequences of the incorrectly set IOR - not why it has been incorrectly set in the first place. Development should know what happens at this point (and if necessary how to obtain actually helpful information).
    Even if you are able to find the cause on your own you'd likely have only the option to work around until RMS is updated: Delayed start, service restart, adapter disable/enable. IMO the first has the least side-effects.

    You can check the status of your case at Sophserv

    Christian

  • 0 in reply to isoffice

    Hi John,

    Our last correspondence with Sophos was on Thursday evening when they advised that this issue had been escalated to one of the Level 2 Escalation Engineers.  This morning we emailed Sophos for an update and, to be honest, complain on the basis they only ever appear to respond when prompted. The outcome of this is that an engineer is now reviewing the escalation note and that this may include speaking to the Sophos GES/DEV team on our behalf.  Once again we referred them to this thread. 

    Ian.

  • 0 in reply to QC

    Hi Christian,

    Thank you for your input, as usual it has proven quite helpful.

    Forgive me if I have been 'over-posting' in relation to this issue. I was hoping to gain some better understanding of what the underlying issue is and if anyone else had encountered something similar in their SEC instance.

    I have to say, however, that the response from Sophos Support (via Sophserv) has been less than stellar. I have updated the submitted support case a few times with my findings and have not received an update of any sort.

    Looks like we will go with the delayed start for the Sophos Message Router service as an interim.

    Many thanks and best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • 0 in reply to WorEen

    Cheers Ian,

    Thanks for the update. If I hear anything back on my end, I'll keep you posted.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • 0 in reply to isoffice

    Hi John,

    Following your post I have reviewed the registry keys here on two devices that are working and two devices that are unable to connect to the SEC.  One of the devices that is unable to connect to the SEC is a laptop with a clean install of Windows 10, the other three have been deployed for many months.  The registry key HostIPToParent entry on the two 'disconnected' devices is shown as a REG_DWORD with a value of 0x00000000 (0).  On working devices the registry keys differ between devices and follow a similar pattern to those you identified i.e. ac1e0515 (2887648533)

    One other observation is that on all four devices the Router registry entries were located under HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router i.e. not under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router.  This is perplexing, especially in the case of the clean install.

    Ian.

  • 0 in reply to WorEen

    Hello Ian,

    just the IP address (172.30.5.21), containing the IP of the adapter used to communicate with the parent.

    Is there even a \Wow6432Node\ subtree, could these be 32bit systems?

    Christian

Reply Children
Unfiltered HTML