This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console issues

am kindly asking for some assistance with Sophos Endpoint Security and control v10.7 and Sophos Enterprise Console v5.5.0. at first it was working properly with no issues. but after a month, i found it had stopped working and shows no managed endpoints including server itself as connected. what could be the problem? and its just stuck on downloading binaries.



This thread was automatically locked due to age.
Parents
  • Hello Jeremiah Sakala,

    if the server itself is also disconnected then its likely a communications error.
    Guess you have checked that the Sophos services are running. Please see Update Manager stuck at Downloading Binaries for a potential cause and the solution.

    Christian

  • I checked the services are running, but from task manager, the SophosUpdateMgr.exe is showing as not using the CPU, its just a constant "00". but i can also see that the Let me try the link and will update Manager folder in Program Files(x86)\Sophos is showing last modified with today's date.

     

    Let me try the link and I will update

  • Hello Jeremiah Sakala,

    first of all, as already mentioned your server returns 4 profiles in the IOR with 169.254.128.169 as the first one. The 169.254.x.x addresses are perhaps not the best choice, you might consider using only one. BTW: Could you show your mrinit.conf (make sure it doesn't reveal anysensitive data).

    You have apparently quite a number of messages queued in the Envelopes folder, at the moment the Router can't forward them to the management service (EM) and the messages about them clutter the log. You could move the temporarily to some other place (but this is not compulsory).

    If I've counted correctly nine endpoints have successfully contacted the server and are trying to set up communication. The Router though seems to be unable to communicate internally (E Attempt to get client interface from non-local caller). Please check the last lines in the latest CertManager log in %ProgramData%\Sophos\Remote Management System\3\CertificationManager\Logs\ and the Msgn log in \%ProgramData%\Sophos\Sophos Endpoint Management\log\.

    You probably can't remember what could have been changed at the time you've noticed that it had stopped working, do you?

    Christian

  • Hi Christian, 

    Sorry i wasn't working from office yesterday. Any ideas how to get rid of the unwanted profiles in the IOR? I cant remember what happened or any changes that were made onto the server for it to stop working, I was on short leave from work and when i returned i just found that it was not showing any connected endpoints. 

    On Wednesday i tried to push installer on a PC on Network, it was able to install remotely, surprisingly. though still showing no connected endpoints. let me edit the mrinit.config and send. am working remotely today.

  • The mrinit details, i will just tell this, let me know if u need other details:

    "NotifyRouterUpdate"="EM"

    "ClitentIIOPPort"=dword:00002001

    "ClientSSLPort"=dword:00002002

    "ClientIORPort"=dword:00002000

    "IORSenderPort"=dword:00002000

    ........

    ...........

    ........

    "ServiceArgs"="

    "MRParentAddress"="ServerIP, ServerMAC,<unknown>,ServerName"

    "ParentRouterAddress"="ServerIP,ServerMAC,<unknown>,ServerName"

  • sorry, on the MRParentAddress & ParentRouerAddress, its the IPv6 of server not ServerMAC

  • Hello Jeremiah Sakala,

    so there's just one ServerIP (is it the 192.x.x.x) and no FQDN?
    If it is the 192.x.x.x please follow items A 3.-5. (ignore the rest) of the multiple IP addresses article. if that doesn't help do similarly for the Agent as outlined in with multiple IP addresses (item 2., the 2nd, 4th and 5th unnumbered point - please note that 127.0.0.1 in the 2nd point is likely a typo, it should be the ServerIP).

    Christian

  • Hi Christian,

    I followed the suggestions and removed all the files that were in C:\Program Data\Sophos\Update Manager\Working and saved them in another folder. I stopped all Sophos Services and restarted them, when i checked in Task Manager, the Sophos Update Manager seems to have started using the CPU. but will keep you posted on the outcome by Monday.

  • Hi Christian,

    Just from checking the console, still shows not a single machine connected. would reinstalling the console maybe work?

  • Hello Jeremiah Sakala,

    I don't think it's a SUM issue so this re-download should neither be necessary nor would it help in solving the issue.

    Did you modify the mentioned registry keys related to the services?

    Christian

  • Yes Christian, I strictly followed the instructions. 

  • Hello Jeremiah Sakala,

    then there should be significant changes in the Router and Agent logs, particularly the IOR should contain only one profile (IIOP). Is this the case?

    Christian

Reply Children
  • Am thinking I must have missed something somewhere, its still showing multiple IP Addresses in the Router Logs. Let me go through it once again just to verify the configurations and i will update you.

  • Hello Jeremiah Sakala,

    the number of profiles in the IOR is the important part, dunno whether it'd report all addresses or only the explicitly configured one.

    Christian

  • Initially it's supposed to resolve just one IP Address in the Router Log? 

  • Hello Jeremiah Sakala,

    as said - I'm not sure whether at this point it enumerates all active interfaces or the IP(s) it is explicitly or implicitly configured to use. Don't have a system where I could test it.
    There's a recent thread (in German) where disabling the additional (and unused) NIC seems to resolve a similar issue.

    Christian

  • Hello Christian, Sorry for being quiet for so long, I was out of town on other duties. Today i after I tried everything we have discussed, i just thought of concentrating on the update manager, since I had done all settings you assisted me with, I reinstalled the SUM on the server without uninstalling anything and it worked. It was able to update the Update Manager and also the endpoints started showing up. You have been so helpful, much appreciated. i have even learned a lot about Sophos through this, i wonder if there's any part that we didn't cover, hahahaha. Once again, thank you Christian..