This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Not receiving messages from endpoints after server migration

Hi,

Recently I completed a server to server migration of the Enterprise Console from Server 2003 32 bit to 2012 R2 64 bit as per this guide: https://www.sophos.com/en-us/support/knowledgebase/28276.aspx

Everything looks to have gone well, however, a few days down the line and around half of the endpoints are reporting "Update to date: not since <2 days ago>". This time and date match the "Last message received from computer" column but when I look at the local computers in question, in Endpoint Security and Control I can see that they are recieving updates from their local SUM and are indeed up to date.

I'm not quite sure which logs to check here apart from the local updating log which shows everything is ok.

I presume that I didn't allow enough time for one of the policies to propigate to all of the endpoints before decomissioning the old server.

Any help would be much appreciated!

Thanks

This thread was automatically locked due to age.

Parents

0 hardies over 8 years ago

Hi Christian

Thank you for the reply.

After checking the logs I'm getting lots of errors regarding communication to the message router.

Here is part of the RMS log:

02.07.2015 15:17:43 20A0 I SDDM:SCAPI Calling Connect...
02.07.2015 15:17:43 20A0 I SDDMA: An uninitialized socket was created.
02.07.2015 15:17:43 20A0 I SDDM:SCAPI: Connect succeeded.
02.07.2015 15:17:43 20A0 I SDDMA: Logon key written successfully.
02.07.2015 15:17:43 20A0 I SDDMA: Logon key sent.
02.07.2015 15:17:43 20A0 I SDDMA: Socket connection authenticated.
02.07.2015 15:17:43 10C0 I SDDMA: The adapter is connected to SDDM.
02.07.2015 15:17:43 10C0 I SDDMA: Sending a Status Report upstream (forced)...
02.07.2015 15:17:43 10C0 I SDDM state observer notified that SDDM is running
02.07.2015 15:17:43 10C0 I SDDM state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot; type="sddm"><csc:CompRes policyType="9" Res="NoRef"/><csc:CompRes policyType="10" Res="NoRef"/><csc:CompRes policyType="11" Res="NoRef"/><csc:CompRes policyType="12" Res="NoRef"/><csc:CompRes policyType="13" Res="NoRef"/><version number="1"/><updateManager xmlns="www.sophos.com/.../common.xsd&quot; status="OK" softwareVersion="1.5.0"><updateOperation id="programsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><updateOperation id="supplementsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><defaultShare user="HARDIES\SophosUpdateMgr" password="redacted"/><currency></currency></updateManager></status>
02.07.2015 15:17:43 10C0 I SDDMA: Status report dispatched.
02.07.2015 15:17:43 10C0 I SDDMA: Sending a Status Report upstream (unthrottled)...
02.07.2015 15:17:43 10C0 I SDDM state observer notified that SDDM is running
02.07.2015 15:17:43 10C0 I SDDM state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot; type="sddm"><csc:CompRes policyType="9" Res="NoRef"/><csc:CompRes policyType="10" Res="NoRef"/><csc:CompRes policyType="11" Res="NoRef"/><csc:CompRes policyType="12" Res="NoRef"/><csc:CompRes policyType="13" Res="NoRef"/><version number="1"/><updateManager xmlns="www.sophos.com/.../common.xsd&quot; status="OK" softwareVersion="1.5.0"><updateOperation id="programsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><updateOperation id="supplementsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><defaultShare user="HARDIES\SophosUpdateMgr" password="redacted="/><currency></currency></updateManager></status>
02.07.2015 15:17:43 10C0 I SDDMA: Status report dispatched.
02.07.2015 15:17:44 1C3C W MSClient::Connect: failed to get router's IOR from supplied address and port.
02.07.2015 15:17:44 1C3C E NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
 ClientConnection::Reconnect()

02.07.2015 15:17:52 1C3C W MSClient::Connect: failed to get router's IOR from supplied address and port.
02.07.2015 15:17:52 1C3C E NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
 ClientConnection::Reconnect()

And from the ReportData.xml log:

State of name resolution (DNS)

Problem description :
There is a problem communicating with the server.

Overview :
Failed to determine the IP address of the computer from its name. Communication cannot start until this problem is resolved.

Possible cause :
DNS is misconfigured or the information is missing or incorrect.

Action to repair :
Verify that the client can resolve the name of the server. Alternatively, use a static IP address on the server (this is the configuration recommended by Sophos).

More information can be found in the Sophos knowledgebase :
Access the Sophos knowledgebase

State of Sophos security framework

No problems detected.

State of incoming communications from server

No problems detected.

State of outgoing communications to server

Problem description :
Communication failure.

Overview :
Failed to communicate with the server.

Possible cause :
"Sophos Message Router" service may be stopped on the server, or the server may be disconnected from the network, or a firewall may be blocking communications from the client to the server.

Action to repair :
Verify that the Sophos Message Router ports (by default 8192 and 8194) on the server are accessible by the computer with the problem. Also check networking and services on the server.

More information can be found in the Sophos knowledgebase :
Access the Sophos knowledgebase

Computer details

Report generation time ( local time )
02 July 2015 15:18:38

Report generation time ( GMT )
02 July 2015 14:18:38

Computer name :
HCSDUNFERMLINE

Windows domain :
HARDIES

RMS router name :
Not available

IOR port number :
8192

SSLIOP port number :
Not available

Parent addresses :
192.168.20.3,fdbf:74b:b62:3333::1,eternium.hardies.local,eternium

Current parent address :
Not available

RMS router type :
endpoint

There are 8 SUMs connecting to the new server's Enterprise Console. Interestingly is that the local one is working correctly which sugests a networking issue, however, I have tried compleley disabling the firewall on both servers. I also tried tried installing a new temporary SUM which has never appeared in the console.

I feel we're in the right area but I'm a little stuck now.

Again, any help is very much appreciated.

Thanks

Reply

0 hardies over 8 years ago

Hi Christian

Thank you for the reply.

After checking the logs I'm getting lots of errors regarding communication to the message router.

Here is part of the RMS log:

02.07.2015 15:17:43 20A0 I SDDM:SCAPI Calling Connect...
02.07.2015 15:17:43 20A0 I SDDMA: An uninitialized socket was created.
02.07.2015 15:17:43 20A0 I SDDM:SCAPI: Connect succeeded.
02.07.2015 15:17:43 20A0 I SDDMA: Logon key written successfully.
02.07.2015 15:17:43 20A0 I SDDMA: Logon key sent.
02.07.2015 15:17:43 20A0 I SDDMA: Socket connection authenticated.
02.07.2015 15:17:43 10C0 I SDDMA: The adapter is connected to SDDM.
02.07.2015 15:17:43 10C0 I SDDMA: Sending a Status Report upstream (forced)...
02.07.2015 15:17:43 10C0 I SDDM state observer notified that SDDM is running
02.07.2015 15:17:43 10C0 I SDDM state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot; type="sddm"><csc:CompRes policyType="9" Res="NoRef"/><csc:CompRes policyType="10" Res="NoRef"/><csc:CompRes policyType="11" Res="NoRef"/><csc:CompRes policyType="12" Res="NoRef"/><csc:CompRes policyType="13" Res="NoRef"/><version number="1"/><updateManager xmlns="www.sophos.com/.../common.xsd&quot; status="OK" softwareVersion="1.5.0"><updateOperation id="programsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><updateOperation id="supplementsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><defaultShare user="HARDIES\SophosUpdateMgr" password="redacted"/><currency></currency></updateManager></status>
02.07.2015 15:17:43 10C0 I SDDMA: Status report dispatched.
02.07.2015 15:17:43 10C0 I SDDMA: Sending a Status Report upstream (unthrottled)...
02.07.2015 15:17:43 10C0 I SDDM state observer notified that SDDM is running
02.07.2015 15:17:43 10C0 I SDDM state observer received a status: <?xml version="1.0" encoding="utf-8" ?><status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot; type="sddm"><csc:CompRes policyType="9" Res="NoRef"/><csc:CompRes policyType="10" Res="NoRef"/><csc:CompRes policyType="11" Res="NoRef"/><csc:CompRes policyType="12" Res="NoRef"/><csc:CompRes policyType="13" Res="NoRef"/><version number="1"/><updateManager xmlns="www.sophos.com/.../common.xsd&quot; status="OK" softwareVersion="1.5.0"><updateOperation id="programsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><updateOperation id="supplementsUpdate" lastNonNullFinishedAt="" lastFinishedAt="" /><defaultShare user="HARDIES\SophosUpdateMgr" password="redacted="/><currency></currency></updateManager></status>
02.07.2015 15:17:43 10C0 I SDDMA: Status report dispatched.
02.07.2015 15:17:44 1C3C W MSClient::Connect: failed to get router's IOR from supplied address and port.
02.07.2015 15:17:44 1C3C E NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
 ClientConnection::Reconnect()

02.07.2015 15:17:52 1C3C W MSClient::Connect: failed to get router's IOR from supplied address and port.
02.07.2015 15:17:52 1C3C E NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
 ClientConnection::Reconnect()

And from the ReportData.xml log:

State of name resolution (DNS)

Problem description :
There is a problem communicating with the server.

Overview :
Failed to determine the IP address of the computer from its name. Communication cannot start until this problem is resolved.

Possible cause :
DNS is misconfigured or the information is missing or incorrect.

Action to repair :
Verify that the client can resolve the name of the server. Alternatively, use a static IP address on the server (this is the configuration recommended by Sophos).

More information can be found in the Sophos knowledgebase :
Access the Sophos knowledgebase

State of Sophos security framework

No problems detected.

State of incoming communications from server

No problems detected.

State of outgoing communications to server

Problem description :
Communication failure.

Overview :
Failed to communicate with the server.

More information can be found in the Sophos knowledgebase :
Access the Sophos knowledgebase

Computer details

Report generation time ( local time )
02 July 2015 15:18:38

Report generation time ( GMT )
02 July 2015 14:18:38

Computer name :
HCSDUNFERMLINE

Windows domain :
HARDIES

RMS router name :
Not available

IOR port number :
8192

SSLIOP port number :
Not available

Parent addresses :
192.168.20.3,fdbf:74b:b62:3333::1,eternium.hardies.local,eternium

Current parent address :
Not available

RMS router type :
endpoint

I feel we're in the right area but I'm a little stuck now.

Again, any help is very much appreciated.

Thanks

Children

No Data