This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Not receiving messages from endpoints after server migration

Hi,

Recently I completed a server to server migration of the Enterprise Console from Server 2003 32 bit to 2012 R2 64 bit as per this guide: https://www.sophos.com/en-us/support/knowledgebase/28276.aspx 

Everything looks to have gone well, however, a few days down the line and around half of the endpoints are reporting "Update to date: not since <2 days ago>". This time and date match the "Last message received from computer" column but when I look at the local computers in question, in Endpoint Security and Control I can see that they are recieving updates from their local SUM and are indeed up to date.

I'm not quite sure which logs to check here apart from the local updating log which shows everything is ok. 

I presume that I didn't allow enough time for one of the policies to propigate to all of the endpoints before decomissioning the old server.

Any help would be much appreciated!

Thanks

:57790


This thread was automatically locked due to age.
Parents
  • eternium is the new server which is part of the domain and resolves fine from anywhere on the network. How can I tell if those ports are open/correct?

    Thanks

    :57823
  • I know this is an old thread, but I wanted to reply in case somebody else runs into this issue:

    My colleague and I were able to resolve this issue.  The following is what we identified as the cause of the issue:

    1.  The ReportData.xml file did not include the management server's correct DNS suffix.  The management server was listed as Server.Contoso.com instead of Server.it.Contoso.com.  Manually correcting the ReportData.xml file allowed the Sophos client to check into the management console.

    2.  Alternatively, we found that updating the HOSTS file on the affected client with an entry for the Server tying it to its IP address allowed the client to check into the Sophos management console.

    Our "permanent" fix was to update the mrinit.conf file in the Sophos installation package so that the proper FQDN for the management server is listed.  Originally, the incorrect FQDN (Server.Contoso.com) was listed.

  • Hi All,

     

    I am having a similar behavior on a multitude of clients. ReportData.xml will have exactly the same entries for:

    Windows Domain

    IOR port

    SSLIOP port

    Parent Address (ip of server, FQDN of server, NetBIOS name of server)

    Current Parent Address (ip of server)

    RMS router type: endpoint

    Yet it repots Incoming communication problem. All machines are in the same ad group and even the same group policy. All updating fine, and can telnet from them to the server, getting the IOR back.

    Article 17134 just says open ports, although I cannot telnet to neither these clients that have the error, nor to the ones that do not report any errors in the xml...

    Is it safe to ignore, or would I need to keep an eye on something else?

    Many thanks,

    DanZi

Reply
  • Hi All,

     

    I am having a similar behavior on a multitude of clients. ReportData.xml will have exactly the same entries for:

    Windows Domain

    IOR port

    SSLIOP port

    Parent Address (ip of server, FQDN of server, NetBIOS name of server)

    Current Parent Address (ip of server)

    RMS router type: endpoint

    Yet it repots Incoming communication problem. All machines are in the same ad group and even the same group policy. All updating fine, and can telnet from them to the server, getting the IOR back.

    Article 17134 just says open ports, although I cannot telnet to neither these clients that have the error, nor to the ones that do not report any errors in the xml...

    Is it safe to ignore, or would I need to keep an eye on something else?

    Many thanks,

    DanZi

Children
  • Hello DanZi,

    it reports
    who's it? Is there a TCP connection from the endpoint to the server's 8194? You re-initialised RMS on these endpoints and other as well but the others send data?

    The Router logs should provide some insight.

    Christian

  • Hi Christian,

     

    it reports = I mean the machines having this error do report to the console okay.

    Actually, RMS re-init was dropped, I simply reinstall the client. There is indeed a TCP connection from the client to the server. ESTABLISHED.

    Router log has only I entries... Heartbeat calls, whit success and RouterSystemCheck - portst 5. etc....

     

    DanZi

  • Hello DanZi,

    now you've lost me, completely.
    In your previous post you said you see a similar behavior - but the OP is about endpoints not reporting and a failure of outgoing communications. Arguably Yet it reports Incoming communication problem is a similar behavior - insofar as there is an error I'd agree but IMO it's too broad.

    Haven't seen this error in a NetworkReport and can't say what triggers it. Though I'd assume that the Message Router writes a corresponding message to the log when it indicates the problem in the NetworkReport. As the Router writes the report at startup I'd restart the service, verify that the problems is still indicated, and check the Router log.

    Christian

  • Hi Christian,

    That's a good one, I didn't know that the xml was written by the Message Router service. A remote restart from powershell does eliminate the issue in a lot of cases. I think RMS is just a little picky.

    Many thanks for the tip! :-)

    DanZi