This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to connect linux endpoint to the console

 Hi,


I'm unable to connect my linux endpoint to the SEC Console. Below is the error i see in Router logs and Agent Logs.

I have checked firewall rules for 8192 and 8194. It seems fine.

I also get IOR from the SUM. 

Router Log reports the following error:

-----------------------------------------------

11.01.2017 03:29:11 B700 I Creating cryptographic key pair
11.01.2017 03:29:12 B700 E Router::Start: Caught Certificate request refused by certification manager, undefined failure

-----------------------------------------------

Agent Log reports the following error:

-----------------------------------------------

11.01.2017 03:29:04 6700 E SAV state observer received an empty configuration
11.01.2017 03:29:04 6700 I SAV adapter loaded
11.01.2017 03:29:06 5700 E Failed to read in the router's IOR from the supplied address and port.
11.01.2017 03:29:06 5700 E NoRouterIORException: Caught MessagingSystemClientLib::NoRouterIORException (failed to get router's IOR from supplied address and port) ClientConnection::Reconnect()

Kindly help me in resolving this issue. I'm stuck with this error for past 2 days.

Thanks in advance.

BR,

Priyanka



This thread was automatically locked due to age.
  • Hello Priyanka,

    I also get IOR [...] NoRouterIORException:
    you did check from the Linux machine and were successful using one of the Parent Addresses from .../rms/Router/NetworkReport/ReportData.xml? The NoRouterIORException tells that the router can't get an IOR. The parent addresses are from mrinit.conf, tag ParentRouterAddress - usually the server's IPv4,IPv6,FQDN,NetBIOS. For at least one of them the endpoint must be able to reach port 8192.

    Christian     

  • Hello Christian,

    Thanks for the prompt reply.

    I checked if the ports for the parent IP is enabled. It seems fine.

    When i perform telnet <parentaddress> 8192 i get the IOR.

    And when i test telnet <parentaddress> 8194 i get connected.

    My MRInit.conf seems fine.

    Not sure, why i cant see endpoint @ SEC.

    Now i see the below error from the router logs.

    -----------------------------------

    11.01.2017 08:33:56 6700 E RunORB: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_INV_ORDER:1.0'
    OMG minor code (4), described as '*unknown description*', completed = NO

    -----------------------------------

    Thanks,

    Priyanka

  • Hello Priyanka,

    i get the IOR
    fine.
    why i cant see endpoint
    because the endpoint never established a connection. BAD_INV_ORDER usually means that methods are called out of order, whatever this signifies. Guess it's something on the Linux endpoint though. As SEC customer you are entitled to support (real support, not just me guessing) ... maybe worth a try (it's nowhere documented and I don't know how I came up with this):

    1. stop the router (/opt/sophos-av/bin/savdctl disableOnBoot sav-rms)
    2. edit /opt/sophos-av/rms/router.config, add the line "LogLevel"=dword:00000002  and save
    3. start the router (/opt/sophos-av/bin/savdctl enableOnBoot sav-rms)

    then check the router log. Dunno if it will contain some useful information. Oh, BTW, good idea to post only significant parts of the logs but maybe it's better to be less economical (please always include several surrounding lines, they often contain important complementary information) and in case of related services (like router and agent) please make sure the excerpts cover the same interval. On second thoughts - perhaps in step 2 do the same for the agent (in a similar way).

    Christian

  • Hi Christian,


    I have included the loglevel in router.config as mentioned above.

    This is all of the messages i see in router log file.

    ------------------------

    12.01.2017 05:43:51 A700 I SOF: ./Router/Logs/Router-20170112-054351.log
    12.01.2017 05:43:51 A700 I Sophos Messaging Router 3.0.0.1728 starting...
    12.01.2017 05:43:51 A700 I Setting ACE_FD_SETSIZE to 138
    12.01.2017 05:43:51 A700 I Initializing CORBA...
    12.01.2017 05:43:51 A700 I Setting connection cache limit to 10
    12.01.2017 05:43:51 A700 I Creating ORB runner with 4 threads
    12.01.2017 05:43:51 B700 E RunORB: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_INV_ORDER:1.0'
    OMG minor code (4), described as '*unknown description*', completed = NO

    12.01.2017 05:43:51 D700 E RunORB: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_INV_ORDER:1.0'
    OMG minor code (4), described as '*unknown description*', completed = NO

    12.01.2017 05:43:51 E700 E RunORB: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_INV_ORDER:1.0'
    OMG minor code (4), described as '*unknown description*', completed = NO

    12.01.2017 05:43:51 C700 E RunORB: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/BAD_INV_ORDER:1.0'
    OMG minor code (4), described as '*unknown description*', completed = NO

    12.01.2017 05:43:51 A700 E Router::Start: Caught No certificate in certificate store
    ------------------------

    Any idea ?

    Thanks,
    Priyanka

  • Hello Priyanka,

    apparently mrouter didn't pick up the LogLevel, you did enter it as written
    "LogLevel"=dword:00000002
    case is not important but no trailing comma? You should get messages with severity levels D and T (in addition to I,W and E), the first D-level messages should appear before Creating ORB runner. As simple check that you edit the correct router.config and that it is correctly saved you could change "NumORBThreads" to 5.

    Christian 

  • Hi Christian,


    This is what i have entered in router.config.

    [HKEY_LOCAL_MACHINE]
    [HKEY_LOCAL_MACHINE\SOFTWARE]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\CurrentState]
    "NotifyRouterUpdate"="EM"
    "ConnectionCache"=dword:0000000a
    "NotifyClientUpdate"="Router$<hostname>:459055.Agent"
    "LogLevel"=dword:00000002
    "IORSenderPort"=dword:00002000
    "HostIPToParent"=dword:00000000
    "ParentPort"=dword:00002000
    "ServiceArgs"="-ORBListenEndpoints iiop://:8193/ssl_port=8194 -ORBDebug -ORBVerboseLogging 2 -ORBDebugLevel 10"
    "NumSenderThreads"=dword:00000003
    "ParentAddress"="parent address"

    I have intentionally, removed the detail for "NotifyClientUpdate" and "ParentAddress"

    Thanks,
    Priyanka

  • Hello Priyanka,

    the -ORBDebug ServiceArgs have no effect as far as I can see, can't say why, the LogLevel does (here at least) and I see there's no NumORBThreads but apparently it defaults to 4 anyway. Now from my log I see that the next messages are RunORB thread started. Apparently this fails. 
    I've run out of ideas (other than the insipid: Did you try to reinstall?). Guess you have to contact Support (or perhaps you can make   aware of this thread).

    Christian 

  • I think the LogLevel key has to be in the "Messaging System" section, rather than "CurrentState".

    Another thing that occurs is that you have a very old Linux install - RMS 3 based, you need a more recent version of SAV.

  • Hello Douglas,

    LogLevel works for me (RMS 4.0.0.279) in the CurrentState section, just for the record. Anyway, is -ORBDebug supposed to work (it did once in the Windows version), not that one would really need it without assistance?

    RMS 3 - rats, I should have noticed ...

    Christian

  • Hi Christian, Hi Douglas,


    Thanks for the reply. 

    Please tell me if i upgrade RMS to 4.0 will resolve this issue. If yes, then where will i find this software. I checked in MySupport login.

    I can only see windows endpoint software download.

    Standalone Installers

    Any idea ? I'm also opening a case with Sophos support.

    Thanks,
    Priyanka