Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 8852 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console showing conflicting notices

Sys Admin1

Enterprise Console shows "Awaiting policy transfer" in the [Policy compliance] column AND "Yes" in the [Up to date] column. They seem very conflicting. Or does one relate to "policy" and one to definitions? It's not very clear. I also tried updating on the endpoints and they said no files needed updating but downloaded 6 files anyway. The same few (4/40) endpoints have been showing this for months and they all stay on constantly.



This thread was automatically locked due to age.
  • 0

    One does relate to policy, the other up-to-date-ness so they are different.

    In order for the up-to-date to be maintained, the client must be sending messages (status) up to the management server so RMS must be working, unless of course the Sophos Update Manager (SUM) is also not updating in which case the reported information from SUM to SEC is not changing.  A quick test would be to check on the client under: \program files (x86\sophos\sophos anti-virus\ to see the timestamp of the last .ide file. 

    As for awaiting policy transfer, could it be that the last messages to send policy to these computers timed out?

    When you change a policy, force an update of a policy or a computer moves group, then the Sophos Management Service, creates a message for the client(s) which is received by the router service on the management server.  Messages have timeouts as detailed here: https://community.sophos.com/kb/113417.

    The server router stores the message in the "envelopes' directory on the server, tries to notify the router of the client (Needs to be able to connect to TCP port 8194 on the client).  If the client is successfully notified a new message is available, then the client checks for the messages, pulls it, the .msg file is removed from the server.   If the notify fails then the client should pick up the outstanding message in 15 minutes +-50% which is it's default polling interval.

    You can trace the downstream messages from the management service logs, to the router logs on the server to the router logs on the client to the agent log on the client.

    Regards,

    Jak

     

     

     

  • 0 in reply to jak

    How do you "force an update of a policy"?

  • +1 in reply to Sys Admin1

    Hello Sys Admin1,

    select computer(s), right click → Comply with ... → select desired policy.

    Christian

  • 0 in reply to QC

    Excellent, thanks Christian. Btw, you look hella cold ;-)

Unfiltered HTML