This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Awaiting policy from console

after i finished install all server

next day i see Awaiting policy from console in one of server in detail for this server i see it like this :

Web control policy                      Awaiting policy from console

i try uninstall and reinstall it ,

good it's work for tow day and return to same issue same server as show in attach picture

 



This thread was automatically locked due to age.
Parents
  • Hello AbedEl-Hamid Al-Wahidy,

    Awaiting policy from console is usually the status after the initial install when the endpoint has not yet received the policies from the console. The received polices are stored in the associated subfolders under %ProgramData%\Sophos\Remote Management System\3\Agent\AdapterStorage - when the Agent detects that their contents have been removed it will also request the policies from the management server.

    Normally SEC will send the policies (either immediately or in response to a message from the endpoint) and the endpoint will report compliance. If the status remains for a longer period a right-click Comply with ... will resend the policies. The status should normally not revert to Awaiting policy from console - this only happens if either the software is reinstalled or the cached policies "disappear" for whatever reasons.

    Christian

  • Hello Christin

    After i do Comply Still  Awaiting policy from console

     

    what can i do eles

  • Hello AbedEl-Hamid Al-Wahidy,

    if SEC can connect to the endpoint's (in this case this server's) port 8194 it will send the policy immediately, otherwise the message is queued and sent when the endpoint sends a message to SEC (this might take some time but should be with an hour or so).
    If the status doesn't change please request another Comply with and then check the Router and Agent logs on the endpoint.

    Christian

  • Hello Christian

     

    i do what you say and Comply other one and this is the output for agent and router log file

     

    Agent :

    05.12.2017 14:44:08 132C I SAV state observer notified that SAV is running
    05.12.2017 14:44:08 132C I SAV state observer received a status: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>

    <status xmlns="www.sophos.com/.../EESavStatus"><csc:CompRes xmlns:csc="com.sophos\msys\csc" Res="Same" RevID="{A9749CAC-3161-4329-B860-BD066BFFE99D}" policyType="2"/><csc:CompRes xmlns:csc="com.sophos\msys\csc" Res="Same" RevID="{7C80B6C9-2674-46A1-A215-2E3EE8CD7826}" policyType="7"/><ac:onAccess xmlns:ac="com.sophos\mansys\applicationcontrol" value="1"/><csc:CompRes xmlns:csc="com.sophos\msys\csc" Res="Same" RevID="c22457eb-4a21-457a-8756-897d7672c3ef" policyType="19"/><tp:tamperProtectionStatus xmlns:tp="www.sophos.com/.../tamperprotectionstatus.xsd" scanningState="on"/><csc:CompRes xmlns:csc="com.sophos\msys\csc" Res="Same" RevID="7c7e6574-c1b0-45e2-b518-c4ddc3a773ed" policyType="15"/><dat:dataControlStatus xmlns:dat="www.sophos.com/.../datacontrol.xsd" scanningState="off"/><csc:CompRes xmlns:csc="com.sophos\msys\csc" Res="Same" RevID="59ff657a-5b5f-4020-a190-0cef471b7583" policyType="16"/><dev:deviceControlStatus xmlns:dev="www.sophos.com/.../devicecontrol.xsd" scanningState="on"/><entity><productId>SAVEEXP</productId><product-version>10.7.2 VE3.69.2</product-version><entityInfo>SAVXP.10.7.2 VE3.69.2</entityInfo></entity><vdl-info><virus-engine-version>3.69.2</virus-engine-version><virus-data-version>5.46</virus-data-version><idelist><ide>adwi-byb.ide</ide><ide>age-axpl.ide</ide><ide>age-axpq.ide</ide><ide>age-axpt.ide</ide><ide>age-axqw.ide</ide><ide>age-axsa.ide</ide><ide>age-axse.ide</ide><ide>age-axsv.ide</ide><ide>age-axta.ide</ide><ide>age-axtf.ide</ide><ide>age-axuj.ide</ide><ide>age-axuk.ide</ide><ide>aimbo-ak.ide</ide><ide>auto-cde.ide</ide><ide>chisb-tl.ide</ide><ide>chisb-tp.ide</ide><ide>chisb-tt.ide</ide><ide>chmdld-k.ide</ide><ide>darkc-gq.ide</ide><ide>darkc-gr.ide</ide><ide>darkc-gs.ide</ide><ide>darkc-gt.ide</ide><ide>decep-dz.ide</ide><ide>decep-eb.ide</ide><ide>decep-fi.ide</ide><ide>delf-gjh.ide</ide><ide>delf-gjl.ide</ide><ide>delf-gjp.ide</ide><ide>delf-gjv.ide</ide><ide>delf-gko.ide</ide><ide>delf-gla.ide</ide><ide>delf-glh.ide</ide><ide>docd-lce.ide</ide><ide>docd-lcj.ide</ide><ide>docd-lem.ide</ide><ide>docd-lff.ide</ide><ide>docd-lfx.ide</ide><ide>docd-lgb.ide</ide><ide>docd-lgl.ide</ide><ide>docd-lhg.ide</ide><ide>docd-lhj.ide</ide><ide>docd-lhr.ide</ide><ide>docd-lhz.ide</ide><ide>docd-lii.ide</ide><ide>docd-lin.ide</ide><ide>docd-lis.ide</ide><ide>docd-liy.ide</ide><ide>docd-ljk.ide</ide><ide>docd-lkb.ide</ide><ide>docd-lkj.ide</ide><ide>docd-lku.ide</ide><ide>docd-llb.ide</ide><ide>docd-llx.ide</ide><ide>docd-lly.ide</ide><ide>docd-lmd.ide</ide><ide>docd-lmt.ide</ide><ide>docd-lmw.ide</ide><ide>docd-lne.ide</ide><ide>docd-lnk.ide</ide><ide>docd-lnp.ide</ide><ide>docd-loc.ide</ide><ide>docd-loj.ide</ide><ide>docd-loo.ide</ide><ide>docd-low.ide</ide><ide>docd-lpk.ide</ide><ide>docd-lpn.ide</ide><ide>docd-lpx.ide</ide><ide>docd-lpz.ide</ide><ide>docd-lre.ide</ide><ide>docd-lro.ide</ide><ide>docd-lsb.ide</ide><ide>docdr-bj.ide</ide><ide>docdr-dz.ide</ide><ide>dwnl-uti.ide</ide><ide>emoge-do.ide</ide><ide>emoge-dq.ide</ide><ide>emote-js.ide</ide><ide>emote-jw.ide</ide><ide>emote-jx.ide</ide><ide>fare-dvh.ide</ide><ide>fare-dvk.ide</ide><ide>fare-dvn.ide</ide><ide>fare-dvr.ide</ide><ide>fare-dvx.ide</ide><ide>fare-dvy.ide</ide><ide>fare-dwd.ide</ide><ide>fare-dwi.ide</ide><ide>fare-dwk.ide</ide><ide>fare-dwo.ide</ide><ide>fare-dws.ide</ide><ide>fare-dxa.ide</ide><ide>fare-dxc.ide</ide><ide>fare-dxl.ide</ide><ide>fare-dxm.ide</ide><ide>fare-dxn.ide</ide><ide>fare-dxw.ide</ide><ide>fare-dyi.ide</ide><ide>fare-dyk.ide</ide><ide>gozi-mp.ide</ide><ide>hawke-qf.ide</ide><ide>inje-cuz.ide</ide><ide>inje-cwt.ide</ide><ide>inje-cwu.ide</ide><ide>inje-cxe.ide</ide><ide>injec-wm.ide</ide><ide>injec-xg.ide</ide><ide>injec-xv.ide</ide><ide>injec-yy.ide</ide><ide>java-ask.ide</ide><ide>krypt-ia.ide</ide><ide>lamber-a.ide</ide><ide>lethi-ci.ide</ide><ide>lock-acj.ide</ide><ide>mdro-iag.ide</ide><ide>mdro-iav.ide</ide><ide>msil-kpa.ide</ide><ide>msil-kpo.ide</ide><ide>msil-
    05.12.2017 14:44:08 121C I Running SetAdapterStatusJob for adapter SAV
    05.12.2017 14:44:28 121C I computer name is HR_SERVER
    05.12.2017 14:44:28 121C I This computer is part of the domain C-TOWN
    05.12.2017 14:44:28 121C I workgroup/domain name is C-TOWN
    05.12.2017 14:44:28 121C I computer description is
    05.12.2017 14:44:28 121C I This computer is part of the domain C-TOWN
    05.12.2017 14:44:28 121C I SendStatus: Sent EM-GetStatus-Reply (id=002694AC) to EM


    Router :

    05.12.2017 14:44:28 11C0 I Routing to parent: id=002694AC, origin=Router$HR_Server:99012.Agent, dest=EM, type=EM-GetStatus-Reply
    05.12.2017 14:44:28 11B4 I Sent message (id=002694AC) to Router$Sophos-Server

  • Hello Christian

    for Port "8192,8193,8194" its open in firewall in inbound and outbound for all server

     

    the services "Sophos Web Intelligence Update" is stopped and didn't want to start

    could be it's the problem

  • Hello AbedEl-Hamid Al-Wahidy,

    and the status for WebControl is still Awaiting ...? The endpoint reports compliance for 5 policies (2,7,15,16,19 - I'd have to look up which ones they are tomorrow).

    Christian

  • Hello Christian

     

    Yes Still Until now Awaiting

    what can i do for it

  • Hello AbedEl-Hamid Al-Wahidy,

    the policies the endpoint reports are AV, Application Control, Data Control, Device Control and Tamper Protection. Web Control (which would be type=22) isn't on the list. Wonder what this signifies.

    Before turning on verbose logging or performing other advanced troubleshooting steps I'd try the following: From the endpoint servers local GUI, Configure in the menu bar, Web Control ... toggle (i.e. tick when unticked or v.v.) the Enable check box, is the change reflected in the console? If there is no change delete the endpoint from the console, it should reappear after a while. Dunno if Delete clears the policy status though but it's worth a try.

    Christian

  • Hello Christian

    i make untick the Enable Check box and still Awaiting

    i make second step and delete the Endpoint from console and back with same thing Awaiting

  • Hello ,

    under %ProgramData%\Sophos\Remote Management System\3\Agent\AdapterStorage\ is there a folder named SWC and is there a file in it?
    Please check the following registry key: HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Adapters\SWC, it should contain the value named DLLPath containing C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\SWCAdapter.dll. If it isn't there either create it and restart the Sophos Agent service or reinstall Sophos.

    Christian

Reply
  • Hello ,

    under %ProgramData%\Sophos\Remote Management System\3\Agent\AdapterStorage\ is there a folder named SWC and is there a file in it?
    Please check the following registry key: HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Adapters\SWC, it should contain the value named DLLPath containing C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\SWCAdapter.dll. If it isn't there either create it and restart the Sophos Agent service or reinstall Sophos.

    Christian

Children