Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Subscribers 4 subscribers
  • Views 22727 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Computers stuck in unmanaged section

Jonathan Ramirez

Hello, I am new to Sophos and this is a new issue that has been happening for the last weeks, whenever I install Sophos on a new computer the installation completes successfully and does get the updates correctly, but when I check on the enterprise console they go to the unmanaged group (not unassigned), and I can't do nothing to them except delete them.

One more thing, the ones I am using as test are running under Windows 10, I don't know if that might be the issue



This thread was automatically locked due to age.
  • 0

    That would suggest RMS is not functional.

    On the server have you opened up TCP port 8192 and 8194 and ideally on the endpoints opened TCP 8194 incoming?

    Maybe you can attach a Router log file from one of the clients in this state.  \programdata\sophos\remote management system\3\router\logs\

    Regards,

    Jak

     

  • 0

    Hello Jonathan Ramirez,

    whenever I install
    how do you install - locally (setup.exe from the CID or a package) or using Protect Computers?

    they go to the unmanaged group (not unassigned)
    there is no unmanaged group. If the endpoint "appears" in the console because it has contacted the management server it is managed, otherwise it(s name) has been imported by some means - at this point it is unmanaged and thus can't go to unmanaged. So - did you discover/import the endpoint(s) and if so, how?
    As the endpoint should register with the server after installation something's not right with RMS, Jak has already suggested what and where to check.

    Christian

  • 0 in reply to jak

    Hello.

    Yes the TCP ports are open on both sides. Here's the Router log file

     

    24.04.2018 15:57:35 1888 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20180424-215735.log
    24.04.2018 15:57:35 1888 I Sophos Messaging Router 4.1.1.127 starting...
    24.04.2018 15:57:35 1888 I Setting ACE_FD_SETSIZE to 138
    24.04.2018 15:57:35 1888 I Initializing CORBA...
    24.04.2018 15:57:35 1888 I Connection cache limit is 10
    24.04.2018 15:57:35 1888 I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
    24.04.2018 15:57:35 1888 I Creating ORB runner with 4 threads
    24.04.2018 15:57:35 1888 W No public key certificate found in the store. Requesting a new certificate.
    24.04.2018 15:57:35 1888 I Getting parent router IOR from 172.16.112.120:8192
    24.04.2018 15:57:35 1888 I This computer is part of the domain STAFF
    24.04.2018 15:57:35 1888 I Getting a new router certificate...
    24.04.2018 15:57:35 1888 I SSL handshake done, local IP address = 172.20.81.111
    24.04.2018 15:57:35 1888 I Current certificate name is
    24.04.2018 15:57:35 1888 I Sending unique token request...
    24.04.2018 15:57:37 1888 I Got unique token: 2880940
    24.04.2018 15:57:37 1888 I New certificate name is Router$DJRZ-IT-HL0L712:2880940
    24.04.2018 15:57:37 1888 I Creating cryptographic key pair
    24.04.2018 15:57:39 1888 E Router::Start: Caught Certificate request refused by certification manager, undefined failure
    24.04.2018 15:57:39 1888 I Restarting...

  • 0 in reply to Jonathan Ramirez

    Hello Jonathan Ramirez,

    please check the CertManager logs (%ProgramData%\Sophos\Remote Management System\3\CertificationManager\Logs\), there should be a corresponding entry.

    Christian

  • 0 in reply to QC

    QC said:

    whenever I install
    how do you install - locally (setup.exe from the CID or a package) or using Protect Computers?

     

    Yes, I install localy, with these unmanaged computers I can't use Protect Computers

    QC said:

    they go to the unmanaged group (not unassigned)
    there is no unmanaged group. If the endpoint "appears" in the console because it has contacted the management server it is managed, otherwise it(s name) has been imported by some means - at this point it is unmanaged and thus can't go to unmanaged. So - did you discover/import the endpoint(s) and if so, how?

     

     
    Yes they were imported via Active Directory, also I checked one of the computers which has Windows 10 doesn't let me instal RMS from its .exe
  • 0 in reply to Jonathan Ramirez

    Hello Jonathan Ramirez,

    with these unmanaged computers I can't use Protect Computers
    there might be some misunderstanding of unmanaged. A computer object in SEC is unmanaged when its name and some optional attributes have been imported by some means but an endpoint with this name and attributes has not yet registered with the console. Unmanaged does not relate to any other management capabilities (AD, third-party) in your network. Normally Protect is used for these very unmanaged ones. That a computer is managed (i.e. Sophos is installed) does not facilitate the use of Protect.

    As said, in the case for which you've provided the log the Certification Manager rejects the certificate request, the mentioned log should have details.

    doesn't let me instal RMS from its .exe
    what is its .exe? Could you give the name of this .exe and also what doesn't let me is exactly? Do you run setup.exe interactively with the GUI or using command line switches?

    Christian

  • 0 in reply to QC

    QC said:

    doesn't let me instal RMS from its .exe
    what is its .exe? Could you give the name of this .exe and also what doesn't let me is exactly? Do you run setup.exe interactively with the GUI or using command line switches?

    Hello Christian.

    The .exe is located on CIDs\S000\SAVSCFXP\rms, the name is Sophos Remote Management System and I tried installing it with the GUI

  • 0 in reply to Jonathan Ramirez

    Hello Jonathan Ramirez,

    Sophos Remote Management System is an Installer package (.msi) - this [:@] Hide extensions for known file types - and it won't work if you double click it.
    If asked about setup.exe in ...\SAVSCFXP\ - this is the one and only one to use. It should take care of all the rest if the correct options are selected (actually it installs AutoUpdate telling it what to subsequently download and install).
    What did you configure in setup.exe's window prompt (perhaps you can show a screenshot), what was the result? Any why did you try to install RMS using the .msi?

    Christian

  • 0 in reply to QC

    Hello Christian

    Here's the screenshot, when we install it we leave it like this, except the username and password

    Is it better if we add a group path or leave it blank?

    Also about the RMS, I tried installing it because one Windows 10 PC didn't show it on control panel and also thought a reinstall might help.

  • 0 in reply to Jonathan Ramirez


    E Router::Start: Caught Certificate request refused by certification manager, undefined failure 

    ...seems to be the issue here and why the client can't become managed.  I have to say, I've not seen that error message before.  I would hope that the certification manager log file on the server has a more meaningful message at the same time.

    Are any clients working from the management server?

    Regards,

    Jak

Unfiltered HTML