Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 8423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC startup fail and Services won't start - just status "starting"

Marshallyx

Hey guys,

my SEC won't start anymore. Errormessage:

Sophos.UIController.Extension.UIControllerException: Cannot retrieve session token after 8 retries. Please check that the Sophos Management Host service is running, otherwise see KBA 118513.
   at Sophos.UIController.IdentityServiceAbstracter.EndRetrieveSessionToken()
   at Sophos.UIController.UIControl.InitializeModulesDependencies()
   at Sophos.UIController.UIControl.<Initialize>b__b()
   at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
   at Sophos.UIController.UIControl.Initialize()

----- [outer exception] -----
   -- error: 0x80004005 (Unspecified error)
   -- facility: Generic (System)
   -- source:   Sophos.UIController

   at class ATL::CComBSTR __thiscall UIControl::initialize(class ATL::CComPtr<struct IDispatch>)
   at class ATL::CComPtr<struct IDispatch> __thiscall bl::CReusingManagementServiceClientBroker::logIn(const struct util::UserName &,class Loki::SmartPtr<class bl::SubEstate,class Loki::RefCountedMTAdj<class Loki::ClassLevelLockable>::RefCountedMT,struct Loki::DisallowConversion,struct util::NoDereferenceNull,class Loki::DefaultSPStorage>,const wchar_t *,class bl::UIControllerBase &)
   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)
   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

 

I read a few article about this error but mostly the problem is, that the Sophos Management Host Service didn't start. In my case it did - BUT I detected the services

Sophos Patch Endpoint Communicator

Sophos Patch EndpointOrchestrator

Sophos Patch Server Communicator

won't start. They are just pending in "starting", without getting to "started".

 

Is there maybe a connection between the Error of SEC and the services not starting?

And what can I do to get these services running again?

 

greetings Marshallyx



This thread was automatically locked due to age.
  • 0

    Hello Marshallyx,

    my SEC is "just" the console - the management service (without Host) is running, isn't it? the console doesn't open when there's a communication error with one of the components that use the Management Host Service (Patch, Web Control). I vaguely remember issues that involved starting ...  SOPHOSPATCH52 database, service logs, Windows Events, ... I'm afraid no better ideas before tomorrow as it's already late here.

    Christian

  • 0 in reply to QC

    Hello Marshallyx,,

    I knew I have seen it.
    You didn't tell whether these services failed to start more or less out of the blue or "something" has been changed before they started to act up. The thread I was thinking of is about a past-migration issue. Maybe it helps.

    Christian

  • 0 in reply to QC

    QC said:

    Hello Marshallyx,

    my SEC is "just" the console - the management service (without Host) is running, isn't it? the console doesn't open when there's a communication error with one of the components that use the Management Host Service

     
    Yep, its running.
    So you're saying there is no connection between those 3 services and the console not starting? Maybe the services didn't work before and I just didn't recognize it.
     
    QC said:

    You didn't tell whether these services failed to start more or less out of the blue or "something" has been changed before they started to act up.

    No changes. Appeared out of the nowhere.

     Here a screenshot of all sophos services:

     

    Marcel

  • 0 in reply to Marshallyx

    Hello Marcel,

    there is no connection
    on the contrary - which of the services is required I can't say but at least one of them is (and BTW this affects both a local and a remote console).

    Please check the Windows Event log for errors related to the Patch services, also check the logs (especially those with Communicator in their name) in %ProgramData%\Sophos\Patch\Logs\.

    Christian

  • 0 in reply to QC

    QC said:

    Please check the Windows Event log for errors related to the Patch services, also check the logs (especially those with Communicator in their name) in %ProgramData%\Sophos\Patch\Logs\.

    Log of all 3 Services (PatchEndpointOrchestrator, PatchEndpointCommunicator,PatchServerCommunicator) says:

    2018-09-21 10:23:08 | PID   2736 | TID      4 | ID:  1000 | Severity:      error | Error fetching upgrade status.-- System Exception Details --
    Message: Cannot open database "SOPHOSPATCH52" requested by the login. The login failed.
    Login failed for user 'XXX\admin_sophos'.
    Type: SqlException
    Source: .Net SqlClient Data Provider
    Target: Boolean TryGetConnection(System.Data.Common.DbConnection, UInt32, Boolean, Boolean, System.Data.Common.DbConnectionOptions, System.Data.ProviderBase.DbConnectionInternal ByRef)
    Help Link:
    -- Evidence At Publish --

    I entered the login again, restarted the server, nothing changed.

  • 0 in reply to Marshallyx

    Hello Marcel,

    so admin_sophos is the "Database User" in terms of SEC and the services are logging on as this user?

    Did you check if the SOPHOSPATCH52 database is available e.g. with;
    sqlcmd -E -S .\SOPHOS  -d SOPHOSPATCH52 -Q "SELECT * From Upgrade"

    SQL should log login failures in the Application log with Event ID 18456.

    Christian

  • 0 in reply to QC

    QC said:

    so admin_sophos is the "Database User" in terms of SEC and the services are logging on as this user?

    Correct.

     

    Well... I testet a few things and it seems like the database SOPHOSPATCH52 is damaged or something like this. If i try to open the properties of the database or try to expand it via the + symbole via SQL Server Management Studio I get the following error:

     

    On the SQL Server I don't have a log with the Event ID you mentioned before, there is just a large number (every minute since 3 weeks) of logs like this:

    *SM01 is the name of the sophos enterprise console server | *under the column "Computer" is the SQL Server name listed.

     

    To go around the problem (because I don't really know if I can solve this) I installed a new server (which was planned for the future anyway) also with a new database on it. Now I just need to think (and read) about it how to redirect the clients to the new server and so on...

    But I wanted to post the screenshots, because maybe someone has a new idea with these logs. Let me know it...

  • 0 in reply to Marshallyx

    Hello Marshallyx,

    I'm an SQL Server illiterate so I can't say how to proceed with the database not accessible off the top of my head. The SQL Server log from the time you tried to access SOPHOSPATCH52 with the Studio might have some usable information though.

    Christian

Unfiltered HTML