Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 14023 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

client is disconnected/show red x on SEC

Sophoan KHIEU

Dear Sirs,

There is issue with all managed client computers are showing up as disconnected with a red x on SEC server after setup Microsoft security and update windows on server.

Our version of the Sophos Enterprise Console we are running is 5.5.0, we are running windows server 2008 R2 Enterprise. There is only one terminal showing green connection on the server.

The sophos message router service is not stoped it's set on automatic on the local system on the server.

I would appreciate any help you get give us on this matter.



This thread was automatically locked due to age.
  • 0

    Hi

    On a client, can you:

    1. Stop the Sophos Message Router Service. 

    2. Restart the service.

    3. Wait 2 minutes.

    4. provide the latest router log file from:
    \programdata\sophos\remote management system\3\router\logs\

    Regards,

    Jak

  • 0 in reply to jak

    Dear Jak,

    Thank you so much!

    23.05.2017 13:23:25 39AC I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20170523-062325.log
    23.05.2017 13:23:25 39AC I Sophos Messaging Router 4.1.0.140 starting...
    23.05.2017 13:23:25 39AC I Setting ACE_FD_SETSIZE to 138
    23.05.2017 13:23:25 39AC I Initializing CORBA...
    23.05.2017 13:23:25 39AC I Connection cache limit is 10
    23.05.2017 13:23:25 39AC I Router::ConfigureSslContext: keeping legacy compatibility of TLS 1 and TLS 1.1.
    23.05.2017 13:23:25 39AC I Creating ORB runner with 4 threads
    23.05.2017 13:23:25 39AC W No public key certificate found in the store. Requesting a new certificate.
    23.05.2017 13:23:25 39AC I Getting parent router IOR from 192.168.1.4:8192
    23.05.2017 13:23:25 39AC I This computer is part of the domain ATTWOODCAMBODIA
    23.05.2017 13:23:47 39AC I This computer is part of the domain ATTWOODCAMBODIA
    23.05.2017 13:23:47 39AC I Getting parent router IOR from fe80::d53f:5135:64bd:7c9e:8192
    23.05.2017 13:23:47 39AC E ACE_INET_Addr::ACE_INET_Addr: fe80::d53f:5135:64bd:7c9e: Authoritive: Host not found
    23.05.2017 13:23:47 39AC W Parent address unknown: Authoritive: Host not found (11001)
    23.05.2017 13:23:47 39AC I Getting parent router IOR from terminal2.attwoodcambodia.local:8192
    23.05.2017 13:24:08 39AC I Getting parent router IOR from terminal2:8192
    23.05.2017 13:24:29 39AC I This computer is part of the domain ATTWOODCAMBODIA
    23.05.2017 13:24:29 39AC E Failed to get parent router IOR
    23.05.2017 13:24:29 39AC W Failed to get certificate, retrying in 600 seconds
    23.05.2017 13:34:30 39AC I Getting parent router IOR from 192.168.1.4:8192
    23.05.2017 13:34:51 39AC I Getting parent router IOR from fe80::d53f:5135:64bd:7c9e:8192
    23.05.2017 13:34:51 39AC E ACE_INET_Addr::ACE_INET_Addr: fe80::d53f:5135:64bd:7c9e: Authoritive: Host not found
    23.05.2017 13:34:51 39AC W Parent address unknown: Authoritive: Host not found (11001)
    23.05.2017 13:34:51 39AC I Getting parent router IOR from terminal2.attwoodcambodia.local:8192
    23.05.2017 13:35:12 39AC I Getting parent router IOR from terminal2:8192
    23.05.2017 13:35:33 39AC E Failed to get parent router IOR
    23.05.2017 13:35:33 39AC W Failed to get certificate, retrying in 600 seconds
    23.05.2017 13:45:33 39AC I Getting parent router IOR from 192.168.1.4:8192
    23.05.2017 13:45:54 39AC I Getting parent router IOR from fe80::d53f:5135:64bd:7c9e:8192
    23.05.2017 13:45:54 39AC E ACE_INET_Addr::ACE_INET_Addr: fe80::d53f:5135:64bd:7c9e: Authoritive: Host not found
    23.05.2017 13:45:54 39AC W Parent address unknown: Authoritive: Host not found (11001)
    23.05.2017 13:45:54 39AC I Getting parent router IOR from terminal2.attwoodcambodia.local:8192
    23.05.2017 13:46:16 39AC I Getting parent router IOR from terminal2:8192
    23.05.2017 13:46:37 39AC E Failed to get parent router IOR
    23.05.2017 13:46:37 39AC W Failed to get certificate, retrying in 600 seconds
    23.05.2017 13:56:37 39AC I Getting parent router IOR from 192.168.1.4:8192
    23.05.2017 13:56:58 39AC I Getting parent router IOR from fe80::d53f:5135:64bd:7c9e:8192
    23.05.2017 13:56:58 39AC E ACE_INET_Addr::ACE_INET_Addr: fe80::d53f:5135:64bd:7c9e: Authoritive: Host not found
    23.05.2017 13:56:58 39AC W Parent address unknown: Authoritive: Host not found (11001)
    23.05.2017 13:56:58 39AC I Getting parent router IOR from terminal2.attwoodcambodia.local:8192
    23.05.2017 13:57:19 39AC I Getting parent router IOR from terminal2:8192
    23.05.2017 13:57:40 39AC E Failed to get parent router IOR
    23.05.2017 13:57:40 39AC W Failed to get certificate, retrying in 600 seconds
    23.05.2017 14:07:41 39AC I Getting parent router IOR from 192.168.1.4:8192
    23.05.2017 14:08:02 39AC I Getting parent router IOR from fe80::d53f:5135:64bd:7c9e:8192
    23.05.2017 14:08:02 39AC E ACE_INET_Addr::ACE_INET_Addr: fe80::d53f:5135:64bd:7c9e: Authoritive: Host not found
    23.05.2017 14:08:02 39AC W Parent address unknown: Authoritive: Host not found (11001)
    23.05.2017 14:08:02 39AC I Getting parent router IOR from terminal2.attwoodcambodia.local:8192
    23.05.2017 14:08:23 39AC I Getting parent router IOR from terminal2:8192
    23.05.2017 14:08:44 39AC E Failed to get parent router IOR
    23.05.2017 14:08:44 39AC W Failed to get certificate, retrying in 600 seconds

  • 0 in reply to Sophoan KHIEU

    Hello Sophoan KHIEU,

    the log suggests that this computer can't connect to terminal2's port 8192 - it has tried with IPv4, IPv6, FQDN and NetBIOS name. Any chance that a firewall is blocking the connection (note: port 8194 also needs to be accessible)?

    Christian

  • 0 in reply to QC

    Dear Christian,

    There are 50 client computers has disconnected since I've updated windows server and setup Microsoft security on Sophos Enterprise Console sever.

    Could you please kindly advise to allow any port for all clients to connect back but it's still can update from the console server.

     

    Thanks and all the best!

  • 0 in reply to Sophoan KHIEU

    Hello Sophoan KHIEU,

    please see Access to computers with firewalls and Firewall exceptions for RMS.
    Please note that this is communication - the Disconnected status applies only to management (RMS), it doesn't tell whether the endpoint can and does update or not. If the endpoint is Connected it will report whether updating works or not.

    Christian

  • 0 in reply to QC

    Dear Christian,

     

    I've allowed TCP port 8192 [TCP], and 8194[TCP] on Sophos Enterprise Console server and the client computers connection is working back.

    Thank you so much!

     

    With all the best,

Unfiltered HTML