am kindly asking for some assistance with Sophos Endpoint Security and control v10.7 and Sophos Enterprise Console v5.5.0. at first it was working properly with no issues. but after a month, i found it had stopped working and shows no managed endpoints including server itself as connected. what could be the problem? and its just stuck on downloading binaries.
Hello Jeremiah Sakala,
if the server itself is also disconnected then its likely a communications error.
Guess you have checked that the Sophos services are running. Please see Update Manager stuck at Downloading Binaries for a potential cause and the solution.
Christian
I checked the services are running, but from task manager, the SophosUpdateMgr.exe is showing as not using the CPU, its just a constant "00". but i can also see that the Let me try the link and will update Manager folder in Program Files(x86)\Sophos is showing last modified with today's date.
Let me try the link and I will update
Hello Jeremiah Sakala,
it's the Router log which should give more insight, please drag it into the editor window so that it gets attached to the post.
The Not available in the Network Report is ok if it says server for the RMS router type.
Christian
Hello Jeremiah Sakala,
first of all, as already mentioned your server returns 4 profiles in the IOR with 169.254.128.169 as the first one. The 169.254.x.x addresses are perhaps not the best choice, you might consider using only one. BTW: Could you show your mrinit.conf (make sure it doesn't reveal anysensitive data).
You have apparently quite a number of messages queued in the Envelopes folder, at the moment the Router can't forward them to the management service (EM) and the messages about them clutter the log. You could move the temporarily to some other place (but this is not compulsory).
If I've counted correctly nine endpoints have successfully contacted the server and are trying to set up communication. The Router though seems to be unable to communicate internally (E Attempt to get client interface from non-local caller). Please check the last lines in the latest CertManager log in %ProgramData%\Sophos\Remote Management System\3\CertificationManager\Logs\ and the Msgn log in \%ProgramData%\Sophos\Sophos Endpoint Management\log\.
You probably can't remember what could have been changed at the time you've noticed that it had stopped working, do you?
Christian
Hi Christian,
Sorry i wasn't working from office yesterday. Any ideas how to get rid of the unwanted profiles in the IOR? I cant remember what happened or any changes that were made onto the server for it to stop working, I was on short leave from work and when i returned i just found that it was not showing any connected endpoints.
On Wednesday i tried to push installer on a PC on Network, it was able to install remotely, surprisingly. though still showing no connected endpoints. let me edit the mrinit.config and send. am working remotely today.
The mrinit details, i will just tell this, let me know if u need other details:
"NotifyRouterUpdate"="EM"
"ClitentIIOPPort"=dword:00002001
"ClientSSLPort"=dword:00002002
"ClientIORPort"=dword:00002000
"IORSenderPort"=dword:00002000
........
...........
........
"ServiceArgs"="
"MRParentAddress"="ServerIP, ServerMAC,<unknown>,ServerName"
"ParentRouterAddress"="ServerIP,ServerMAC,<unknown>,ServerName"
sorry, on the MRParentAddress & ParentRouerAddress, its the IPv6 of server not ServerMAC
Hello Jeremiah Sakala,
so there's just one ServerIP (is it the 192.x.x.x) and no FQDN?
If it is the 192.x.x.x please follow items A 3.-5. (ignore the rest) of the multiple IP addresses article. if that doesn't help do similarly for the Agent as outlined in with multiple IP addresses (item 2., the 2nd, 4th and 5th unnumbered point - please note that 127.0.0.1 in the 2nd point is likely a typo, it should be the ServerIP).
Christian
Hi Christian,
I followed the suggestions and removed all the files that were in C:\Program Data\Sophos\Update Manager\Working and saved them in another folder. I stopped all Sophos Services and restarted them, when i checked in Task Manager, the Sophos Update Manager seems to have started using the CPU. but will keep you posted on the outcome by Monday.
Hi Christian,
I followed the suggestions and removed all the files that were in C:\Program Data\Sophos\Update Manager\Working and saved them in another folder. I stopped all Sophos Services and restarted them, when i checked in Task Manager, the Sophos Update Manager seems to have started using the CPU. but will keep you posted on the outcome by Monday.
Hi Christian,
Just from checking the console, still shows not a single machine connected. would reinstalling the console maybe work?
Hello Jeremiah Sakala,
as said - I'm not sure whether at this point it enumerates all active interfaces or the IP(s) it is explicitly or implicitly configured to use. Don't have a system where I could test it.
There's a recent thread (in German) where disabling the additional (and unused) NIC seems to resolve a similar issue.
Christian
Hello Christian, Sorry for being quiet for so long, I was out of town on other duties. Today i after I tried everything we have discussed, i just thought of concentrating on the update manager, since I had done all settings you assisted me with, I reinstalled the SUM on the server without uninstalling anything and it worked. It was able to update the Update Manager and also the endpoints started showing up. You have been so helpful, much appreciated. i have even learned a lot about Sophos through this, i wonder if there's any part that we didn't cover, hahahaha. Once again, thank you Christian..
