Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 16 subscribers
  • Views 9967 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Management Communication won`t work

Tobias Kittsteiner

Hello,

I am sorry for asking again but I have another problem regarding the communication between Sophos Endpoint and Sophos Central.

 

In our network we use an user authenticated proxy to connect to the internet.

I created a special user for the connection between the endpoints and Sophos Central. This user authenticates on the proxy without any problems.

 

These are the setting in Sophos Central:

After configuring the Proxy in Sophos Central I downloaded the windows client and installed it on several devices.

Unfortunately these devices can`t communicate with Sophos Central:

 

The PCs itself have access to the internal network and to the external internet.

As soon as I connect the PCs to an external network (without proxy) the communication establishes and works without problems.

 

Are there any errors I made regarding the configuration?

-I inserted our proxy settings with tested credentials into Sophos Central

-After this I downloaded the client software and installed it on our PCs

-The PCs can connect to the internet but the endpoint software seems to ignore the proxy settings

-I also tried this solution but without any effect

 

Thank you for your help!



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    the McsClient log should have some details why it or what fails now. Apparently the install and registration worked with the correct switches.

    Christian

  • 0 in reply to QC

    Thank you for your answer!

    I checked the log and found many of this errors:

     

    [ 3776] INFO  [connect] trying server mcs-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
    [ 3776] INFO  [connect: configured proxy] trying proxy prx.COMPANY.de:8080
    [ 3776] INFO  GET mcs-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
    [ 3776] INFO  407 Proxy Authentication Required: sent=0 rcvd=0 elapsed=25ms
    [ 3776] INFO  [connect: system proxy] trying proxy http=prx.COMPANY.de:8080

     

    But I set the authentication in the Central?

    I even tried several different credentials. But every time I`ve got the same error.

  • 0 in reply to Tobias Kittsteiner

    Hello Tobias Kittsteiner,

    please post a longer section of the log, ideally a complete cycle of the communication attempt.
    Normally one can't send the credentials in advance as the server determines what schemes are acceptable. Thus usually a basic connection attempt is made, the server responds with 401/407 and an Authenticate header field and only then the credentials are used. Dunno the details of MCS' workings, whether it logs one or two attempts in this case, 25ms doesn't tell. Obviously it tries the system proxy next - probably with the same result. The rather obvious errors are often red herrings though.

    Christian

  • 0 in reply to QC

    Here you can find the complete McsClient.log:

    8875.McsClient.log

    I played a little bit around with our two proxies. But none of them seems to allow the connection.

    It seems that the authentication credentials aren`t provided?

    But like I mentioned, I inserted them in the Central. Also various other 'online-software' work without this problems.

  • 0 in reply to Tobias Kittsteiner

    Hello Tobias Kittsteiner,

    could you solve the problem?
    Indeed it looks like the credentials aren't supplied, both proxies return 407. Should have thought of it earlier - don't the proxies have a detailed log of failed connection attempts?

    Christian

  • 0 in reply to QC
    Hello QC, I am sorry for letting you wait. I told my colleague to add the exceptions in our proxy. But this problem still occure. I can update the endpoint without any problems. But the connection between Sophos Central and the endpoint won't be established.
  • 0 in reply to Tobias Kittsteiner

    Hello Tobias Kittsteiner,

    no problem.
    You say that updating (that AFAIK should use the same proxy) does work?

    Christian

  • 0 in reply to Tobias Kittsteiner

    I tried a clean reinstall of Sophos endpoint on a new PC.

    Still I receive errors regarding the proxy authentication:

     

    [11592] INFO  [connect: system proxy] trying proxy prx.COMPANY.de:8080

    [11592] INFO  GET mcs-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep

    [11592] INFO  407 Proxy Authentication Required: sent=0 rcvd=0 elapsed=4ms

     

    Is there another option to set the Authentication?

    I configured successfully tested proxy credentials into Sophos Central. I even tried four different credentials (After every change I reinstalled Sophos endpoint)

    All of my test PCs have a proper connection to the internet. All of them use the same proxy with the same authentication credentials (I test with the same user on all machines). Other software like Microsoft Office, various Browsers, Putty... can connect to the internet without any problems.

    The proxy authentication works via Integrated Windows Authentication (Active Directory). This means I only have to set the proxy address and port in the internet settings like this:

  • 0 in reply to QC

    Yes, the updates are working properly.

  • 0 in reply to Tobias Kittsteiner

    Hello Tobias Kittsteiner,

    I'm not a Central user so unfortunately I have no detailed knowledge of MCS or MCS vs. AutoUpdate. The article Shweta referred to also mentions AutoUpdate besides MCS Client. I'm somewhat surprised that one works but not the other (but then they might not share the same code).

    I'm always inquisitive and personally I'd give the custom log level a try (whether there's a request by Support or not [;)]) - dunno if indeed the 0 in the example is indeed debug. Of course you could open a ticket with Support. There's only one setting for both AU and MCS and I'm not aware of documented differences or limitations.

    Christian

  • +1 in reply to QC

    Out of interest, do you have a server that could act as a message relay, then allow the server out without going through the proxy in some way?

    This way, the clients should message via that.  Just an idea.  

    Regards,
    Jak

Reply
  • +1 in reply to QC

    Out of interest, do you have a server that could act as a message relay, then allow the server out without going through the proxy in some way?

    This way, the clients should message via that.  Just an idea.  

    Regards,
    Jak

Children
  • 0 in reply to jak

    Hello all!

     

    After I tried several options and configurations (including reinstall of the endpoints many, many times) I created a update cache and relay server.

    Our firewall specialist configured the ports 8190 and 8191 for the relay server.

    After that I am able to distribute the updates and configurations to the whole test environment.

     

    Thank you for your efforts!!

Unfiltered HTML