Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 14 subscribers
  • Views 5570 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Message relay on client machines

JustinTL

Hi all,

A server was setup as a Message Relay and immediately a large number of computers set themselves to use that Message Relay.  The Message Relay was removed shortly afterwards and no other Message Relays exist on the network.

Quote from the help article at URL

https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/UpdateCaches.html

"If you remove all of your message relays, computers will communicate directly with Sophos Central."

This hasn't happened and we have approx 60 computers still trying to use the removed Message Relay so they are not able to communicate their status to Sophos Central

The only way I can see to change this is to reinstall the client software.

I have tried changing the file MessageRelayConfig.xml in C:\ProgramData\Sophos\Management Communications System\Endpoint\Config to remove reference to the old Message Relay then stopping and starting the MCS services which has made no difference. 

Is there another way to 'reset' these machines so they communicate with Sophos Central rather than the non-existent Message Relay?  Having to disable tamper protection and reinstall the software on all those machines manually is not something to look forward to!

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Not a situation I have been in but given the name the clients are trying to resolve to talk to the old relay - does that exist resolve? Does the machine still exist just without the role? I’d be curious to break resolution on a client using just the hosts file as a test. Does it fall back to Sophos then?

  • 0 in reply to jak

    Reading through the MCSClient.log file, it looks like the system is trying the message relay first and then going direct and because we use a proxy the software is unable to connect. 
    The message relay setting replaces the proxy server setting as running the SDU and looking under Management Communications, the connection details show the proxy for most computers but the message relay for the affected computers. If no message relays are available then it looks like the proxy settings are not put back again or used. 
    Running the SophosSetup with the proxy switch then puts the proxy settings back. I tried replacing various files in the C:\ProgramData\Sophos\Management Communications System\Endpoint folder to no avail so I guess I'll just have to do it manually.
    Hope this makes sense!

    Thanks
    Justin

Reply
  • 0 in reply to jak

    Reading through the MCSClient.log file, it looks like the system is trying the message relay first and then going direct and because we use a proxy the software is unable to connect. 
    The message relay setting replaces the proxy server setting as running the SDU and looking under Management Communications, the connection details show the proxy for most computers but the message relay for the affected computers. If no message relays are available then it looks like the proxy settings are not put back again or used. 
    Running the SophosSetup with the proxy switch then puts the proxy settings back. I tried replacing various files in the C:\ProgramData\Sophos\Management Communications System\Endpoint folder to no avail so I guess I'll just have to do it manually.
    Hope this makes sense!

    Thanks
    Justin

Children
Unfiltered HTML