Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 15 subscribers
  • Views 12771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Regular health service failures across multiple devices

Harley Thorne

Hi guys,

 

I'm posting on here as I'm not sure where to go from here to be honest. The Health Service on our Sophos clients fairly frequently fails, and will never start again. Or at least, I've had no success yet.

 

This has happened over probably about ten of our 80 clients, and it's becoming a real pain. Thought i'd give this forum a go, as I'm certainly no expert in Sophos

 

This is the error in the Sophos UI, notice I am logged in as admin, I've tried disabling tamper protection in Settings but even though it toggles, it reverts back to ON if I change tab and go back in.

 

I cannot disable tamper protection as it is not receiving it from the server. Well, at least, that's usually the problem. On one of the machines tamper protection can be disabled with the PW but even once disabled it doesn't allow me to uninstall it - maybe suggests Sophos cannot write to the registry as required?

 

Please find the health log here:

2017-03-20T12:43:33.593Z [ 8024] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-20T12:43:33.593Z [ 8024] INFO  WinMain Starting version 2.0.3.32 of the Sophos Health Service.
2017-03-20T12:43:33.593Z [ 8024] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-20T12:43:35.187Z [ 7136] INFO  ServiceCheck::Run SAU Policy Features have changed: APPCNTRL AV CORE DLP DVCCNTRL HBT NTP SAV SDU WEBCNTRL
2017-03-20T12:43:35.187Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'sophossps' returned: 1060
2017-03-20T12:43:35.187Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SophosDataRecorderService' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Device Control Service' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Heartbeat' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SntpService' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SAVService' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SAVAdminService' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Web Control Service' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_service' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_filter' returned: 1060
2017-03-20T12:43:35.203Z [ 7136] INFO  ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period
2017-03-20T12:43:37.766Z [ 4368] INFO  NamedPipeServer::AcceptWorker Client has connected to pipe
2017-03-20T12:43:38.281Z [ 4368] INFO  NamedPipeServer::AcceptWorker Client has connected to pipe
2017-03-20T12:43:38.797Z [ 4368] INFO  NamedPipeServer::AcceptWorker Client has connected to pipe
2017-03-20T12:43:39.297Z [ 4920] INFO  NamedPipeServer::ClientConnectionWorker Disconnecting client from pipe, as client has exited
2017-03-20T12:43:39.313Z [ 4368] INFO  NamedPipeServer::AcceptWorker Client has connected to pipe
2017-03-20T12:43:39.813Z [ 7008] INFO  NamedPipeServer::ClientConnectionWorker Disconnecting client from pipe, as client has exited
2017-03-20T12:43:50.485Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: sophossps
2017-03-20T12:43:50.485Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: SophosDataRecorderService
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Device Control Service' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Heartbeat' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SntpService' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SAVService' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SAVAdminService' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Web Control Service' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_service' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_filter' returned: 1060
2017-03-20T12:43:50.485Z [ 7136] INFO  ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Device Control Service' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Heartbeat' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SntpService' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SAVService' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SAVAdminService' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Web Control Service' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_service' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_filter' returned: 1060
2017-03-20T12:44:05.845Z [ 7136] INFO  ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period
2017-03-20T12:44:21.049Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Device Control Service' returned: 1060
2017-03-20T12:44:21.049Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Heartbeat' returned: 1060
2017-03-20T12:44:21.049Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SntpService' returned: 1060
2017-03-20T12:44:21.049Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: SAVService
2017-03-20T12:44:21.049Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: SAVAdminService
2017-03-20T12:44:21.049Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: Sophos Web Control Service
2017-03-20T12:44:21.049Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_service' returned: 1060
2017-03-20T12:44:21.049Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'swi_filter' returned: 1060
2017-03-20T12:44:21.049Z [ 7136] INFO  ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period
2017-03-20T12:44:36.784Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: Sophos Device Control Service
2017-03-20T12:44:36.784Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'Sophos Heartbeat' returned: 1060
2017-03-20T12:44:36.784Z [ 7136] WARN  ServiceHelper::GetServiceStatus OpenService() for 'SntpService' returned: 1060
2017-03-20T12:44:36.784Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: swi_service
2017-03-20T12:44:36.784Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: swi_filter
2017-03-20T12:44:36.784Z [ 7136] INFO  ServiceCheckLogic::CalculateResult Ignored service check results: during update grace period
2017-03-20T12:44:52.441Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: Sophos Heartbeat
2017-03-20T12:44:52.441Z [ 7136] INFO  ServiceHelper::GetServiceStatus No longer failing to open service: SntpService
2017-03-20T12:44:58.363Z [ 3588] INFO  DatabaseAccessor::AddEvent Processing event id: 29efbddb-cab0-4c99-bf53-88dd50bd2926
2017-03-20T12:44:58.410Z [ 3588] INFO  DatabaseAccessor::UpdateHealthCategories Health state has changed to - Overall: 1, Service: 0, Threat: 0
2017-03-21T13:02:43.182Z [ 4368] INFO  NamedPipeServer::AcceptWorker Client has connected to pipe
2017-03-21T13:02:44.195Z [ 5660] INFO  NamedPipeServer::ClientConnectionWorker Disconnecting client from pipe, as client has exited
2017-03-21T17:45:47.977Z [ 6532] INFO  NamedPipeServer::ClientConnectionWorker Disconnecting...
2017-03-21T17:45:47.977Z [ 7556] INFO  NamedPipeServer::ClientConnectionWorker Disconnecting...
2017-03-21T17:45:48.181Z [ 4368] INFO  NamedPipeServer::AcceptWorker Client has disconnected from pipe - cleaning up
2017-03-21T17:45:48.181Z [ 8024] INFO  WinMain The service was stopped.
2017-03-21T17:46:58.912Z [ 1932] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-21T17:46:59.037Z [ 1932] INFO  WinMain Starting version 2.0.3.32 of the Sophos Health Service.
2017-03-21T17:46:59.037Z [ 1932] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-21T17:47:10.194Z [ 3416] ERROR BaseServiceImpl::Run 2000: Could not start the service. Failed to write registry key. Error: 5 Key='SOFTWARE\Sophos\Health\ThreatNotification' Value Name='Severity'
2017-03-21T17:47:10.272Z [ 1932] INFO  WinMain The service was stopped.
2017-03-23T10:49:36.774Z [ 7328] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-23T10:49:36.774Z [ 7328] INFO  WinMain Starting version 2.0.3.32 of the Sophos Health Service.
2017-03-23T10:49:36.774Z [ 7328] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-23T10:49:46.775Z [ 2992] ERROR BaseServiceImpl::Run 2000: Could not start the service. Failed to write registry key. Error: 5 Key='SOFTWARE\Sophos\Health\ThreatNotification' Value Name='Severity'
2017-03-23T10:49:46.775Z [ 7328] INFO  WinMain The service was stopped.
2017-03-23T10:55:44.003Z [ 2136] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-23T10:55:44.004Z [ 2136] INFO  WinMain Starting version 2.0.3.32 of the Sophos Health Service.
2017-03-23T10:55:44.004Z [ 2136] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-23T10:55:54.007Z [ 6820] ERROR BaseServiceImpl::Run 2000: Could not start the service. Failed to write registry key. Error: 5 Key='SOFTWARE\Sophos\Health\ThreatNotification' Value Name='Severity'
2017-03-23T10:55:54.008Z [ 2136] INFO  WinMain The service was stopped.
2017-03-23T11:14:16.100Z [ 9460] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-23T11:14:16.100Z [ 9460] INFO  WinMain Starting version 2.0.3.32 of the Sophos Health Service.
2017-03-23T11:14:16.100Z [ 9460] INFO  WinMain ----------------------------------------------------------------------------------------------------
2017-03-23T11:14:26.106Z [ 9668] ERROR BaseServiceImpl::Run 2000: Could not start the service. Failed to write registry key. Error: 5 Key='SOFTWARE\Sophos\Health\ThreatNotification' Value Name='Severity'
2017-03-23T11:14:26.108Z [ 9460] INFO  WinMain The service was stopped.

The registry entries under HKLM/Software/Wow6432Node\Sophos\Health\Status also appear to match those of a working machine:

I am totally stumped to be honest. Any advice greatly appreciated.

Thanks,
Harley



This thread was automatically locked due to age.
Parents Reply Children
Unfiltered HTML