Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
I am setting up server 2019 std with Hyper V role and installed XG As a virtual machine. all went well until i rebooted it after successfully registering it. It hangs at 'stopping'. if you rt click the VM and choose shut down, same issue. Windows server vm work fine. anyone seen this? works fine on 2012.
Hi Daniel Twinn There's nothing reported for XG VM on Hyper V 2019 as of now, I would request you to check with guide- https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/PDF/sfos_hyperv_sg.pdf
In reply to Keyur:
Yes a great guide and i did refer to it but alas it is for older servers. this is an issue with compatibility not installation. Hyper v 2019 VM management hangs when backup runs and checkpoint is created when XG VM is installed, backup fails and is left i 1/2 running state that only reboot will fix, server hangs when rebooted unless you end task of vm manager first. put it on 2012 and it works fine , backs up fine, nothing goes wrong. 2019 no work there!i am now testing the server with XG VM removed. stay tuned.
In reply to Daniel Twinn:
So XG malfunctions on server 2019 hyper-v with no services selected, after running an hour, is unable to shut down using the 7, s commands. server reboot only fix.
Same here. XG would not shutdown normally. Have to stop the hyper-v services to hard shutdown the VM.
In reply to itguy318:
Hi Daniel Twinn and @dylanr,It would be great if you could share more details and your observation on the reported issue, it would help us to assist you better.
Hi Daniel Twinn and dylanr,I would request you to get in touch with technical support and open a service request. We required to check the issue in live to capture the logs to understand the scenario.Please PM the service request number.
i would suggest you Build a server with windows server 2019 , install hyper v, then deploy an XG VM and then set up windows backup, schedule a job, let it run and see the results for yourself. VM will not shut down, stopping................ never gets there and HV manager will hang when you try to recover. then you see backup fails after about a hour in event logs, B-up console shows nothing, HV manager thinks back up is still running as all VM status says 'backing up......'. Then end the task is only way or server will hang on reboot. After restart and XG is good again, until the next backup. HV console normal backup console show failure, " timed out before shared protection point was................... i wiped the drive and reinstalled, no change.
also if XG VM is off or removed server works normally.
also when tested on server 2012 all integrated services are enabled except guest. So some code has changed on server 2019 and XG is not compatible.
Just a shot in the dark but I have been going through the changes of 2019 vs 2016. There may be some new feature in 2019 that may stick out. There is a list here-
Hyper-V Guest Backup has been modified in Server 2016 and 2019 and requires updated Hyper-V Integration Services components within the guest. I suspect that the XG codebase isn't up-to-date in this regard.
The workaround is to disable Backup (volume shadow copy) within the guest VM configuration. This will revert to the guest VM being backed up using Saved state. The guest VM will be offline for the time it takes to put the guest VM into a saved state along with coordinating all other VMs to take a VSS snapshot so that the Hyper-V host can take a point-in-time consistent backup. If this isn't acceptable then remove the guest VM from being backed up and factor in a manual backup of the guest VM as part of your maintenance schedule. Backing up the guest VM configuration file(s) and VHD/VHDX(s) along with their paths is sufficient enough to be able to import them into a working Hyper-V system in the event of a Hyper-V host failure.
FWIW this isn't just limited to the XG virtual machine image - all Linux and FreeBSD VMs with outdated (or just plain broken) Integration Services components exhibit this same backup misbehaviour.
Running a V18 EAP and was running a V17.5 on HV 2019 with no issues but only in lab, it did shutdown fine however
In reply to ChrisKnight:
As i mentioned in previous post even with NO integration services selected in the configuration of the guest VM for XG, that means backup and shadow are NOT selected, backup will fail, server will malfunction and hang if rebooted if XG VM is running on Hyper v server and windows back up runs. if XG VM is off it works fine. And it still tries live backup, no saved state. So that workaround is not effective.
Consider this scenario;
remove XG VM from hyper V.
run backup configuration while XG VM is absent.*1
Import XG VM into Hyper V no integration components selected.
Do not rerun Windows backup configuration.
backup runs successfully! XG is not 'saved' during shadow copy not does it appear in backup results. running live whole time.
on next backup backup fails at create shadow copy
XG VM can not be shut down or rebooted using the command line menu after logged in as admin or by adding integration component and rt click for menu.
All windows VM's cannot be shut down/rebooted either.
The Hyper visor management service (vmms.exe)cannot be stopped using net stop commands, stuck at 'stopping'
If you restart server with out ending the vmms.exe service server will hang during shutdown trying to stop that service.
Hold power button only way to recover. Or kill vmms.exe and restart service. Interesting that windows VM can be shut down using rt click menu but XG still trying to shut down.
any attempt to correct XG VM hangs vmms.exe
If you stop service before shutting down server will restart and XG VM will be running happily when you check .....until the next backup runs.
Clearly there are 2 workarounds. remove XG VM and use something else. Or have vendor fix code that is not compatible, Microsoft and/or Sophos. Something that is triggered by running backup or one of its components.
all other methods do not allow for reliable server. problem goes away when XG VM is not on server running! Must be off or removed backup will run weeks without issue.
This issue is holding up a server deployment.
*1 imagine trying to remember to do this each time you needed to modify the backup.
I vaguely remember a similar problem when FreeBSD's Hyper-V Integration Components were broken - even with the Guest VM services turned off, the FreeBSD components were still registering services with the Hyper-V host. From memory the only way around this was to disable the Hyper-V kernel modules within the Guest VM.
What happens if you modify the Windows Server Backup configuration to exclude the XG VM and then run a backup?