There was a problem while establishing a connection to the server. Details: .

What is that strange event message about?

Note the "." behind Details:

I guess it had something to do with the Heartbeat issue we've had after upgrade Firewall to 18.5.2 but I've never seen that message before.

The machine had Heartbeat since 09:57:17.896Z / 10:57:17 local time - the time the update succeeded.

[2022-01-11 09:50:45.809Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:51:45.882Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:52:00.924Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:52:15.961Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:52:30.994Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:52:46.031Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:53:01.070Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:53:16.109Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:53:31.155Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:53:46.190Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error
[2022-01-11 09:54:01.244Z] INFO HBSession.cpp[26955]:504 logNewSession - New Session: [172.16.xxx.xxx]:29653 connected
[2022-01-11 09:54:01.393Z] INFO ModuleSacFirst.cpp[26955]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=172.16.xxx.xxx)
[2022-01-11 09:54:01.396Z] INFO EpStateListBroker.cpp[26955]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 70f913c3-xxxxx-xxxx-9f45-xxxxxxxxxxxxx(172.16.xxx.xxx)
[2022-01-11 09:54:02.654Z] INFO ModuleStatus.cpp[26955]:137 processMessageStatus - Status request received from endpoint: 70f913c3-xxxxx-xxxx-9f45-xxxxxxxxxxxxx (172.16.xxx.xxx) health: 1
[2022-01-11 09:57:08.164Z] WARN HBSession.cpp[26955]:344 bufferDisconnectEvent - Incoming connection from 172.16.xxx.xxx failed. SSL error:
[2022-01-11 09:57:10.375Z] INFO HBSession.cpp[26955]:504 logNewSession - New Session: [172.16.xxx.xxx]:56789 connected
[2022-01-11 09:57:10.425Z] INFO ModuleSacFirst.cpp[26955]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=172.16.xxx.xxx)
[2022-01-11 09:57:10.428Z] INFO EpStateListBroker.cpp[26955]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 70f913c3-xxxxx-xxxx-9f45-xxxxxxxxxxxxx(172.16.xxx.xxx)
[2022-01-11 09:57:17.896Z] INFO ModuleStatus.cpp[26955]:137 processMessageStatus - Status request received from endpoint: 70f913c3-xxxxx-xxxx-9f45-xxxxxxxxxxxxx (172.16.xxx.xxx) health: 1

Sophos Diagnostic Utility

Status
Not Running
Last Run
6 minutes ago (10:57)
File Name
079f313c-fd4d-d44e-f954-4a3f4d688250_2022-01-11-10-07-25.zip


SDU
[bearbeitet von: LHerzog um 10:14 AM (GMT -8) am 11 Jan 2022]
Parents
  • Hi LHerzog,

    Thanks for reaching out to us and sharing your logs.

    The informational events generated are due to updating failures on the affected device. I can see a number of errors similar to "2022-01-11T09:32:01.493Z [14852:10492] E No reachable update locations" leading up to the time at which the update proceeded successfully. 

    I suspect the network connectivity may have also played a part in things. The endpoint cached the recent update failures and reported them up to Sophos Central in a short time span which is why we see a few events with the same timestamp. 

    Originally I was confused by the error, but searching this in our knowledge base returned the following KBA (although a bit older) which leads me to believe this is related to updating.
    - Sophos Endpoint Security and Control: There was a problem while establishing a connection to the server

    I don't believe the contents of the KBA above will be relevant to the issue encountered as I was not able to find any event ID 1329 in the logs shared, however, the issue does appear to be related to updating.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi LHerzog,

    Thanks for reaching out to us and sharing your logs.

    The informational events generated are due to updating failures on the affected device. I can see a number of errors similar to "2022-01-11T09:32:01.493Z [14852:10492] E No reachable update locations" leading up to the time at which the update proceeded successfully. 

    I suspect the network connectivity may have also played a part in things. The endpoint cached the recent update failures and reported them up to Sophos Central in a short time span which is why we see a few events with the same timestamp. 

    Originally I was confused by the error, but searching this in our knowledge base returned the following KBA (although a bit older) which leads me to believe this is related to updating.
    - Sophos Endpoint Security and Control: There was a problem while establishing a connection to the server

    I don't believe the contents of the KBA above will be relevant to the issue encountered as I was not able to find any event ID 1329 in the logs shared, however, the issue does appear to be related to updating.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data