This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web gui not accessible - Firewall ist starting - Sophos XG - Tomcat Server DEAD can't be restarted

Sohos XG 18.0.5 MR-5-Build 586

Hi,

I'm not able to connect to my Sophos XG via web gui and SSH.
The web gui states 'Firewall is starting' all the time. SSH states 'remote side unexpectedly closed network connection'.

I followed the steps in this KB: https://support.sophos.com/support/s/article/KB-000038694?language=en_US#Check-and-restart-service-status

But it's not possible to restart or start the service at all. It always gives '503 Service Failed'.
How can I fix this without restarting the XG?

kind regards

Dirk

This thread was automatically locked due to age.

Top Replies

Dirk Stolle over 3 years ago +2 suggested

Hi there, today I solved the problem. Sounds a little bit strange but it was due to an SSD failure. After rebooting the Sophos XG, there were several errors while booting. I figured out that the…

0 LuCar Toni over 3 years ago

Sounds like the tomcat is completely dead. You should contact Support to get the logs analyzed.

If you want to look for yourself: Check /log/tomcat.log and /log/apache.log

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 3 years ago

Hi Dirk Stolle,

Thank you for reaching out to Sophos Community.

Follow the steps below to check csc.log and tomcat.log events.

==> Login to SSH > 5. Device Management > 3. Advanced Shell

==> Put csc service in debug.

# csc custom debug

==> Run below command and restart tomcat service from other SSH window.

# tail -f /log/tomcat.log

==> Collect the output of below commands as well.

# cat /log/csc.log | grep -i "tomcat"

# tail -n 50 /log/error_log.log

# tail -n 50 /log/apache.log

# ls -lahr /var/cores

# df -kh

==> Stop csc debugging with below command.

# csc custom debug

==> Share session output here or in PM.
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog over 3 years ago in reply to FormerMember

Unknown said:
==> Login to SSH >

I think he cannot access SSH at all. Image above looks like a photo taken. So he probably also needs to mount external media to put the logs there.

Dirk Stolle have you already tried to kill tomcat

ps |grep tomcat

XG430_WP02_SFOS 18.0.5 MR-5-Build586# ps | grep tomcat
tomcat 1607 1556 root 27844 24572 S {tomcat} csc -L 3 -w -c

note the PID (here 1607)

kill 1607 (the PID)
Cancel
Vote Up 0 Vote Down

Cancel
0 Dirk Stolle over 3 years ago in reply to LHerzog

Hi LHerzog,

thats right, I can't connect via SSH since it gives a "remote side unexpectedly closed network connection'".
I can only connect via serial connection.

I did not kill the process yet. But I stopped the process using "service tomcat:stop -ds nosync". After doing so, it gives a message like "process already stopped" and the status of the process is set to STOPPED instead of DEAD. When I try to restart it again..->. 503 service failed ... and status ist DEAD again.

Meanwhile I tried to restart the apache service, just in case. Now I do have the same issue with that process - 503 service failed.

The apache.log is empty, by the way.

Actually I'm not in the office, I will try killing the processes, when I'm back there, maybe tomorrow or the day after.. I will report back then.

Thank you all for your support and time on this!

best regards

Dirk
Cancel
Vote Up 0 Vote Down

Cancel
0 Dirk Stolle over 3 years ago

Hi there,

today I solved the problem.

Sounds a little bit strange but it was due to an SSD failure.

After rebooting the Sophos XG, there were several errors while booting. I figured out that the SSD is corrupted. After replacing the SSD, re-imaging and restoring my backup, everything runs fine now.

Thank you all for your support.

kind regards

Dirk
Cancel
Vote Up +2 Vote Down

Cancel