Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

POPIMAPDEAMON is dead after updating to SFOS 19

Hi, I have the following problem and hope somebody knows this error.

Today I upgrade my Sophos XG Software Appliance from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317. After restart my XG gives me a red status for services with the following massage "POPIMAPDeamon" Dead.

After I got this massage I make a SSH connection to the XG and show wich services are running.

By showing the services I saw that the service "warren" is dead and tried to start it.

Additional Informations:

- I haven´t import or change any certificate settings on the Sophos XG

- This service is used only for backup my Sophos XG via mail

- If I go back to SFOS 18.5.3 MR-3-Build408 the service works probably fine

This thread was automatically locked due to age.
  • Hi,

    please review this thread to see if it might help you?

    imap service issue


    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you for response. This thread wasn‘t the answer of my problem. Today I found the solution.

  • Today I found the solution.


    First I was watching the warren.log

    • Make an SSH connection
    • Open the advanced shell
    • cd /log 3. tail -f warren.log

    After that I saw that the problem is with the default certificate of the appliance.

    The solution was to do the following steps.

    1. Chang the CA settings

    • Login to your Sophos XG
    • Go to Certificates
    • Go to Certificate authorities
    • Click on edit by the CA called Default
    • Set here state, company and mail
    • Save

    2. Regenerat the ApplianceCertificate

    • Go to Certificates
    • Click on the gear behind ApplianceCertificate
    • Accept the popup message

    3. Start the warren service

    • Start an SSH connection
    • Open the advanced shell
    • service warren:start -dsnosync

    After that the service is running without any problems.

  • Hello, I have exact same issue, however, after following all 3 of your steps, I still get the failed service and ther below errors in the warren.log

    ERR May 25 17:04:44Z [4160022272]: reading private key '/conf/certificate/capr ivate/Default.key' failed for 'error:06065064:digital envelope routines:EVP_Decr yptFinal_ex:bad decrypt'
    CRT May 25 17:04:44Z [4160022272]: FATAL: /cfs/proxy/warren/conf/policy.conf : ERROR - init_policy_config

    when I tried to restart the warren service, I get 

    XGS107_SN01_SFOS 19.0.0 GA-Build317# service warren:start -dsnosync
    503 Service Failed

  • This fixed it for me.  Thank you

  • Hi Team, 

    In case the 3 steps mentioned by Jack_St did not work for you, what you can also try is as follows:

    1. Email > General Settings > POP and IMAP TLS Configuration and changed the TLS certificate from Default to SecurityAppliance_SSL_CA

    2. Login to CLI > Device Management > Advanced Shell and type service warren:restart -dsnosync

    3. Verify it by service -S | grep warren and it should be running now.