Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange issue with Security Heartbeat

Hello,

we have noticed a strange issue with Security Heartbeat. Devices often only gain access to the network several minutes after booting. The Heartbeat.log on the endpoint says that the connection initially failed. The heartbeatd.log on the firewall does not contain any recent entries.

Heartbeat.log

2023-02-23T09:36:02.846Z [17344: 8016] A Connection failed.
2023-02-23T09:40:54.412Z [17344: 8016] A Connection succeeded.
2023-02-23T09:40:54.413Z [17344: 8016] A Connected to '81d5633d-0d85-4824-98e4-858c87c7a273' at IP address 52.5.76.173 on port 8347
2023-02-23T09:40:54.413Z [17344: 8016] A Sending network status
2023-02-23T09:40:54.413Z [17344: 8016] A The network status has changed, the Firewall may disconnect.
2023-02-23T09:40:54.415Z [17344: 8016] A Received request to enable enhanced application control
2023-02-23T09:40:54.415Z [17344: 8016] A Sending endpoint state list request
2023-02-23T09:40:54.416Z [17344: 8016] A Sending login status.
2023-02-23T09:40:54.416Z [17344: 8016] A User: USERNAME
2023-02-23T09:40:54.416Z [17344: 8016] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-02-23T09:40:54.417Z [17344: 8016] A Received response to endpoint state list request, size: 1
2023-02-23T09:42:00.950Z [17344: 8016] A Received request to disable enhanced application control for C:\program files (x86)\microsoft\edge\application\msedge.exe

heartbeatd.log (there are no newer entries)

[2021-11-30 15:00:20.057] INFO HBSession.cpp[6743]:502 logNewSession - New Session: [172.16.12.74]:8387 connected
[2021-11-30 15:00:20.103] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <c25ece7d-a04e-4005-820c-b1a12624518e>: <5> -> <1>
[2021-11-30 15:00:20.103] INFO ModuleSacFirst.cpp[6743]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=172.16.12.74)
[2021-11-30 15:00:20.106] INFO EpStateListBroker.cpp[6743]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: c25ece7d-a04e-4005-820c-b1a12624518e(172.16.12.74)
[2021-11-30 15:00:23.823] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:00:29.925] INFO ModuleStatus.cpp[6743]:138 processMessageStatus - Status request received from endpoint: c25ece7d-a04e-4005-820c-b1a12624518e (172.16.12.74) health: 1
[2021-11-30 15:01:00.359] INFO SacProcessor.cpp[6743]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <c25ece7d-a04e-4005-820c-b1a12624518e>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
[2021-11-30 15:01:24.061] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:01:27.699] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:07:22.260] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events.
[2021-11-30 15:09:04.494] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:13:16.599] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:13:44.482] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:15:17.622] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:15:24.041] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:16:27.738] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:21:25.037] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:26:04.897] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:28:16.624] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:30:17.652] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:30:24.252] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:31:27.788] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:33:45.548] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:38:25.333] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:43:16.648] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:45:17.685] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:45:24.498] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:46:06.073] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:46:27.828] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:50:45.751] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:52:23.285] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events.
[2021-11-30 15:58:16.722] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:58:26.637] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:00:17.719] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:00:24.741] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:01:27.860] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:03:06.144] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:10:22.523] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:10:47.203] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:13:16.701] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:15:17.752] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:15:24.960] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:15:26.535] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:16:27.904] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:18:41.526] INFO SacProcessor.cpp[6743]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <e97fa787-de12-4693-86dc-6fdbf77e051c>, Application path :C:\134program files (x86)\134microsoft\134edgeupdate\134microsoftedgeupdate.exe
[2021-11-30 16:20:54.552] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:23:07.807] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:25:42.408] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:27:46.955] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:28:16.725] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:29:45.841] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:30:17.778] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:30:25.179] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:31:27.940] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:32:08.488] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:34:20.903] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:35:28.345] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:37:25.183] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events.
[2021-11-30 16:40:07.373] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:41:06.825] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:43:16.741] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:45:17.808] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:45:25.411] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:46:27.977] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:47:48.809] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:52:27.788] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:58:16.761] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:06.391] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:09.333] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:17.846] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:25.617] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:44.444] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:01:14.856] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <56a453ce-bbef-4fab-b721-d8435c1ef48b>: <1> -> <3>
[2021-11-30 17:01:44.448] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <c25ece7d-a04e-4005-820c-b1a12624518e>: <1> -> <3>
[2021-11-30 17:04:48.263] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System[2021-11-30 17:04:48.263] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System

How to fix this problem?

Best regards

Gerhard



This thread was automatically locked due to age.
Parents
  • We have disabled the Security Heartbeat for the time being. The environment is running again with the usual reliability. Problem solved in a way.

  • But that can't really be the solution. We chose Sophos because of the Heartbeat feature. But have these extreme problems with which a normal business operation is then also not possible. Sophos support does not help either. Firewall Team pushes it to Endpoint Team and vice versa. And it seems that this is not an unique case...

  • Hello, 

    I apologize you have faced this issue. May you share with us your support caseID via DM or by replying to this thread so we can track on our end. 

    Many thanks for your time and patience and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • We didn't contact the support this time, because the support hardly seems to know their own product and is quickly overwhelmed with more complex questions. Should a solution emerge, we would also be very interested in it; we have had to disable the security heartbeat in many environments. Availability is just as important as security.

  • Firewall Team pushes it to Endpoint Team and vice versa.

    that's how they do it. can confirm.

  • and recently, we're also having issues with clients that cannot connect either because of missing user authentication passed to the firewall or the heartbeat is not updated on the firewall. They sometimes sit there 15 minutes and cannot work. sometimes it works after a while or several reboots.

    example: Lenovo Yoga 9 machine connected to a thunderbolt docking station. dock is on LAN.

    User cannot work due to missing heartbeat.

    guess to wich device this MAC belongs:

    023-05-19 12:11:09.484Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:11:46.713Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:11:47.761Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:11:49.761Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:11:53.746Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:12:01.747Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:12:17.845Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:12:18.857Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:03.285Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:04.233Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:04.345Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:05.285Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:06.249Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:07.257Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:10.361Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown
    [2023-05-19 12:13:11.237Z] WARN GarnerEventHandler.cpp[9271]:45 update - mac address 04:7b:cb:7f:3e:cb is unknown

    client hb log

    2023-05-19T12:13:06.215Z [ 5388: 6460] A Sending network status
    2023-05-19T12:13:06.215Z [ 5388: 6460] A The network status has changed, the Firewall may disconnect.
    2023-05-19T12:13:06.215Z [ 5388: 6460] A Connection closed (network error).
    2023-05-19T12:13:07.285Z [ 5388: 6460] A Connection succeeded.
    2023-05-19T12:13:07.285Z [ 5388: 6460] A Connected to 'ed98a5bf-ede8-4fbd-xxxx-xxxxxxxxxxxxxxxxx' at IP address 52.5.76.173 on port 8347
    2023-05-19T12:13:07.285Z [ 5388: 6460] A Sending network status
    2023-05-19T12:13:07.285Z [ 5388: 6460] A The network status has changed, the Firewall may disconnect.
    2023-05-19T12:13:07.286Z [ 5388: 6460] A Connection closed (network error).
    2023-05-19T12:13:08.356Z [ 5388: 6460] A Connection succeeded.
    2023-05-19T12:13:08.356Z [ 5388: 6460] A Connected to 'ed98a5bf-ede8-4fbd-xxxx-xxxxxxxxxxxxxxxxx' at IP address 52.5.76.173 on port 8347
    2023-05-19T12:13:08.356Z [ 5388: 6460] A Sending network status
    2023-05-19T12:13:08.356Z [ 5388: 6460] A The network status has changed, the Firewall may disconnect.
    2023-05-19T12:13:08.357Z [ 5388: 6460] A Connection closed (network error).
    2023-05-19T12:13:09.416Z [ 5388: 6460] A Connection succeeded.
    2023-05-19T12:13:09.417Z [ 5388: 6460] A Connected to 'ed98a5bf-ede8-4fbd-xxxx-xxxxxxxxxxxxxxxxx' at IP address 52.5.76.173 on port 8347
    2023-05-19T12:13:09.417Z [ 5388: 6460] A Sending network status
    2023-05-19T12:13:09.417Z [ 5388: 6460] A The network status has changed, the Firewall may disconnect.
    2023-05-19T12:13:09.418Z [ 5388: 6460] A Connection closed (network error).
    2023-05-19T12:13:10.476Z [ 5388: 6460] A Connection succeeded.
    2023-05-19T12:13:10.476Z [ 5388: 6460] A Connected to 'ed98a5bf-ede8-4fbd-xxxx-xxxxxxxxxxxxxxxxx' at IP address 52.5.76.173 on port 8347
    2023-05-19T12:13:10.476Z [ 5388: 6460] A Sending network status
    2023-05-19T12:13:10.476Z [ 5388: 6460] A The network status has changed, the Firewall may disconnect.
    2023-05-19T12:13:10.521Z [ 5388: 6460] A Sending endpoint state list request
    2023-05-19T12:13:10.521Z [ 5388: 6460] A Sending login status.
    2023-05-19T12:13:10.521Z [ 5388: 6460] A User: removedByLherzog
    2023-05-19T12:13:10.521Z [ 5388: 6460] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
    2023-05-19T12:13:19.695Z [ 5388: 6460] A Sending network status
    2023-05-19T12:13:19.695Z [ 5388: 6460] A The network status has changed, the Firewall may disconnect.
    2023-05-19T12:13:19.696Z [ 5388: 6460] A Connection closed (network error).
    2023-05-19T12:13:20.773Z [ 5388: 6460] A Connection succeeded.
    2023-05-19T12:13:20.773Z [ 5388: 6460] A Connected to 'ed98a5bf-ede8-4fbd-xxxx-xxxxxxxxxxxxxxxxx' at IP address 52.5.76.173 o

  • What i dont understand - based of your logs - Why does the network status always change? Are you using a notebook with docking station? 

    __________________________________________________________________________________________________________________

  • I don't know why this is logged within seconds. Yes, wrote that. Thunderbolt dock with LAN. The Yoga itself only has WiFi.

    This is a log snip from the firewall before it succeeds to establish HB:

    [2023-05-19 12:12:49.388Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:50.444Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:51.491Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:52.551Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:53.640Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:54.697Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:55.748Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:56.789Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:57.825Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:58.864Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:59.901Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:00.936Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:01.971Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:03.043Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:04.070Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:05.145Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:06.216Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:07.286Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:08.357Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:09.418Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:09.424Z] WARN ModuleMessageHub.cpp[9271]:45 cleanupMsgTimerExpired - unanswered request with id 183611 from endpoint with uuid ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b timed out
    [2023-05-19 12:13:09.941Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <1> -> <3>
    [2023-05-19 12:13:10.477Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <3> -> <2>
    [2023-05-19 12:13:10.478Z] INFO EndpointStorage.cpp[9271]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>
    [2023-05-19 12:13:10.523Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b (172.16.xxx.xxx) health: 1
    [2023-05-19 12:13:19.697Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <2> -> <5>
    [2023-05-19 12:13:20.774Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <5> -> <1>
    [2023-05-19 12:13:20.774Z] INFO EndpointStorage.cpp[9271]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>
    [2023-05-19 12:13:20.775Z] INFO EpStateListBroker.cpp[9271]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b(172.16.xxx.xxx)
    [2023-05-19 12:13:20.775Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b (172.16.xxx.xxx) health: 1
    [2023-05-19 12:13:21.125Z] WARN GarnerEventHandler.cpp[9271]:55 update - got missing heartbeat notification from garner for endpoint ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b which is not in lost state
    [2023-05-19 12:13:30.574Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files\134mozilla firefox\134firefox.exe
    [2023-05-19 12:13:40.384Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    [2023-05-19 12:13:40.384Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    [2023-05-19 12:13:49.712Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <1> -> <5>
    [2023-05-19 12:13:50.737Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <5> -> <1>
    [2023-05-19 12:13:50.737Z] INFO EndpointStorage.cpp[9271]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>
    [2023-05-19 12:13:50.787Z] INFO EpStateListBroker.cpp[9271]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b(172.16.xxx.xxx)
    [2023-05-19 12:13:50.788Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b (172.16.xxx.xxx) health: 1
    [2023-05-19 12:15:14.170Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files\134mozilla firefox\134firefox.exe
    

Reply
  • I don't know why this is logged within seconds. Yes, wrote that. Thunderbolt dock with LAN. The Yoga itself only has WiFi.

    This is a log snip from the firewall before it succeeds to establish HB:

    [2023-05-19 12:12:49.388Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:50.444Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:51.491Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:52.551Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:53.640Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:54.697Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:55.748Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:56.789Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:57.825Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:58.864Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:12:59.901Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:00.936Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:01.971Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:03.043Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:04.070Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:05.145Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:06.216Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:07.286Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:08.357Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:09.418Z] WARN HBSessionHandler.cpp[9271]:140 findPinnedEndpointIdentity - session from endpoint rejected, because the endpoint ID already exists: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b
    [2023-05-19 12:13:09.424Z] WARN ModuleMessageHub.cpp[9271]:45 cleanupMsgTimerExpired - unanswered request with id 183611 from endpoint with uuid ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b timed out
    [2023-05-19 12:13:09.941Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <1> -> <3>
    [2023-05-19 12:13:10.477Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <3> -> <2>
    [2023-05-19 12:13:10.478Z] INFO EndpointStorage.cpp[9271]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>
    [2023-05-19 12:13:10.523Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b (172.16.xxx.xxx) health: 1
    [2023-05-19 12:13:19.697Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <2> -> <5>
    [2023-05-19 12:13:20.774Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <5> -> <1>
    [2023-05-19 12:13:20.774Z] INFO EndpointStorage.cpp[9271]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>
    [2023-05-19 12:13:20.775Z] INFO EpStateListBroker.cpp[9271]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b(172.16.xxx.xxx)
    [2023-05-19 12:13:20.775Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b (172.16.xxx.xxx) health: 1
    [2023-05-19 12:13:21.125Z] WARN GarnerEventHandler.cpp[9271]:55 update - got missing heartbeat notification from garner for endpoint ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b which is not in lost state
    [2023-05-19 12:13:30.574Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files\134mozilla firefox\134firefox.exe
    [2023-05-19 12:13:40.384Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    [2023-05-19 12:13:40.384Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    [2023-05-19 12:13:49.712Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <1> -> <5>
    [2023-05-19 12:13:50.737Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>: <5> -> <1>
    [2023-05-19 12:13:50.737Z] INFO EndpointStorage.cpp[9271]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>
    [2023-05-19 12:13:50.787Z] INFO EpStateListBroker.cpp[9271]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b(172.16.xxx.xxx)
    [2023-05-19 12:13:50.788Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b (172.16.xxx.xxx) health: 1
    [2023-05-19 12:15:14.170Z] INFO SacProcessor.cpp[9271]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <ca529385-4049-xxxx-xxxxxxxxxxxxxxx5b>, Application path :C:\134program files\134mozilla firefox\134firefox.exe
    

Children