Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 9129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect 2.2.90 - Service not available

LHerzog

Since our company upgraded trom 2.2.75 to 2.2.90 this is a known issue here. The client needs to be reinstalled then.

This has only been a very rare issue with the old version. Has Sophos identified the cause yet? Any fixes in the pipeline?

2023-03-16 08:49:16AM [5820] inf Starting Sophos Sophos Connect version 2.2.90.1104
2023-03-16 08:49:16AM [5820] dbg Initializing protected storage
2023-03-16 08:49:16AM [5820] inf No user is currently logged on
2023-03-16 08:49:16AM [5820] dbg Starting the auto-importer
2023-03-16 08:49:16AM [5820] inf Initializing strongSwan
2023-03-16 08:49:26AM [5820] err Failed to start the strongSwan service. Error 138. Timed out waiting for state to go to 4
2023-03-16 08:49:26AM [5820] err Failed to initialize strongSwan. Error 138
2023-03-16 08:49:26AM [5820] dbg Disabling all connections
2023-03-16 08:49:26AM [5820] inf Cleaning up strongSwan
2023-03-16 08:49:26AM [5820] inf stopping openvpn service
2023-03-16 08:49:26AM [5820] dbg Stopping the communications module
2023-03-16 08:49:26AM [5820] dbg Waiting for telemetry module to finish
2023-03-16 08:49:26AM [5820] dbg Waiting the auto-importer to finish
2023-03-16 08:49:26AM [5820] dbg Cleaning up IP monitor library
2023-03-16 08:49:26AM [5820] dbg Cleaning up protected storage
2023-03-16 08:49:26AM [5820] dbg Cleaning up configuration
2023-03-16 08:49:26AM [5820] inf Sophos Connect stopped

2023-03-16 08:49:16AM 00[DMN] Starting IKE service charon-svc (strongSwan 5.9.5, Windows Client 6.2.9200 (SP 0.0)
2023-03-16 08:49:16AM 00[KNL] failed to create TUN device
2023-03-16 08:49:16AM 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
2023-03-16 08:49:16AM 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon-svc' has unmet dependency: CUSTOM:socket
2023-03-16 08:49:16AM 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon-svc' has unmet dependency: CUSTOM:libcharon-receiver
2023-03-16 08:49:16AM 00[LIB] failed to load 2 critical plugin features



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    The GES team has raised a similar issue - NCL01758, which looks to be the same. Could you confirm too?

    We have tried to reproduce the issue internally but have not been successful. The details of the testing done is updated in the above Jira.

    Does re-installation of the SCC has to be done frequently, or its a one time thing?

  • 0 in reply to Giridhar Katti

    On my own computer I noticed the issue after a command line installation over the existing installation of 2.2.75.

    When the StrongSwan and Sophos Connect Service would not start, an other reinstallation with commandline msiexec -i file.msi -qb over the faulty installation of 2.2.90 did not solve the issue. I manually uninstalled the CC 2.2.90 from control panel / software and then re-installed with same  msiexec command line.

    Others of the admin team had the issue too. Also other regular users.

    I don't know how to reproduce the issue ow what is triggering it. Surely the root cause is the failing TAP driver of StrongSwan module.

  • 0 in reply to LHerzog

    A colleague today has the issue. the connect client was working until yesterdays. the Connect Client has been installed days ago on his machine was working since.

    Probably the issue happens when the computer interfaces change - that happens when the computers roam between home office and office. usually they don't have a dockingstation at home office but have one at the office.

    My colleague was at home office yesterday and is on office today.

    In our case the docking station adds a realtek NIC to the OS.

    That is his charon log from yesterday

    2023-03-16 05:41:45PM 00[DMN] Starting IKE service charon-svc (strongSwan 5.9.5, Windows Client 6.2.9200 (SP 0.0)
    2023-03-16 05:41:45PM 00[LIB] TAP-Windows driver version 1.0 available.
    2023-03-16 05:41:47PM 00[LIB] opened TUN device: {A59AC0F6-F4DC-4FC1-AE4C-3A573E6C6B71}
    2023-03-16 05:41:47PM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-libipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
    2023-03-16 05:41:47PM 00[JOB] spawning 16 worker threads
    2023-03-16 05:41:52PM 17[KNL] interface 73 'Hyper-V Virtual Ethernet Adapter #2' appeared
    2023-03-16 05:41:53PM 18[KNL] interface 73 'Hyper-V Virtual Ethernet Adapter #2' changed state from Down to Up
    2023-03-16 05:41:54PM 17[KNL] interface 79 'Hyper-V Virtual Ethernet Adapter #3' appeared
    2023-03-16 05:41:54PM 18[KNL] interface 79 'Hyper-V Virtual Ethernet Adapter #3' changed state from Down to Up
    2023-03-16 05:41:55PM 18[KNL] interface 84 'Hyper-V Virtual Ethernet Adapter #4' appeared
    2023-03-16 05:41:55PM 17[KNL] interface 84 'Hyper-V Virtual Ethernet Adapter #4' changed state from Down to Up
    2023-03-16 05:42:23PM 19[DMN] service is stopping, cleaning up

    and the one from today:

    2023-03-17 08:37:24AM 00[DMN] Starting IKE service charon-svc (strongSwan 5.9.5, Windows Client 6.2.9200 (SP 0.0)
    2023-03-17 08:37:24AM 00[LIB] TAP-Windows driver version 1.0 available.
    2023-03-17 08:37:26AM 00[LIB] opened TUN device: {A59AC0F6-F4DC-4FC1-AE4C-3A573E6C6B71}
    2023-03-17 08:37:26AM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-libipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
    2023-03-17 08:37:26AM 00[JOB] spawning 16 worker threads
    2023-03-17 08:37:29AM 17[KNL] interface 77 'Hyper-V Virtual Ethernet Adapter #2' appeared
    2023-03-17 08:37:30AM 18[KNL] interface 77 'Hyper-V Virtual Ethernet Adapter #2' changed state from Down to Up
    2023-03-17 08:37:31AM 19[DMN] service is stopping, cleaning up

    That is the scvpn log:

    2023-03-17 08:37:23AM [6016] inf Starting Sophos Sophos Connect version 2.2.90.1104
    2023-03-17 08:37:23AM [6016] dbg Initializing protected storage
    2023-03-17 08:37:23AM [6016] inf No user is currently logged on
    2023-03-17 08:37:23AM [6016] dbg Starting the auto-importer
    2023-03-17 08:37:23AM [6016] inf Initializing strongSwan
    2023-03-17 08:37:29AM [6016] dbg strongSwan version 5.9.5 has been started
    2023-03-17 08:37:29AM [6016] inf Initializing open vpn service
    2023-03-17 08:37:31AM [6016] dbg Starting the communications module
    2023-03-17 08:37:31AM [6016] dbg Starting HTTP server on 127.0.0.1:60110
    2023-03-17 08:37:31AM [6016] dbg HTTP Server: cannot bind to 127.0.0.1:60110: 10013 (No such file or directory)
    2023-03-17 08:37:31AM [6016] dbg HTTP Server: Failed to setup server ports
    2023-03-17 08:37:31AM [6016] err Failed to start HTTP server
    2023-03-17 08:37:31AM [6016] err Failed to initialize the communications module. Error 14
    2023-03-17 08:37:31AM [6016] dbg Disabling all connections
    2023-03-17 08:37:31AM [6016] inf Cleaning up strongSwan
    2023-03-17 08:37:31AM [6016] inf stopping openvpn service
    2023-03-17 08:37:31AM [6016] dbg Stopping the communications module
    2023-03-17 08:37:31AM [6016] dbg Waiting for telemetry module to finish
    2023-03-17 08:37:31AM [6016] dbg Waiting the auto-importer to finish
    2023-03-17 08:37:31AM [6016] dbg Cleaning up IP monitor library
    2023-03-17 08:37:32AM [6016] dbg Cleaning up protected storage
    2023-03-17 08:37:32AM [6016] dbg Cleaning up configuration
    2023-03-17 08:37:32AM [6016] inf Sophos Connect stopped

    So the issue here is different from my issue yesterday

  • 0 in reply to LHerzog

    Hi   - thanks for more information. We will also triage this issue internally and get back to you, if there are any questions.

Reply Children
No Data
Unfiltered HTML