Thread Info
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 15444 views
  • Users 0 members are here
Options
Suggested

Security Heartbeat not working

manlius-ny

I'm running a fresh installation in a VMWare environment.  A Windows 8.1 and Windows Server 2012R2 device are both behind the firewall.  Both of these devices are running Sophos Central Endpoint\Server protection and heartbeat is active.  The firewall is registered in the same Central account as the devices.

On the endpoint I'm getting the following in the heartbeat.log file:

2017-09-13T18:54:24.215Z [ 2756] INFO RequestSender::SendRequest Sending login request.
2017-09-13T18:54:24.215Z [ 2756] INFO RequestSender::SendRequest Sending network request. Active Interfaces: MAC: D4:BE:D9:11:40:97 - INET: 10.10.11.100 - INET6:
2017-09-13T18:54:24.215Z [ 2756] INFO RequestSender::SendRequest Sending status request. Current status is -> health: Good(1) service: Good(1) threat: Good(1)
2017-09-13T19:00:28.361Z [ 2756] INFO RetryCalculator::Notify Connection closed (network error).
2017-09-13T19:00:50.404Z [ 2756] INFO RetryCalculator::Notify Connection failed.
2017-09-13T19:00:50.404Z [ 2756] INFO RetryCalculator::Notify Connection re-establish delay value is now 15 seconds
2017-09-13T19:02:17.696Z [ 2756] INFO RetryCalculator::Notify Connection succeeded.
2017-09-13T19:02:17.696Z [ 2756] INFO RetryCalculator::Notify Connection re-establish delay value is now 1 seconds

Nothing is showing up in the heartbeat log on the firewall.

Security Heartbeat is working fine on all of my other XG devices.

Any ideas what might be causing this behavior with v17 Beta 1?

Parents

  • I'm also seeing the following in the heartbeatd.log file on the firewall:

    2017-09-15 13:30:45 ERROR CertificateHandler.cpp[4934]:88 updateFingerprints - SQL error: no such table: EP_Certificates

  • in reply to manlius-ny

    Hi manlius-ny,

     

    try to remove the empty database: /conf/sysfiles/heartbeatd/certificate_store.db and wait some minutes to be synced again. After some time a new databse should be created with all Certificates in it so Endpont can connect.

    If not, try to provide any heartbeat.logs on SFOS.

     

    Best Regards,

    redpfaf

  • in reply to redpfaff

    Deleted the certificate_store.db and it was recreated automatically.  That didn't solve the problem.

    The heartbeatd.log from the firewall contains many lines similar to this:

    2017-09-15 15:44:35 INFO HBSessionHandler.cpp[4934]:89 removeDirtySessions - Number of sessions: 0
    2017-09-15 15:44:35 WARN HBSession.cpp[4934]:328 bufferDisconnectEvent - Incoming connection from 10.10.11.26 failed. SSL error: SSL routines:ssl3_get_client_certificate certificate verify failed

Reply
  • in reply to redpfaff

    Deleted the certificate_store.db and it was recreated automatically.  That didn't solve the problem.

    The heartbeatd.log from the firewall contains many lines similar to this:

    2017-09-15 15:44:35 INFO HBSessionHandler.cpp[4934]:89 removeDirtySessions - Number of sessions: 0
    2017-09-15 15:44:35 WARN HBSession.cpp[4934]:328 bufferDisconnectEvent - Incoming connection from 10.10.11.26 failed. SSL error: SSL routines:ssl3_get_client_certificate certificate verify failed

Children
Unfiltered HTML