Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 11 subscribers
  • Views 26329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM - Sophos LiveConnect is disabled

eco123

Since 7 January 2016 my Sophos LiveConnect is disabled on the UTM. Before this everything working fine?

The PCs can are working fine, but if the UTM cannot connect to the LiveConnect changes cant be done.

2016:01:07-20:05:31 myfirewall epsecd[5258]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2016:01:07-20:05:31 myfirewall epsecd[5258]:  2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2016:01:07-20:05:31 myfirewall epsecd[5258]:  3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2016:01:07-20:05:31 myfirewall epsecd[5258]:  4. main::top-level:63() client.pl
2016:01:07-20:05:31 myfirewall epsecd[5258]: <=========================================================================
2016:01:07-20:05:31 myfirewall epsecd[5258]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2016:01:07-20:08:33 myfirewall epsecd[5258]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Socket connect to sss1-c1f5.broker.sophos.com:443 error: Connection refused"
2016:01:07-20:08:33 myfirewall epsecd[5258]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Error creating socket. " syscall_error="Connection refused"
2016:01:07-20:08:33 myfirewall epsecd[5258]: >=========================================================================
2016:01:07-20:08:33 myfirewall epsecd[5258]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: Unknown error at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 151." effect="Can't talk to Sophos LiveConnect"
2016:01:07-20:08:33 myfirewall epsecd[5258]:
2016:01:07-20:08:33 myfirewall epsecd[5258]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2016:01:07-20:08:33 myfirewall epsecd[5258]:  2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2016:01:07-20:08:33 myfirewall epsecd[5258]:  3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2016:01:07-20:08:33 myfirewall epsecd[5258]:  4. main::top-level:63() client.pl
2016:01:07-20:08:33 myfirewall epsecd[5258]: <=========================================================================
2016:01:07-20:08:33 myfirewall epsecd[5258]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 240 seconds"
2016:01:07-20:12:40 myfirewall epsecd[5258]: I id="4232" severity="info" sys="System" sub="epsecd" name="Not syncing web policy resources as web control is disabled"
2016:01:07-20:12:44 myfirewall epsecd[5258]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status "
2016:01:07-22:02:26 myfirewall epsecd[5258]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2016:01:07-23:02:02 myfirewall epsecd[5258]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"



This thread was automatically locked due to age.
  • 0
    Similar problem here, on my UTM 9.352-6, i cannot enable endpoint, always get Socket Error... I managed to enable it once, disabling the HTTP Proxy, but after re-enabling it, no connection to the sophos server...
  • 0

    same here: Endpoints are grey. UTM 9.352-6

    Endpoint log shows this errors:

    2016:01:19-21:17:50 enn-1 epsecd[9215]: |=========================================================================
2016:01:19-21:17:50 enn-1 epsecd[9215]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="Listing [https://e38ff956-d229-3887-92ca-a2d8588e84e9-wdx-d229.broker.sophos.com//e38ff956-d229-3887-92ca-a2d8588e84e9/] failed with return code 7: Couldn't connect to server couldn't connect to host
2016:01:19-21:17:50 enn-1 epsecd[9215]: "
  • 0
    Since 9.352-6 on my Cluster System this problem also exists. Disabling an reenabling the http Proxy didn't solve the problem for me. Still the same. Liveconnect is disabled.
  • 0
    Same issue here on 550 HA cluster with 9.352-6. Seems like it started on the 21st according to the size of my archived endpoint logs. I opened a ticket and also found that my support access tunnel is getting connection refused and is just sitting saying "connecting to server".
  • 0
    Same here, I noticed this Monday and I have been checking it a couple of times a day and it seems to be flip-flopping between enabled and disabled, however all the endpoints remain greyed out even when it says Enabled. Another typical Sophos mess?
  • 0
    I had also opened a case with Sophos on this (India, really??) and just received this update:

    "The current issue with our endpoint brokers is still being worked on by our GES team. As per last triage it should be stable after January 29th."

    Dave
  • 0

    Yes, same here, again! I had this issue during Christmas (see https://community.sophos.com/products/unified-threat-management/f/59/t/73768 ) That time, LiveConnect stated it was enabled, but none of the endpoints were green.

    This time, LiveConnect seems to flop between enabled/disabled, but the endpoints have not been green for a while now. Error in log is different this time:

    2016:01:28-12:19:42 sophos epsecd[5962]: |=========================================================================

    2016:01:28-12:19:42 sophos epsecd[5962]: W main::_log:432() => severity="warn" sys="System" sub="eplog" name="Listing [] failed with return code 35: SSL connect error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

    2016:01:28-12:19:42 sophos epsecd[5962]: "

  • 0
    I just checked again today and now Live Connect is showing ENABLED and all my endpoints are registered! Maybe they got it fixed early!
  • 0 in reply to DaveCline

    Good news - but I just checked mine and it is still red "disabled". However, I rolled my mouse over the grey circle next to an endpoint and a popup reads "last seen 26 minutes ago" for all endpoints - so it has been working, but they have obviously not got it fully sorted yet.

  • 0

    I'm having a similar issue.  Can't deploy agents or enable LiveConnect.

    Firmware version: 9.403-4
    Pattern version: 102803

    1. The Endpoint Protection Status states LiveConnect is Disabled.
    Looking at the Endpoint Protection Live Log, there's a protocol error when connecting.
    W main::_log:435() => severity="warn" sys="System" sub="eplog" name="Listing [https://a03ea04a-1b1c-3de9-a4fe-10c7171e7db5-wdx-1b1c.broker.sophos.com//a03ea04a-1b1c-3de9-a4fe-10c7171e7db5/] failed with return code 35: SSL connect error Unknown SSL protocol error in connection to a03ea04a-1b1c-3de9-a4fe-10c7171e7db5-wdx-1b1c.broker.sophos.com:443
    2. I can't download the agent using the link:
    The above website Responds with a HTTP 404 error

    Not Found

    The requested URL /agent/ was not found on this server.

    Testing the LiveConnect address using openssl from the firewall produces this result.
    uriel:/home/login # openssl s_client -connect a03ea04a-1b1c-3de9-a4fe-10c7171e7db5-wdx-1b1c.broker.sophos.com:443                 CONNECTED(00000003)
    1435629192:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 0 bytes and written 290 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    ---
    uriel:/home/login #
    Clear text connection (p80) initiates a Reset from the server.
    uriel:/home/login # telnet a03ea04a-1b1c-3de9-a4fe-10c7171e7db5-wdx-1b1c.broker.sophos.com 80
    Trying 52.18.238.151...
    Connected to a03ea04a-1b1c-3de9-a4fe-10c7171e7db5-wdx-1b1c.broker.sophos.com.
    Escape character is '^]'.
    Connection closed by foreign host.
    Also Failed OpenSSL Connection to mcs1-1b1c.broker.sophos.com:443  Certificate not trusted???  Ah it's using an insecure TLSv1.0/SSL3.0 cert.  How do we get this connection to use the more secure TLS1.1+ protocols?

    uriel:/home/login # openssl s_client -connect mcs1-1b1c.broker.sophos.com:443
    CONNECTED(00000003)
    depth=0 C = GB, ST = Oxfordshire, O = Sophos Ltd, CN = *.broker.sophos.com, emailAddress = mlh@sophos.com
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 C = GB, ST = Oxfordshire, O = Sophos Ltd, CN = *.broker.sophos.com, emailAddress = mlh@sophos.com
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 C = GB, ST = Oxfordshire, O = Sophos Ltd, CN = *.broker.sophos.com, emailAddress = mlh@sophos.com
    verify error:num=21:unable to verify the first certificate
    verify return:1
    ---
    Certificate chain
    0 s:/C=GB/ST=Oxfordshire/O=Sophos Ltd/CN=*.broker.sophos.com/emailAddress=mlh@sophos.com
    i:/C=GB/ST=Oxfordshire/L=Abingdon/O=Sophos Ltd/CN=SophosCA1/emailAddress=mlh@sophos.com
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIID6TCCAtGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEU
    MBIGA1UECBMLT3hmb3Jkc2hpcmUxETAPBgNVBAcTCEFiaW5nZG9uMRMwEQYDVQQK
    EwpTb3Bob3MgTHRkMRIwEAYDVQQDEwlTb3Bob3NDQTExHTAbBgkqhkiG9w0BCQEW
    Dm1saEBzb3Bob3MuY29tMB4XDTE0MTEyODE1MTczN1oXDTE2MTEyNzE1MTczN1ow
    dTELMAkGA1UEBhMCR0IxFDASBgNVBAgTC094Zm9yZHNoaXJlMRMwEQYDVQQKEwpT
    b3Bob3MgTHRkMRwwGgYDVQQDDBMqLmJyb2tlci5zb3Bob3MuY29tMR0wGwYJKoZI
    hvcNAQkBFg5tbGhAc29waG9zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
    AQoCggEBALUF4EYRJP1vXVhAze0xH8V8hs3Yenyqr7C3zC3dJyZlKwAbtMaEIU8e
    cqOTB1prip7iRuN9pmfXfPx/1Vob6yWrc2mJ+QKGOz7L/KNuWNY/erbh4SMn5SSj
    3He+X3VWMPim9ULK2Ah8OX58i7lMUFYFRduPk6bpY4+22IfuGr9QRcLJZ7isQ71N
    lMkZPbklngKfQNofHQYr36XWPi3g9U9J0u4ztRDoO1s7yo8HiyVwEOlEpPraosjV
    jE0ftGsv10KT7lmRJ89fF0VN3lzPfIYuRwrLJhFvENWCxk7UP/mbHV3rP8T/fmAR
    wD40Hsmtti+WqCePZCytAfcuDd3qbGMCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg
    hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
    BBYEFARfO8bYa+V1MqC2FQ97JBYMT1MgMB8GA1UdIwQYMBaAFPG3+fNX+L2wsf4k
    5+td3zLzjzRlMA0GCSqGSIb3DQEBBQUAA4IBAQBlrUOyPF8pvCoEhb36mrh3+vXS
    lGJcaVDg504DmAePvY86SF44eWp+BlMJ2Uxo5Xq97X+Fh2h1SkinkSUfu86yED4b
    dXPiEv32H1chi/llYT765Rs61zJu2jfywV+ugKzlAC2n6IhA2iXP2iwSYLr4YFSF
    oUxINz/9nwHKYy1qx9aIlzdo/ocmOrtuHNPq1DmKuYNGqbQqqsj3gQcVeYC3gXYY
    RNPtOSelCfNIk/fa0uubViIgE6/RcRg19TLg/li5Uoc981O1AD30AX7taIJyqqHr
    v0tCkivN41C7OcTpeDuRYnqqE48KcxAXYbsfEbl3yQHi/cLZW5mt59SWEac5
    -----END CERTIFICATE-----
    subject=/C=GB/ST=Oxfordshire/O=Sophos Ltd/CN=*.broker.sophos.com/emailAddress=mlh@sophos.com
    issuer=/C=GB/ST=Oxfordshire/L=Abingdon/O=Sophos Ltd/CN=SophosCA1/emailAddress=mlh@sophos.com
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 1702 bytes and written 424 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : ECDHE-RSA-AES256-SHA
    Session-ID: 40901717C547ED2818D95585AE065E9F65C2AB1CE3E045AC36116FE4912C9F00
    Session-ID-ctx:
    Master-Key: 2C04D2EB110CC6D98FF11037BD1DCE95EC7EC82C5A59409FC4CB9E647AD50AABC9B129072AA09C421C21A34709234C0F
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 4e e5 6a e5 14 41 27 4e-b9 8a 05 cf 17 04 5b aa N.j..A'N......[.
    0010 - 53 49 54 ce 28 e2 0e e2-eb 3e 2e aa 12 1d 87 37 SIT.(....>.....7
    0020 - 32 c5 c2 13 68 fc d1 41-39 81 2e 70 c2 02 2e fb 2...h..A9..p....
    0030 - 2f 41 a6 44 6b 44 ca dc-81 f2 b2 4d 91 f6 74 5e /A.DkD.....M..t^
    0040 - f7 f8 3d ee c8 ad f8 9b-28 b9 34 e2 27 c9 0b 9f ..=.....(.4.'...
    0050 - 3e 1a ea 17 7f 5a dd 59-72 ab 40 c0 92 72 0d 25 >....Z.Yr.@..r.%
    0060 - 3c e3 37 58 fa f6 90 85-7a 04 d8 2d 02 b1 d8 fa <.7X....z..-....
    0070 - 3c 58 ec 86 4a 5d 07 ef-c5 6f d2 bd 31 96 15 b3 <X..J]...o..1...
    0080 - 46 26 7c 3d 32 45 9f 0e-fd 51 9c c7 f4 ba 09 aa F&|=2E...Q......
    0090 - 94 9f dd 91 d2 aa 45 45-94 a9 a4 77 5a 81 34 7e ......EE...wZ.4~
    00a0 - 09 40 67 5b 91 ed 79 cf-b3 ee 06 b1 ec 68 dd fe .@g[..y......h..
    00b0 - 6f 6b e0 a5 51 62 41 57-ff 6d 39 96 58 52 47 dd ok..QbAW.m9.XRG.

    Start Time: 1465753545
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

Unfiltered HTML