This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After FW update 9.705: "urid not running - restarted"

Today I am working an a UTM 230. Immediately after updating to firmware 9.705003 on 9/24, I am getting many email with the message "urid not running - restarted". The proxy log gives me lines like this:

2020:10:18-19:28:25 lissmacutm httpproxy[5474]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x19764300" function="urid_categorize_url" file="uri_scanner.c" line="242" message="urid_query failed: (-2) "

Also getting many lines with "Categorization failed". These are not specific to any internal or external IP although MS updates are more common particularly on the weekend.

BAlfson wrote in one post that the UTM is being "chatty", but since this occurred on the day of an update and afterwards, I wonder if there's an issue with the update or did my DNS somehow get hosed?

Thanks, Tom

This thread was automatically locked due to age.

Top Replies

emmosophos over 3 years ago in reply to TomMorgan +2 verified

Hello Tom, thank you for the follow-up! Seems disk is damaged, if you the device is under warranty please open a case with Support and ask for an RMA, device needs to be replaced. You can send me the…

Parents

0 emmosophos over 3 years ago

Hello Tom,

Thank you for contacting the Sophos Community!

Do you see anything related to urid under /var/storage/cores

# ls -lh /var/storage/cores

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 TomMorgan over 3 years ago in reply to emmosophos

Hi Emmanuel,

Here's what I got:

-rw-r--r-- 1 root root 75M Oct 19 16:46 urid.16785
-rw-r--r-- 1 root root 75M Oct 19 16:47 urid.18341
-rw-r--r-- 1 root root 75M Oct 19 16:49 urid.18624
-rw-r--r-- 1 root root 75M Oct 19 18:38 urid.18831
-rw-r--r-- 1 root root 74M Oct 19 19:35 urid.23056
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to TomMorgan

Hello Tom,

Thank yo u for the follow-up!

hmm, that doesn't look right, it means the service is failing.

Does the selfmon and kernel log shows any type of I/O errors?

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

0 TomMorgan over 3 years ago in reply to emmosophos

This output repeats in selfmon

2020:10:20-13:45:52 lissmacutm selfmonng[4412]: W triggerAction: 'cmd'
2020:10:20-13:45:52 lissmacutm selfmonng[4412]: W actionCmd(+):  '/var/mdw/scripts/urid restart'
2020:10:20-13:45:53 lissmacutm selfmonng[4412]: W child returned status: exit='0' signal='0'
2020:10:20-15:04:54 lissmacutm selfmonng[4412]: I check Failed increment urid_running counter 1 - 3
2020:10:20-15:04:59 lissmacutm selfmonng[4412]: I check Failed increment urid_running counter 2 - 3
2020:10:20-15:05:04 lissmacutm selfmonng[4412]: W check Failed increment urid_running counter 3 - 3
2020:10:20-15:05:04 lissmacutm selfmonng[4412]: [INFO-188] urid not running - restarted
2020:10:20-15:05:04 lissmacutm selfmonng[4412]: W NOTIFYEVENT Name=urid_running Level=INFO Id=188 sent

And this is a sample from kernel... looks like I/O problems

2020:10:20-13:45:41 lissmacutm kernel: [522243.502228] Sense Key : 0x3 [current] [descriptor]
2020:10:20-13:45:41 lissmacutm kernel: [522243.502229] Descriptor sense data with sense descriptors (in hex):
2020:10:20-13:45:41 lissmacutm kernel: [522243.502230]         72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00 
2020:10:20-13:45:41 lissmacutm kernel: [522243.502234]         00 eb 78 81 
2020:10:20-13:45:41 lissmacutm kernel: [522243.502237] sd 0:0:0:0: [sda]  
2020:10:20-13:45:41 lissmacutm kernel: [522243.502238] ASC=0x11 ASCQ=0x4
2020:10:20-13:45:41 lissmacutm kernel: [522243.502239] sd 0:0:0:0: [sda] CDB: 
2020:10:20-13:45:41 lissmacutm kernel: [522243.502239] cdb[0]=0x28: 28 00 00 eb 78 81 00 00 08 00
2020:10:20-13:45:41 lissmacutm kernel: [522243.502243] end_request: I/O error, dev sda, sector 15431809
2020:10:20-13:45:41 lissmacutm kernel: [522243.502249] ata1: EH complete
2020:10:20-15:04:51 lissmacutm kernel: [526997.539585] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
2020:10:20-15:04:51 lissmacutm kernel: [526997.539587] ata1.00: irq_stat 0x40000001
2020:10:20-15:04:51 lissmacutm kernel: [526997.539590] ata1.00: failed command: READ DMA
2020:10:20-15:04:51 lissmacutm kernel: [526997.539594] ata1.00: cmd c8/00:08:81:78:eb/00:00:00:00:00/e0 tag 19 dma 4096 in
2020:10:20-15:04:51 lissmacutm kernel: [526997.539594]          res 51/40:08:81:78:eb/00:00:00:00:00/e0 Emask 0x9 (media error)
2020:10:20-15:04:51 lissmacutm kernel: [526997.539595] ata1.00: status: { DRDY ERR }
2020:10:20-15:04:51 lissmacutm kernel: [526997.539596] ata1.00: error: { UNC }
2020:10:20-15:04:51 lissmacutm kernel: [526997.541645] ata1.00: configured for UDMA/133
2020:10:20-15:04:51 lissmacutm kernel: [526997.541651] sd 0:0:0:0: [sda] Unhandled sense code
2020:10:20-15:04:51 lissmacutm kernel: [526997.541652] sd 0:0:0:0: [sda]  
2020:10:20-15:04:51 lissmacutm kernel: [526997.541653] Result: hostbyte=0x00 driverbyte=0x08

Reply

0 TomMorgan over 3 years ago in reply to emmosophos

This output repeats in selfmon

2020:10:20-13:45:52 lissmacutm selfmonng[4412]: W triggerAction: 'cmd'
2020:10:20-13:45:52 lissmacutm selfmonng[4412]: W actionCmd(+):  '/var/mdw/scripts/urid restart'
2020:10:20-13:45:53 lissmacutm selfmonng[4412]: W child returned status: exit='0' signal='0'
2020:10:20-15:04:54 lissmacutm selfmonng[4412]: I check Failed increment urid_running counter 1 - 3
2020:10:20-15:04:59 lissmacutm selfmonng[4412]: I check Failed increment urid_running counter 2 - 3
2020:10:20-15:05:04 lissmacutm selfmonng[4412]: W check Failed increment urid_running counter 3 - 3
2020:10:20-15:05:04 lissmacutm selfmonng[4412]: [INFO-188] urid not running - restarted
2020:10:20-15:05:04 lissmacutm selfmonng[4412]: W NOTIFYEVENT Name=urid_running Level=INFO Id=188 sent

And this is a sample from kernel... looks like I/O problems

2020:10:20-13:45:41 lissmacutm kernel: [522243.502228] Sense Key : 0x3 [current] [descriptor]
2020:10:20-13:45:41 lissmacutm kernel: [522243.502229] Descriptor sense data with sense descriptors (in hex):
2020:10:20-13:45:41 lissmacutm kernel: [522243.502230]         72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00 
2020:10:20-13:45:41 lissmacutm kernel: [522243.502234]         00 eb 78 81 
2020:10:20-13:45:41 lissmacutm kernel: [522243.502237] sd 0:0:0:0: [sda]  
2020:10:20-13:45:41 lissmacutm kernel: [522243.502238] ASC=0x11 ASCQ=0x4
2020:10:20-13:45:41 lissmacutm kernel: [522243.502239] sd 0:0:0:0: [sda] CDB: 
2020:10:20-13:45:41 lissmacutm kernel: [522243.502239] cdb[0]=0x28: 28 00 00 eb 78 81 00 00 08 00
2020:10:20-13:45:41 lissmacutm kernel: [522243.502243] end_request: I/O error, dev sda, sector 15431809
2020:10:20-13:45:41 lissmacutm kernel: [522243.502249] ata1: EH complete
2020:10:20-15:04:51 lissmacutm kernel: [526997.539585] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
2020:10:20-15:04:51 lissmacutm kernel: [526997.539587] ata1.00: irq_stat 0x40000001
2020:10:20-15:04:51 lissmacutm kernel: [526997.539590] ata1.00: failed command: READ DMA
2020:10:20-15:04:51 lissmacutm kernel: [526997.539594] ata1.00: cmd c8/00:08:81:78:eb/00:00:00:00:00/e0 tag 19 dma 4096 in
2020:10:20-15:04:51 lissmacutm kernel: [526997.539594]          res 51/40:08:81:78:eb/00:00:00:00:00/e0 Emask 0x9 (media error)
2020:10:20-15:04:51 lissmacutm kernel: [526997.539595] ata1.00: status: { DRDY ERR }
2020:10:20-15:04:51 lissmacutm kernel: [526997.539596] ata1.00: error: { UNC }
2020:10:20-15:04:51 lissmacutm kernel: [526997.541645] ata1.00: configured for UDMA/133
2020:10:20-15:04:51 lissmacutm kernel: [526997.541651] sd 0:0:0:0: [sda] Unhandled sense code
2020:10:20-15:04:51 lissmacutm kernel: [526997.541652] sd 0:0:0:0: [sda]  
2020:10:20-15:04:51 lissmacutm kernel: [526997.541653] Result: hostbyte=0x00 driverbyte=0x08

Children

+1 emmosophos over 3 years ago in reply to TomMorgan

Hello Tom,

thank you for the follow-up!

Seems disk is damaged, if you the device is under warranty please open a case with Support and ask for an RMA, device needs to be replaced. You can send me the Case ID so I can follow-up, when submitting the Case please include the output of both logs

/var/log/kernel and /var/log/selfmon as well as the output of /var/storage/cores.

You can also reference this Community Thread when opening the case.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +2 Vote Down

Cancel
0 TomMorgan over 3 years ago in reply to emmosophos

Unfortunately, no warranty. Will discuss with client. Thanks all for the help.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to TomMorgan

Hello Tom,

You could also try to re-image the device! Hopefully, if it was something that corrupted the entries this should be solved there!

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 TomMorgan over 3 years ago in reply to emmosophos

You're referring to re-imaging with an ISO? I can try that but not until Saturday. In the mean time I'll see what Bob's suggestion does with the logs and I'll report back.

Thanks again!
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to TomMorgan

Hello Tom,

Sorry yes, I should have been more clear, yes re-image using ISO. This is the URL to download the ISO.

https://www.sophos.com/en-us/support/utm-downloads.aspx

This is the KB that explains how to re-image the device, in case you are not familiar with the procedure.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 TomMorgan over 3 years ago in reply to emmosophos

Thanks, I'm very familiar with the process. It won't be a problem.
Cancel
Vote Up 0 Vote Down

Cancel
+1 TomMorgan over 3 years ago in reply to TomMorgan

The UTM was reimaged on Saturday without issue and monitored throughout the weekend. Between that and a full day of user traffic today, all logs are clean and not showing the I/O errors. The URID email have also stopped. Hopefully, the cause of this was a bad firmware update install.

Thank you Emmanuel and Bob for your attention to this!

Tom
Cancel
Vote Up +1 Vote Down

Cancel