Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 11 subscribers
  • Views 8724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

central relay server issue

andy Cerasoli

Hi we are having problems with setting up a cache and relay server. We are using server 2016 datacentre. The cache part works fine, but we can't get the relay server part to work. The dashboard says its setup by no computers are using the relay. We have a server that does not have internet access, for which we have tried to setup via the relay server sophossetup.exe --messagerelys=ipaddress:8190, (supposed to be supported so our account manager says, but Sophos support say it isn't supported! Not sure who is correct) but that does not work anyway, it seems to be only trying the to connect to the internet using the message relays ip address? The rules for the firewall are configured by the install and they seem fine? We are using a proxy to get to the Sophos central cloud servers, does anyone know if it also needs port 8190 and 8191 as we have only allowed 80 and 443? 



This thread was automatically locked due to age.
  • 0

    Hi andy Cerasoli,

    Do you have a Support case open? If so, please send me a DM so that I can follow-up.

     

    Here are the requirements to setup the relay:
    What are the prerequisites for an Update Cache and a Message Relay?

    Additional information can be found here 

     Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    Hi Barb, there is no support case. They closed it because they said it wasn't supported. I have read the articles, they don't say which ports are needed open to the internet . We have port 80 and 443 open through our edge firewall to the internet and the Sophos install has opened the other ports on the server. Do we need port 8190 open to the internet as well as our internal network? the update cache part seems to be working fine, its just the message relay that's not. 

     

    Thanks

     

    Andy

  • 0 in reply to andy Cerasoli

    Hi Andy,

    Do you have the log from the server install that isn't working via the Message Relay? SophosCloudInstaller_xxxxx

    ‘--messagerelays=192.168.1.2:8190’ is the switch needed to install via a Message Relay; https://community.sophos.com/kb/en-us/127045 

    Ports 8190 and 8191 are needed between the client and the Cache/Relay server; the Relay server then needs to be able to access Sophos; https://community.sophos.com/kb/en-us/122577 

    https://community.sophos.com/kb/en-us/121936 

    Regards,

    Stephen

  • 0 in reply to StephenMcKay

    Hi Stephen 

    thanks

    here is the log from the server we are trying to protect. The server does not have internet access. We are using the messagerelays switch

    Firewall on the relay server has connection to Sophos - we have been able to build it as a cache and relay server from the portal ok. The install added the firewall ports ok

     

    Started C:\Users\Administrator\AppData\Local\Temp\sfl-86921410\Setup.exe
    2018-07-23T15:50:38.2635957Z INFO : SophosInstall command line: "C:\\Users\\Administrator\\AppData\\Local\\Temp\\sfl-86921410\\Setup.exe" --messagerelays=10.20.0.16:8190
    2018-07-23T15:50:38.2635957Z INFO : Command line: Quiet mode on: 0
    2018-07-23T15:50:38.2635957Z INFO : Command line: Automatic Proxy detection disabled: 0
    2018-07-23T15:50:38.2635957Z INFO : Command line: No feedback mode on: 0
    2018-07-23T15:50:38.2635957Z INFO : Command line: Dump feedback enabled: 0
    2018-07-23T15:50:38.2635957Z INFO : Command line: Bypass competitor removal: 0
    2018-07-23T15:50:38.2635957Z INFO : Command line: Using CRT catalog file path: --
    2018-07-23T15:50:38.2635957Z INFO : Command line: Only register endpoint with Central: 0
    2018-07-23T15:50:38.2635957Z INFO : Command line: Using custom server: --
    2018-07-23T15:50:38.2635957Z INFO : Command line: Using custom stage 2 filename: --
    2018-07-23T15:50:38.2635957Z INFO : Command line: Using cloud user: --
    2018-07-23T15:50:38.2635957Z INFO : Command line: Using cloud group: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Overriding computer name: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Overriding computer description: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Overriding domain name: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Language will be set to: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Using message relays: 10.20.0.16:8190
    2018-07-23T15:50:38.2792071Z INFO : Command line: Proxy address: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Proxy user name: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Using custom customer token: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Using specified products: --
    2018-07-23T15:50:38.2792071Z INFO : Command line: Using certificates from the MCS app data folder: 0
    2018-07-23T15:50:38.2792071Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/latest.tar.gz
    2018-07-23T15:50:38.2948205Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2018-07-23T15:50:38.2948205Z INFO : Attempting to connect using proxy '10.20.0.16:8190' of type 'Message Relay'.
    2018-07-23T15:50:38.2948205Z INFO : Set security protocol: 00000800
    2018-07-23T15:50:38.2948205Z INFO : Opening connection to downloads.sophos.com
    2018-07-23T15:50:38.2948205Z INFO : Opened connection to downloads.sophos.com
    2018-07-23T15:50:38.2948205Z INFO : Request content size: 0
    2018-07-23T15:50:53.5747166Z ERROR : WINHTTP_CALLBACK_STATUS_SECURE_FAILURE: 8
    2018-07-23T15:50:53.5747166Z INFO : WINHTTP_CALLBACK_STATUS_SECURE_FAILURE: WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA
    2018-07-23T15:50:53.5747166Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12175
    2018-07-23T15:50:53.5747166Z INFO : Failed to connect using proxy '10.20.0.16:8190' with error: WinHttpSendRequest failed: certificate check failure
    2018-07-23T15:50:53.5747166Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2018-07-23T15:50:53.5747166Z INFO : Set security protocol: 00000800
    2018-07-23T15:50:53.5747166Z INFO : Opening connection to downloads.sophos.com
    2018-07-23T15:50:53.5747166Z INFO : Opened connection to downloads.sophos.com
    2018-07-23T15:50:53.5747166Z INFO : Request content size: 0
    2018-07-23T15:51:14.6098087Z ERROR : WinHttpSendRequest failed with error 12002
    2018-07-23T15:51:14.6098087Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
    2018-07-23T15:51:14.6098087Z INFO : Cleaning up extracted files
    2018-07-23T15:51:17.5507959Z ERROR : Exception: Failed to download stage-2 archive. Status code: --: Failed to connect with any proxy: certificate check failure

  • 0 in reply to andy Cerasoli

    Please can you confirm the OS of the server you are trying to protect?


    Stephen

  • 0 in reply to andy Cerasoli

    Has your server a public or privat IP Addr? I asking because we had before the same prob. with PC how has a wrong IP Adr.

     

    wrbrgds. TBC

  • 0 in reply to StephenMcKay

    Hi Stephen, 

     

    Its Windows 2012 r2

Unfiltered HTML