Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 27309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to protect computer

Oliver Marshall

Hi

We're rolling out a test Sophos Central implementation. 

When we run the Sophos endpoint installer on any windows device, the install warns it might take 15 minutes to install. Once it's done, the Central portal reports "Failed to protect computer" for each device. This description for this is that the agent was installed but hasn't checked in for one hour. 

If we check the Sophos Management Communication System client logs on the endpoints we see loads of these;

503 Service Unavailable: Back-end server is at capacity: sent=0 rcvd=0 elapsed=249ms

 

This relates to a series of Amazon cloud instances mentioned in the logs. 

 

Any ideas whether this error actually means what it suggests or what we can do to nudge the devices in to connecting?

We've tried a number of devices, rebooting, removing, reinstalling. 

 

Olly



This thread was automatically locked due to age.
Parents
  • 0

    Hi Olly

     

    It's probably not much help, but I'm facing the same issue.  We rolled out a new Sophos implementation a week ago that was almost flawless (one or two older computers caused problems), yet today I cannot get a client to install fully.  Every time I get the same 'Back-end server is at capacity' error.

     

    Is the error appearing in your McsClient.log file after a POST statement like the one below?

    POST https://dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com:443/sophos/management/ep/register

     

    The guidance I've found on the Sophos support pages suggests doing a PING test, NSLOOKUP and a telnet connection on port 443.  I've tried all of these and although the NSLOOKUP check works, the PING and telnet tests fail.  I can only assume at this point that the Amazon Web Services instance I'm trying to connect to is either offline or overloaded.

     

    Gary

Reply
  • 0

    Hi Olly

     

    It's probably not much help, but I'm facing the same issue.  We rolled out a new Sophos implementation a week ago that was almost flawless (one or two older computers caused problems), yet today I cannot get a client to install fully.  Every time I get the same 'Back-end server is at capacity' error.

     

    Is the error appearing in your McsClient.log file after a POST statement like the one below?

    POST https://dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com:443/sophos/management/ep/register

     

    The guidance I've found on the Sophos support pages suggests doing a PING test, NSLOOKUP and a telnet connection on port 443.  I've tried all of these and although the NSLOOKUP check works, the PING and telnet tests fail.  I can only assume at this point that the Amazon Web Services instance I'm trying to connect to is either offline or overloaded.

     

    Gary

Children
  • 0 in reply to Gary Dendy

    Hi Gary

     

    Yes, exactly as you describe here. 

     

    Fills me with confidence :(

     

    Olly

  • 0 in reply to Oliver Marshall

    Dealing with the same issue. Trying to do a reinstall on an endpoint because of issues with the client, but can't uninstall it because it is in the middle of updating, but taking forever because it can't communicate with the update server. Nothing but '503 Service Unavailable: Back-end server is at capacity' in the logs. Come on Sophos!!

  • 0 in reply to Gary Dendy

    I´m facing the same issue here with a fresh install on W7 Pro. I´ll try to look the msclient.log file... Looking from our Central Console perspective, shows the following msg "Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.c..."

     

    * and the Central status for US show as 'ok'

  • 0 in reply to Renato Pereira

    After a new download and install again, the lastest entry on windows Eventviewer is "Product: Sophos AutoUpdate XG -- Installation completed successfully."

    Looking from Windows Performance Monitor we noticed 'mcsclient.exe' stablishing connection with AWS server but transfering only 2kb/s...

     

    Is there some components to install before, like some .NET Framework? Some services to be enable first like "Remote Registry"??

  • 0 in reply to Renato Pereira

    I found another forum post relating that issue with 'Tamper Protection' that should be disabled before complete all installation...
    Last night I was sleep and then disabled it on 'Central' website and today as 11:29:32 (GMT -3), almost 12h afters, I found an entry on Windows Event Viewer\Aplication saying:

     

    ---

    Nome do Log: Application
    Fonte: MsiInstaller
    Data: 20/07/2017 11:29:32
    Identificação do Evento:1033
    Categoria da Tarefa:Nenhum
    Nível: Informações
    Palavras-chave:Clássico
    Usuário: SISTEMA
    Computador: Patrique-PC
    Descrição:
    O Windows Installer instalou o produto. Nome do Produto: Sophos Management Communications System. Versão do Produto: 4.4.309. Idioma do Produto: 1033. Fabricante: Sophos Limited. Status de erro ou êxito da instalação: 0.
    XML de Evento:
    <Event xmlns="schemas.microsoft.com/.../event">
    <System>
    <Provider Name="MsiInstaller" />
    <EventID Qualifiers="0">1033</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-07-20T14:29:32.000000000Z" />
    <EventRecordID>6247</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Patrique-PC</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    <Data>Sophos Management Communications System</Data>
    <Data>4.4.309</Data>
    <Data>1033</Data>
    <Data>0</Data>
    <Data>Sophos Limited</Data>
    <Data>(NULL)</Data>
    <Data>
    </Data>
    <Binary>7B32433134453141322D433445422D343636452D383337342D3831323836443732334433417D3030303039386636386634356363636261346263373839626236363366633231646232333030303030393034</Binary>
    </EventData>
    </Event>

     

    ---

Unfiltered HTML