Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 9781 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unmanaged and Router problems

TechSupp

Installed EMC 4.7 on our new server (after uninstalling 4.5 which was after having 4.0 on another but less stable server). The clients with Sophos already installed update but they wont become managed and cant seem to get them to reinstall from the console (Could not start installation program, Network path not found msg in client status in EMC). Took it totally of one client and reinstalled from the command line and installed fine, updates but now says waiting for client to report status.

The Sophos Network Communications Report says:

Problem description : Overview : Possible cause : Action to repair :
Communication failure.
Failed to communicate with the server.
"Sophos Message Router" service may be stopped on the server, or the server may be disconnected from the network, or a firewall may be blocking communications from the client to the server.
Verify that the Sophos Message Router ports (by default 8192 and 8194) on the server are accessible by the computer with the problem. Also check networking and services on the server.

The router log is as below:

03.01.2012 16:15:33 0878 W Parent address unknown: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for.  (11004)
03.01.2012 16:15:33 0878 I Getting parent router IOR from servername.domain.local:8192
03.01.2012 16:15:58 0878 I Getting parent router IOR from servername:8192
03.01.2012 16:16:21 0878 E Failed to get parent router IOR
03.01.2012 16:16:21 0878 E Failed to get certificate, retrying in 600 seconds
03.01.2012 16:26:34 0878 I Getting parent router IOR from xx.xx.xx.xx:8192
03.01.2012 16:26:57 0878 I Getting parent router IOR from fe80::8971:2cc1:50d2:d58f:8192
03.01.2012 16:26:58 0878 E ACE_INET_Addr::ACE_INET_Addr: fe80::8971:2cc1:50d2:d58f: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for.

The Parent address in the network report is correct:

xx.xx.xx.xx,fe80::8971:2cc1:50d2:d58f,servername.domain.local,servername

Can ping the server from client with name and ip, bit at a loss as to what to do or check next so I can get the clients to appear as managed.

:20349


This thread was automatically locked due to age.
  • 0

    Hi,

    The clients use the addresses (in-turn) in the key:

    HKLM\Software\[wow6432node]\sophos\messaging system\router\ParentAddress

    to locate the management server.


    On a problem client, does this key contain a resolvable address of the Sophos management server?

    From the logs you post it has:

    servername.domain.local:8192

    Either you have anonymised the address or that doesn't look right?

    On a test machine (client), change the parent address key to be the IP/name of the management server and then restart the Sophos message Router service, does this fix this machine?

    If this value is being put in on-reinstall, it would suggest that the file mrinit.conf in the install/update share has this address in it.  If you fix that to be the address of the management server, reinstalls should then work.

    Regards,

    Jak 

    :20351
  • 0

    Sorry, yes I anonymised those lines. Will try suggestion and get back.

    :20355
  • 0
    Tried your suggestion and set the parent in registry entry to the ip of the server. That stopped any dns errors etc being reported in the network report, could initiate a new install on the client from the console but issues reported back as before about connectivity ti parent in network report and to check port access. How can i check that it can connect to the required ports or that they are even open on the server (server 2008 r2) and if they are blocked for listening which it may seem how do i unblock them?
    :20371
  • 0

    Hi,

    The client needs to be able to talk to TCP 8192 and TCP 8194 on the server.  The server ideally needs to be able to connect to TCP port 8194 of the client (this will speed up downstream message delivery).

    From the client you should be able to telnet the server on both of these ports. I.e. In a command prompt run:
    telnet <serverip/name> 8192
    telnet <serverip/name> 8194

    Telnetting to 8192 will display a string (IOR).  Telnetting to 8194 will nto display anything but will connect.

    Note: the Telnet client component isn't 'installed' by default on Windows 7, you would need to add it as a component.

    Regards,

    Jak 

    :20375
  • 0
    Thanks, did try that at some point and got no reply from either, so could be the fault. Now how do I fix it :)
    :20379
  • 0

    Hi,

    I assume that on the Sophos Management Server that the "Sophos Message Router" service (RouterNT.exe process) is running?

    If the firewall is enabled on the server you can typically add exceptions.  You would need to add:

    INCOMING TCP 8192
    INCOMING TCP 8194

    Or possiblly allow RouterNT.exe as a process but as the ports are fixed I would suggest opening up the ports.

    You could use:

    http://technet.microsoft.com/en-us/library/ms175043.aspx

    as a guide to adding exceptions.  Once done, ensure that from a client you can telnet those ports and a connection is made.

    Regards,

    Jak

    :20381
  • 0
    Thanks youre a star! Will try that tomorrow. Is it possible to check the state of the ports from the server side rather than the client side? Just purely as a means of double.checking the issue.
    :20385
  • 0

    Hi,

    You can perform the same check locally using telnet but the local connection check will probably not be subject to the same firewall rules so a remote check is always preferable as it would more closely mirror the accessibility of the ports to a remote client.

    Regards,

    Jak

    :20397
  • 0

    Is this non connection problem one that could be specific to server 2008 r2 as just looked at another of my schools running emc on a 2003 server and that replies fine with the telnet command as you say it should. Good to know as got to set up emc on another 2008 server soon.

    Update: Looked at the 2008 server and it seems the firewall has been set up as default and the ports were blocked so have created the rules and hey presto, can telnet with the correct response so hopw when I get to the problem school I can do the same and all will be well.

    Thanks for all the help, been fantastic to get such quick replies and I hope a solution to the problem.

    :20489