steps for setup child server

Hello Christian

Thank you for your replay. Always trouble you.

Some points need clarify before doing since I am the new one for sophos

1. Don’’’’t know each folder function and files purpose.  

Where SUM_Status.xml I should delete (parent sv or child sv)? Also can delete contents under Working and warehouse folders in parent server?

Since parent server, before delete I need double confirm.

2. What’’’’s SESC? SOPHOSESC is parent server (updated). Only one child server not updated.

3.deleting the mentioned files. Means delete SUM_STATUS.XML, working folder and warehouse folder (all subfolder and all files) in parent server? Right?  Will affect other child server or parent server?

4. Writing to the CID fails. You know which files in CID to write in?

Also can delete all contents and files under CID folder?

 Best Regards,

Hello yh,

What’’’’s SESC

I was referring to the Sophos Anti-Virus updates on a client computer, not the SUM (CID) updating process.

If you delete SUM_Status.xml, working and warehouse the server (whether parent or child) starts all over with the download-decode-deploy (i.e. writing/updating the CIDs) process. If you delete the warehouse on the parent the child SUMs can only successfully update when it has been rebuilt. In case you delete to CID contents too it means that they will be completely rebuilt. Of course clients can't update until this is done but otherwise it just means some additional load on the server.

If you delete the warehouse on a child it has to download all the files again but it has no other effect on the parent.

SOPHOSESC is parent server (updated). Only one child server not updated

If other child SUMs update correctly then it's most likely not the parent's fault and you should delete the stuff on the child.

Also can delete all contents and files under CID folder?

Yes (but - if your subscriptions include Sophos for Mac deleting the CID from explorer will likely fail as the pathnames are too long, just shorten the name of an upper level folder). If delete fails you'd have to investigate - if it works the server will (hopefully) rebuild the CID an that's it.  

Christian

Hello: Christian

Trouble you so many times. Thank you!

I tried to delete SUM_Status.xml, contents under CID, warehouse and working folder in child server, but parent server side still shown threat detection dta update failed.

Also tried to uninstall SUM and clear all folder and sophos in registry  in child server. And reinstall, parent server still shown same.

Best Regards

but parent server side still shown threat detection data update failed

Is this message recent? A screenshot of  View Update Manager Details would help (upload it to some public service and include the link).

Christian

Hello, Jak

Hello, Christian

Attached the log for this child server  from View Update Manager Details.

'Computer name childSV1'

Computer description

Operating system Windows 2003

Service pack Service Pack 2

Domain/workgroup childSV1

IP address 192.168.43.2

Time of last binary update Never

Time of last protection data update Never

Outstanding alerts and errors

Update manager status Date/time Code Description

1/7/2011 10:04:43 AM 80040401 Software update failed.

1/7/2011 10:04:43 AM 80040404 Threat detection data update failed.

History

Update manager status Date/time Code Description

1/7/2011 10:04:43 AM 80040401 Software update failed.

1/7/2011 10:04:43 AM 80040404 Threat detection data update failed.

1/7/2011 10:04:12 AM 80040401 Software update failed.

1/7/2011 10:04:12 AM 80040404 Threat detection data update failed.

1/7/2011 10:00:51 AM 80040404 Threat detection data update failed.

1/7/2011 9:59:51 AM 80040401 Software update failed.

1/7/2011 9:50:51 AM 80040404 Threat detection data update failed.

thanks & best regards,

Hello yh,

that was my suspicion - the entries are stale, almost a week old. Probably RMS on the child is not working as it should. Is childSV1 also listed under Endpoints and if so  what's the timestamp for Last message received from computer?

RMS information should be in ...\All Users\Application Data\Sophos\Remote Management System\3\Router\ - the logs are in the Logs subdirectory. If there is a file named ReportData.xml in NetworkReport open it. Are there any files in Envelopes?

Christian

Hello: Christian

1.what's the timestamp for Last message received from computer?

sorry which computer you mentioned.

2.Yes, has ReportData.xml in NetworkReport. Attached it.

Sophos network communications report

State of name resolution (DNS)

State of Sophos security framework

State of incoming communications from server

State of outgoing communications to server

Computer details

3. No any files in envelopes folder.

Thanks & Best Regards

Hello yh,

Last message from childsv1.

As your Network Report is fairly recent I'd expect also newer timestamps in SEC (and not 1/7/2011 10:04:43 AM). It's a little bit strange. I asked about the Last message because during recent test I had a case where the client/child didn't send any messages upstream (although it had a connection to the parent and everything else worked). Resolved itself with a reboot though. 

Unless Jak has some idea :smileyhappy: I'd suggest engaging Support 'cause a closer look at the logs might be needed.

Christian

Hi YH,

have you solved the RMS issue can u share with me what is the root cause and troubleshooting steps to solve the issue.

My problem started after childSUM have been install and configured, all client is up to date with policy and appear on console until childSUM server crash blue screen. :smileyhappy: