This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Odd Issues with Enterprise Console 4.5

Hi all.

I've been doing a quick lab with 4.5 before putting it into production but I've encountered a few issues.

For information I'm running on 2008 SP2 x64. Using the inbuilt SQL express 2008 although in production it will use the full fat version.

Now the issues.

First the Sophos Management Service won't start correctly. The service seems to start if left over night (Possible SQL slow to start issue?) I don't know SQL very well but was wondering if the database is starting correctly. I'm getting two events. In System I get Event ID 7031, "The service terminated unexpectedly". In the application logs I've got Event ID 8004 " Data: 0x80007042b - The process terminated unexpectedly".

The other issue is the console, the status window appears to have frozen. Lab PC's are updating ok and polices appear to be applying as I can see the changes on the endpoints when I change something in the policy but the console still shows them as "awaiting policy transfer".

I'll be raising a support call later but thought I'd ask on here first.

This thread was automatically locked due to age.

Parents

0 jak over 15 years ago

Hi,

Firstly I'll clear up a couple of things, in terms of the ports require to be open for RMS to work:

In order for the management server's message router to connect to the client for immediate message delivery downstream, the client needs port 8194 TCP open. If the server's message router is unable to connect to the client on TCP 8194 then the system relies on the client polling the server for outstanding messages. The poll interval is defined in the registry as the GetterInterval which is 15 minutes. The client does initiate the connection to the server and is required to be able to connect on port 8192 and 8194 (both TCP).

So on the server allow incoming TCP to 8192 and 8194.

On the clients incoming TCP 8194 is preferred to speed up downstream messages reaching the client but RMS will work, albeit it slower, as long as the client can connect to the server.

The log shows 2 things of interest:

1.

06.07.2010 20:45:16 0320

E NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
ClientConnection::Reconnect()

This shows that the Sophos Agent service (ManagementAgentNT.exe) is unable to contact port 8192 TCP on the machine.

The agent is trying to read the IOR string exposed by the message router (routernt.exe) on port 8192. If it can't do this, then it can't read the IOR string which tells the agent to connect back on port 8194 TCP of the router. Without this communication, status of the machine will not be returned as the agent gathers this information and sends it into the system via the router.

This could be a transient error and you may see this if the router is restarted for example but the first thing to check is that the router is started and then consider why another local process on the machine is unable to connect to port 8192 but I would expect this to be a transient error.

2.

The Sphos agent process needs to establish a connection to Sophos Update Manager to report on what it is doing.

To do this, the agent connects to TCP port 51234 which is exposed by the SUM process.

so again it is 2 local processes trying to communicate to each other using a socket.

So in summary:

I would check that you have the sum process listening on 51234 and that the router is listening on 8192.

I hope this offers some guidance.

Thanks,

Jak

:3906
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 15 years ago

Hi,

Firstly I'll clear up a couple of things, in terms of the ports require to be open for RMS to work:

In order for the management server's message router to connect to the client for immediate message delivery downstream, the client needs port 8194 TCP open. If the server's message router is unable to connect to the client on TCP 8194 then the system relies on the client polling the server for outstanding messages. The poll interval is defined in the registry as the GetterInterval which is 15 minutes. The client does initiate the connection to the server and is required to be able to connect on port 8192 and 8194 (both TCP).

So on the server allow incoming TCP to 8192 and 8194.

On the clients incoming TCP 8194 is preferred to speed up downstream messages reaching the client but RMS will work, albeit it slower, as long as the client can connect to the server.

The log shows 2 things of interest:

1.

06.07.2010 20:45:16 0320

E NoRouterIORException: Caught MSClient::Connect: failed to get router's IOR from supplied address and port.
ClientConnection::Reconnect()

This shows that the Sophos Agent service (ManagementAgentNT.exe) is unable to contact port 8192 TCP on the machine.

The agent is trying to read the IOR string exposed by the message router (routernt.exe) on port 8192. If it can't do this, then it can't read the IOR string which tells the agent to connect back on port 8194 TCP of the router. Without this communication, status of the machine will not be returned as the agent gathers this information and sends it into the system via the router.

This could be a transient error and you may see this if the router is restarted for example but the first thing to check is that the router is started and then consider why another local process on the machine is unable to connect to port 8192 but I would expect this to be a transient error.

2.

The Sphos agent process needs to establish a connection to Sophos Update Manager to report on what it is doing.

To do this, the agent connects to TCP port 51234 which is exposed by the SUM process.

so again it is 2 local processes trying to communicate to each other using a socket.

So in summary:

I would check that you have the sum process listening on 51234 and that the router is listening on 8192.

I hope this offers some guidance.

Thanks,

Jak

:3906
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data