Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 19004 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console on Windows Server Essentials 2012

DanAvery

Hi,

I recently installed a new Server Essentials 2012 setup and installed Sophos Enterprise Console 5.2.1.97. I am unable to protect any of the computers from the central console despite creating a group policy to open ports 8192 and 8194 and set services (Windows Installer - manual, Task Scheduler - Automatic, Remote Registry - Automatic).

I've run through all the documentation and every time I try and push out the software to Windows 7 clients I receive the error:

21/11/2013 10:00:55 80070002 The installation could not be started: The system cannot find the file specified. The computer may need additional configuration before installation. See knowledgebase article 29287.

I've already installed the Endpoint Security on the clients but cannot get the console to manage them.

Any advice would be appreciated.

Thanks

:45263


This thread was automatically locked due to age.
  • 0

    Hello DanAvery,

    I've already installed the Endpoint Security on the clients but cannot get the console to manage them

    by which method? Running setup.exe from the share and do they update from your server? Manage is not the same as deployment from the console (aka Protect computers) - BTW, how did you get them into SEC (Discover, Import ...)? If ESC has been installed from the CID and they do not report to the console this is a second issue.

    For the Protect problem one of these (rather old) threads (read all of them) might help at least in getting to the bottom of the problem: Sophos Enterprise Console 4.5.1.0 - Could not start installation program on the computer and he user has not been granted the requested logon type at this computer.

    HTH

    Christian

    :45275
  • 0

    Hi Christian,

    Thanks for the response.

    I've installed the endpoint from the server share for each PC. I then imported the PCs from Active Directory but unable to protect them from the console. I support several setups with Sophos however this is the first with Server Essentials 2012 and I've found the firewall configuration to be pretty awful so far (ie not allowing ping by default on clients!).

    :45277
  • 0

    Hello DanAvery,

    I've installed the endpoint from the server share

    then they should connect to the console and appear automatically - there's no need to Protect these. If they do not show as managed then there's an issue with RMS connectivity.

    unable to protect them

    As said, a different issue. While the threads definitely won't tell you what to do on SE2012 they name a number of things to check (e.g. whether the task has been created at all and if, its returncode).

    Christian

    :45283
  • 0

    Hi Christian,

    I've had a look at the threads suggested. I can see the task is created on the test PC but exits with code 0xa. Looking up the error it suggests the 'Environment is incorrect' but I've no idea what that means.

    As for the RMS connectivity, I have run the installer from each PC but they don't show in the console - how do I resolve the issue here?

    Thanks

    Dan

    :45287
  • 0

    Hello Dan,

    are the PCs Windows 7 or Windows 8? If the latter then it is expected to not to work. ERROR_BAD_ENVIRONMENT (this 0xa) denotes e.g. an incompatibility at the OS level.

    RMS [...] how do I resolve the issue here

    Start with the Network Communications Report - this will show whether the clients at least know their management server. The logs related to RMS install and initialize are in %windir%\Temp\ (the names make obvious which is which),  if there is an error in ClientMRInit please post it here (redact you addresses/names). The communication logs are in ProgramData\Sophos\Remote Management System\3\Router\Logs. Start with the oldest if there's more than one. You'll perhaps have to post part of it here, feel free to do so.

    Christian

    :45293
  • 0

    Hi Christian,

    The clients are all Windows 7 64 bit except one or 2 32bit Windows 7 PCs.

    I've opened a report from a client as follows (I've not deleted any information as there's nothing there to give away):


    Report generation time ( local time )
    22 November 2013 10:22:57

    Report generation time ( GMT )
    22 November 2013 10:22:57

    Computer name :
    BSPLPC03

    Windows domain :
    BSFP

    RMS router name :
    Router$BSPLPC03:27005

    IOR port number :
    8192

    SSLIOP port number :
    8194

    Parent addresses :
    SERVER,Server

    Current parent address :
    SERVER

    RMS router type :
    endpoint

    So it looks like it knows it's management server? The clients are updating by the way.

    I presume that its communication issue somewhere - the oldest Router Log shows errors obtaining a certificate:


    Report generation time ( local time )
    22 November 2013 10:22:57

    Report generation time ( GMT )
    22 November 2013 10:22:57

    Computer name :
    BSPLPC03

    Windows domain :
    BSFP

    RMS router name :
    Router$BSPLPC03:27005

    IOR port number :
    8192

    SSLIOP port number :
    8194

    Parent addresses :
    SERVER,Server

    Current parent address :
    SERVER

    RMS router type :
    endpoint

    But isn't appearing in the newest logs. What's the next step in resolving this please?

    Thanks

    :45351
  • 0

    Hello Dan,

    it does know its server. But you've pasted the report a second time instead of the RMS log

    isn't appearing in the newest logs

    Just post any errors (or if there are no obvious ones a "repeating block") from the newest as well.

    Christian

    :45353
  • 0

    Oops, I've posted the RMS log below:

    Oldest:

    20.11.2013 17:11:13 0A6C I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20131120-171113.log
    20.11.2013 17:11:13 0A6C I Sophos Messaging Router 3.4.1.3411 starting...
    20.11.2013 17:11:13 0A6C I Setting ACE_FD_SETSIZE to 138
    20.11.2013 17:11:13 0A6C I Initializing CORBA...
    20.11.2013 17:11:13 0A6C I Setting connection cache limit to 10
    20.11.2013 17:11:13 0A6C I Creating ORB runner with 4 threads
    20.11.2013 17:11:13 0A6C I Getting parent router IOR from SERVER:8192
    20.11.2013 17:11:13 0A6C I This computer is part of the domain BSFP
    20.11.2013 17:11:36 0A6C I This computer is part of the domain BSFP
    20.11.2013 17:11:36 0A6C I Getting parent router IOR from Server:8192
    20.11.2013 17:11:59 0A6C E Failed to get parent router IOR
    20.11.2013 17:11:59 0A6C E Failed to get certificate, retrying in 600 seconds
    20.11.2013 17:19:41 0A14 I Windows is shutting down...
    20.11.2013 17:19:42 0A6C E Router::Start: Caught Router stopped before certificate obtained

    Newest:

    22.11.2013 10:22:48 0AA0 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20131122-102248.log
    22.11.2013 10:22:48 0AA0 I Sophos Messaging Router 3.4.1.3411 starting...
    22.11.2013 10:22:48 0AA0 I Setting ACE_FD_SETSIZE to 138
    22.11.2013 10:22:48 0AA0 I Initializing CORBA...
    22.11.2013 10:22:48 0AA0 I Setting connection cache limit to 10
    22.11.2013 10:22:48 0AA0 I Creating ORB runner with 4 threads
    22.11.2013 10:22:48 0AA0 I Getting parent router IOR from SERVER:8192
    22.11.2013 10:22:48 0AA0 I This computer is part of the domain BSFP
    22.11.2013 10:22:48 0AA0 I Getting a new router certificate...
    22.11.2013 10:22:49 0AA0 I Creating cryptographic key pair
    22.11.2013 10:22:51 0AA0 I Installing new router certificate...
    22.11.2013 10:22:56 0AA0 I This computer is part of the domain BSFP
    22.11.2013 10:22:56 0AA0 E ACE_DLL::open failed for TAO_ImR_Client: Error: check log for details.
    22.11.2013 10:22:56 0AA0 E Unable to find service: ImR_Client_Adapter
    22.11.2013 10:22:56 0AA0 I This router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000e0000003139322e3136382e322e3130330001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100c400004f415401000000140000000100c4000100010000000000090101000000000014000000080000000100a60086000220
    22.11.2013 10:22:56 0AA0 I Successfully validated this router's IOR
    22.11.2013 10:22:56 0AA0 I Reading router table file
    22.11.2013 10:22:56 0AA0 I Host name: BSPLPC03
    22.11.2013 10:22:56 0AA0 I Local IP addresses: 192.168.2.103
    22.11.2013 10:22:56 0AA0 I Resolved name: BSPLPC03.BSFP.local
    22.11.2013 10:22:56 0AA0 I Resolved alias/es:
    22.11.2013 10:22:56 0AA0 I Resolved IP addresses: 192.168.2.103
    22.11.2013 10:22:56 0AA0 I Resolved reverse names/aliases: BSPLPC03.BSFP.local
    22.11.2013 10:22:56 0AA0 I Waiting for messages...
    22.11.2013 10:22:56 0E94 I Getting parent router IOR from SERVER:8192
    22.11.2013 10:22:56 0AA0 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360
    22.11.2013 10:22:56 0E94 I Received parent router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000d0000003139322e3136382e31362e32000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100d200004f415401000000140000000100d2000100010000000000090101000000000014000000080000000100a60086000220
    22.11.2013 10:22:56 0E94 I Successfully validated parent router's IOR
    22.11.2013 10:22:56 0E94 I Accessing parent
    22.11.2013 10:22:56 0E94 I Parent is Router$Server
    22.11.2013 10:22:57 0E94 I Registered with parent router
    22.11.2013 10:22:57 0E94 I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
    22.11.2013 10:22:57 0E94 I RouterTableEntry state (router, logging on): Router$Server is passive consumer, passive supplier
    22.11.2013 10:22:57 0E94 I Logged on to parent router as Router$BSPLPC03:27005
    22.11.2013 10:22:57 0E94 I This computer is part of the domain BSFP
    22.11.2013 10:22:59 0AD4 I Logged on Agent for certification
    22.11.2013 10:23:00 0E84 I Routing to parent: id=028F3084, origin=Router$BSPLPC03:27005.Agent, dest=CM, type=Certification.CertRequest
    22.11.2013 10:23:00 0E7C W Expanded Envelope, id=028F3084, type=Certification.CertRequest, no Originator Cert
    22.11.2013 10:23:00 0E7C I Sent message (id=028F3084) to Router$Server
    22.11.2013 10:23:00 0E84 I Routing to Agent: id=008F3084, origin=Router$Server.CM, dest=Router$BSPLPC03:27005.Agent, type=Certification.CertResponse
    22.11.2013 10:23:02 0AE0 I Logged off Agent
    22.11.2013 10:23:03 0AD4 I Registered client Agent
    22.11.2013 10:23:03 0AE0 I Client::LogonPushPush() successfully called back to client
    22.11.2013 10:23:03 0AE0 I Logged on Agent as a client
    22.11.2013 10:23:08 0E84 I Received message for this router
    22.11.2013 10:23:11 0E84 I EM-NotifyClientUpdates originator Router$BSPLPC03:27005.Agent
    22.11.2013 10:23:11 0E84 I Received message for this router
    22.11.2013 10:23:11 0E84 I EM-GetClientStatus EMLib originator Router$BSPLPC03:27005.Agent
    22.11.2013 10:23:11 0E84 I Routing to Agent: id=008F308F, origin=Router$BSPLPC03:27005, dest=Router$BSPLPC03:27005.Agent, type=EM-NotifyClientUpdates-Reply
    22.11.2013 10:23:11 0E84 I Routing to Agent: id=028F308F, origin=Router$BSPLPC03:27005, dest=Router$BSPLPC03:27005.Agent, type=EM-GetClientStatus-Reply
    22.11.2013 10:23:11 0E7C I Sent message (id=008F308F) to Agent
    22.11.2013 10:23:11 0E7C I Sent message (id=028F308F) to Agent
    22.11.2013 10:23:23 0E84 I Routing to parent: id=008F309B, origin=Router$BSPLPC03:27005.Agent, dest=EM, type=EM-GetStatus-Reply
    22.11.2013 10:23:23 0E78 I Sent message (id=008F309B) to Router$Server
    22.11.2013 10:23:24 0E84 I Routing to Agent: id=008F309C, origin=Router$Server.EM, dest=Router$BSPLPC03:27005.Agent, type=EM-SetConfiguration
    22.11.2013 10:23:24 0E80 I Sent message (id=008F309C) to Agent
    22.11.2013 10:23:24 0E84 I Routing to Agent: id=028F309C, origin=Router$Server.EM, dest=Router$BSPLPC03:27005.Agent, type=EM-SetConfiguration
    22.11.2013 10:23:24 0E7C I Sent message (id=028F309C) to Agent
    22.11.2013 10:23:24 0E84 I Routing to Agent: id=048F309C, origin=Router$Server.EM, dest=Router$BSPLPC03:27005.Agent, type=EM-SetConfiguration
    22.11.2013 10:23:24 0E78 I Sent message (id=048F309C) to Agent
    22.11.2013 10:23:24 0E84 I Routing to Agent: id=068F309C, origin=Router$Server.EM, dest=Router$BSPLPC03:27005.Agent, type=EM-SetConfiguration
    22.11.2013 10:23:24 0E80 I Sent message (id=068F309C) to Agent
    22.11.2013 10:23:24 0E84 I Routing to Agent: id=088F309C, origin=Router$Server.EM, dest=Router$BSPLPC03:27005.Agent, type=EM-SetConfiguration
    22.11.2013 10:23:24 0E7C I Sent message (id=088F309C) to Agent
    22.11.2013 10:23:24 0E84 I Routing to Agent: id=0A8F309C, origin=Router$Server.EM, dest=Router$BSPLPC03:27005.Agent, type=EM-SetConfiguration
    22.11.2013 10:23:24 0E78 I Sent message (id=0A8F309C) to Agent
    22.11.2013 10:23:54 0E84 I Routing to parent: id=008F30BA, origin=Router$BSPLPC03:27005.Agent, dest=EM, type=EM-GetStatus-Reply
    22.11.2013 10:23:54 0E80 I Sent message (id=008F30BA) to Router$Server
    22.11.2013 10:28:54 0E84 I Routing to parent: id=008F31E6, origin=Router$BSPLPC03:27005.Agent, dest=EM, type=EM-EntityEvent
    22.11.2013 10:28:54 0E7C I Sent message (id=008F31E6) to Router$Server
    22.11.2013 10:29:19 0E84 I Routing to parent: id=008F31FF, origin=Router$BSPLPC03:27005.Agent, dest=EM, type=EM-GetStatus-Reply
    22.11.2013 10:29:19 0E78 I Sent message (id=008F31FF) to Router$Server

    Apologies for the error before!

    Thanks

    Dan

    :45355
  • 0

    Hello Dan,

    thanks for the logs. The error in the oldest was apparently transient. If I'm not mistaken the newest shows that

    • the client has sent a certificate request and received a reply
    • it did receive policies from SEC
    • it sent its status and an event to SEC

    Thus it should not only "show" in the console but it should also be in a group other than Unassigned (otherwise there wouldn't be these EM-SetConfiguration messages).

    Christian

    :45359
  • 0

    Hi Christian,

    This PC has shown up on the console (not sure if thats annoying or not!) so I've attempted to protect the PCs from the console again. I guess a firewall rule yesterday may have fixed the issue but I didn't give enough time for group policy to roll out.

    I've not done anything different on this PC specifically as I've made any changes through group policy. I'll keep you updated on whether this is successful.

    Thanks again for your help.

    Dan

    :45361