Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2215 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with SEC and Update Managers

JayMan

Hi all,

We have SEC installed on a server and Update Managers installed in our 10 sites. The update policies for the computers in each site are setup to goto the update manager for that site.

The problem we are having are the end points are still calling back to the SEC and overloading our network connection.

Do we need to install the message relay on each one of our 10 sites as well to stop the machines from connecting to the console but to use the relay?

:39305


This thread was automatically locked due to age.
  • 0

    Also to add.  According to Server 2008 R2 Resource Manager all the connections are coming into Image: System on Port 80

    :39307
  • 0

    HI,

    I assume that although you mention port 80, that's not AutoUpdate using it for updating over HTTP?  I assume from what you said you have updating as UNC paths?  I just want to rule out updating.

    The other part of the system (client to server) that uses port 80 (by default) is patch,  do all the endpoints have the patch agent installed?

    You can configure the patch agents to use a local proxy:

    http://www.sophos.com/en-us/support/knowledgebase/117121.aspx

    Mcescan.cab is the file, that is probably killing the network connection, as all clients are required to download that and it's about 60MB.

    Regards,

    Jak

    :39309
  • 0

    Yes update policies are setup with UNC.

    All endpoints do have patch installed.

    Is the 60MB a 1 time download or is it always going to happen?

    :39311
  • 0

    Is it possible all the traffic is from RMS aka RouteNT.Exe?     Would the Message Relays stop this?

    1000's of small connections could be building upto one big issue.

    :39313
  • 0

    For the time being until tonight I had windows firewall block port 80. That stopped the massive upload traffic. I also blocked 8194 until I can get message relay working which I hope will solve the issue of all the stations calling back to the SEC.

    :39315
  • 0

    Hi,

    Do you have patch installed on the clients?  Obviously if you don't then patch isn't the source of the traffic, if you do, this is the most likely candidate.

    The file mcescan.cab is downloaded by the agent whenever Microsoft updates the file, which might be every month?

    Using a relay for RMS will not cut down on the amount of traiffc just the number of direct connections.

    Regards,

    Jak

    :39317