Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Message Relay function

Azwan

Hi All,

As per subject above appreciate if someone can guide or explanation regarding message relay e.g message relay frequent udate or how it relay endpoint message once receive. 

Reason is customer informed that  console status didn't tally/reported back to console, example trying to performed device exemption on console once user plugin USB device and blocked however consolde didn't receive the message .

Restarting services below are also didn't have any effect when try to exempt device as mention above. Thanks

-----------------------------------------

Stop the "Agent" service
Stop the "Sophos Message Router" service

C:\ProgramData\Sophos\Remote Management System\3\Router\Envelopes
Delete all msg files present

C:\ProgramData\Sophos\Remote Management System\3\Router
Delete 'table_router.txt'

Start the "Agent" service
Start the "Sophos Message Router" service

---------------------------------------------------------

Console:

Windows Win2008

Sophos Enterprise Console v5

MSSQL 2008 R2

8192-8193,8194 open

Relay server:

Windows 2003

8192-8193,8194 open

:26995


This thread was automatically locked due to age.
Parents
  • 0

    Hello Azwan,

    does it affect only one client or are there issues with all clients "behind" the relay?

    As it is not clear where the problem could be located (and what's working and what not) I'll try to outline what to check:

    Is the Last message time (under Computer Details) of the relay current? You could check that reports are received immediately by triggering an alert on the relay using EICAR

    If the alert isn't displayed after a few seconds then the problems is the relay communicating with SEC

    If the above works as expected do the same for the client. If you see the alert then it's probably the downstream path which doesn't work (SEC should be able to connect to the relay's 8194 and the relay in turn to the client's 8194 port)

    If the upstream communication fails please view the Network Communications Report (on both the relay and the client) whether it displays the correct upstream parent.

    Christian

    :26999
Reply
  • 0

    Hello Azwan,

    does it affect only one client or are there issues with all clients "behind" the relay?

    As it is not clear where the problem could be located (and what's working and what not) I'll try to outline what to check:

    Is the Last message time (under Computer Details) of the relay current? You could check that reports are received immediately by triggering an alert on the relay using EICAR

    If the alert isn't displayed after a few seconds then the problems is the relay communicating with SEC

    If the above works as expected do the same for the client. If you see the alert then it's probably the downstream path which doesn't work (SEC should be able to connect to the relay's 8194 and the relay in turn to the client's 8194 port)

    If the upstream communication fails please view the Network Communications Report (on both the relay and the client) whether it displays the correct upstream parent.

    Christian

    :26999
Children
No Data