Enterprise Console 4.5.1.0 Issue

Hello John,

so you didn't check whether SAV (9.5 I assume) was working on the PC before restarting?

Can you open the SAV GUI and can you access the updating log? Apart from that check the logs in the system temp directory (C:\WINDOWS\TEMP) - those with Install in their name - and the ones under %ProgramData%\Sophos\Remote Management System\3\. Tell us what you've found.

Christian

Hi Christian,

Many thanks for your prompt reply.

I did have a look on the client PC straight after roll-out to see if the installation had been successful. I was able to launch the GUI and access the update log. Nothing out of the ordinary was logged, other than the request for a restart.

I checked the other logs you mentioned in your reply and they appeared OK (I have to admit though, I wasn't too sure what I should be looking for).

However, a couple of entries (shown below) in the RMS Agent and Router logs may be of interest:

Agent Log:

18.10.2010 15:22:14 02D0 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Agent/Logs/Agent-20101018-142214.log
18.10.2010 15:22:14 02D0 I Sophos Management Agent 3.2.0.2013 starting...
18.10.2010 15:22:14 07A4 I AdapterManager::LoadAdapter, adapter ALC does not export GetAdapterVersion
18.10.2010 15:22:14 07A4 I SAUAdapter - SAU Update status information read from C:\ProgramData\Sophos\AutoUpdate\data\status\AUAdapter.xml
18.10.2010 15:22:14 07A4 I SAUAdapter - SAU IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
18.10.2010 15:22:14 04FC I SAUAdapter - SAU IPCListener::Wait started
18.10.2010 15:22:14 04FC I SAUAdapter - SAU IPCListener::Wait Waiting for more messages
18.10.2010 15:22:14 0D5C I SAUAdapter - SAU AdapterImpl: Notifying agent of configuration change
18.10.2010 15:22:14 0D5C I SAUAdapter - SAU AdapterImpl: Notifying agent of status change: <?xml version="1.0" encoding="utf-8" ?><status xmlns="com.sophos\mansys\status" type="sau"><CompRes xmlns="com.sophos\msys\csc" Res="NoRef" policyType="1" /><autoUpdate xmlns="http://www.sophos.com/xml/mansys/AutoUpdateStatus.xsd"><endpoint id="ef290883-55a5-4c9e-bb7c-28487baf3de4" /></autoUpdate></status>
18.10.2010 15:22:14 02D0 E ACE_Select_Reactor_T::open failed inside ACE_Select_Reactor_T::CTOR: An operation was attempted on something that is not a socket.
18.10.2010 15:22:14 02D0 E (2192|720) ORB Core unable to initialize reactor: An operation was attempted on something that is not a socket.
18.10.2010 15:22:14 02D0 E Agent::Start: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/INITIALIZE:1.0'
TAO exception, minor code = 0 (ORB Core initialization failed; unspecified errno), completed = NO

Router Log:

18.10.2010 15:26:01 09C8 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20101018-142601.log
18.10.2010 15:26:01 09C8 I Sophos Messaging Router 3.2.0.2013 starting...
18.10.2010 15:26:01 09C8 I Setting ACE_FD_SETSIZE to 138
18.10.2010 15:26:01 09C8 I Initializing CORBA...
18.10.2010 15:26:01 09C8 I Setting connection cache limit to 10
18.10.2010 15:26:01 09C8 E ACE_Select_Reactor_T::open failed inside ACE_Select_Reactor_T::CTOR: An operation was attempted on something that is not a socket.
18.10.2010 15:26:01 09C8 E (1108|2504) ORB Core unable to initialize reactor: An operation was attempted on something that is not a socket.
18.10.2010 15:26:01 09C8 E Router::Start: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/INITIALIZE:1.0'
TAO exception, minor code = 0 (ORB Core initialization failed; unspecified errno), completed = NO
 
18.10.2010 15:26:01 09C8 I Restarting...

I'm really not sure what I should be looking for here. Hopefully these extracts will throw some light on the issue.

Many thanks again.

John P

Hello John,

you probably won't expect that I had the same problem :smileywink:

I'd say - something is missing. Now you could try to find out what it is and why. I would re-attempt the install as it looks like some of the isolated and more or less irreproducible installation/Installer issues I have encountered. It might be necessary to uninstall first (in the order AutoUpdate, SAV, RMS). If it fails the same way then we'll have to dig deeper ...

Christian

Hi Christian,

I will uninstall and try it again. Will keep you posted of any progress made.

Many thanks,

JP

Hi Christian,

I did an uninstall in the order you suggested and pushed SAV out again from Enterprise Console. No change, I'm afraid. The PC is still shown as disconnected in the Console and the Sophos Agent and Message Router services have terminated unexpectedly.

Any suggestions would be much appreciated.

John P

Any suggestions would be much appreciated

If I had them at  5:30 pm. One thing is to remove all Installer Info (not uninstalling) using msicuu2.exe (withdrawn but can be found on the net) and then reinstall.

Dunno if it could be a Windows setting. 

Christian

Hi,

Based on the error I would suggest following:

http://support.microsoft.com/kb/318584

 Thanks

Jak

Hi folks,

I have raised a call with Sophos Support in relation to this issue. I will post if a solution is forthcoming. Many thanks for all your help and suggestions.

Best regards,

John P

Hi @ll

i`ve the same error. Now I verified, that Sophos have problems with my TMG Client.

If I delete my TMG client, all is fine.

If I reinstall the Forefront TMG Client, the errors are back.

The system log is showing following:

+++

Log Name:      System
Source:        Service Control Manager
Date:          28.10.2010 13:38:20
Event ID:      7031
Task Category: None
Level:         Error

The Sophos Agent service terminated unexpectedly.  It has done this 70 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

+++

That error is recurrently ervery minute.

The agent log contain following:

+++

28.10.2010 13:27:22 0AD4 I SAV adapter loaded
28.10.2010 13:27:22 0AD0 E ACE_Select_Reactor_T::open failed inside ACE_Select_Reactor_T::CTOR: An operation was attempted on something that is not a socket.
28.10.2010 13:27:22 0AD0 E (4440|2768) ORB Core unable to initialize reactor: An operation was attempted on something that is not a socket.
28.10.2010 13:27:22 0AD0 E Agent::Start: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/INITIALIZE:1.0'
TAO exception, minor code = 0 (ORB Core initialization failed; unspecified errno), completed = NO

...

...

28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU DeRegisterStateObserver : 00642F98
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU DeRegisterConfigStateObserver : 00642F9C
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU DeRegisterEventObserver : 00642FC0
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU Adapter is being deleted: 006482B8
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU ~AdapterImpl
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU SAUPolicy::Save
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU SAUPolicy::Save successful
28.10.2010 13:27:27 0AD0 I SAUAdapter - SAU Update status information saved to C:\ProgramData\Sophos\AutoUpdate\data\status\AUAdapter.xml
28.10.2010 13:27:27 0EE0 I SAUAdapter - SAU IPCListener::Wait exiting
28.10.2010 13:27:27 0AD0 I Restarting...

+++

The router log:

28.10.2010 13:41:18 0B7C I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20101028-114118.log
28.10.2010 13:41:18 0B7C I Sophos Messaging Router 3.2.0.2013 starting...
28.10.2010 13:41:18 0B7C I Setting ACE_FD_SETSIZE to 138
28.10.2010 13:41:18 0B7C I Initializing CORBA...
28.10.2010 13:41:18 0B7C I Setting connection cache limit to 10
28.10.2010 13:41:18 0B7C E ACE_Select_Reactor_T::open failed inside ACE_Select_Reactor_T::CTOR: An operation was attempted on something that is not a socket.
28.10.2010 13:41:18 0B7C E (3596|2940) ORB Core unable to initialize reactor: An operation was attempted on something that is not a socket.
28.10.2010 13:41:18 0B7C E Router::Start: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/INITIALIZE:1.0'
TAO exception, minor code = 0 (ORB Core initialization failed; unspecified errno), completed = NO
 
28.10.2010 13:41:18 0B7C I Restarting...

But i have no idea...

Hi folks,

I said I would post if any progress was made in relation to this issue.

Turns out that SAV Version 9.5 appears to conflict with another application we have installed on our client PCs. The application in question, Microsoft Client Firewall for ISA Server somehow causes the Sophos Agent & Sophos Message Router services to fail if any aspect of Web Protection is enabled in the Anti-Virus and HIPS policy. If the Web Protection elements are turned off and SAV redeployed from Enterprise Console, everything seems to work OK. The above mentioned services keep running and the PC is seen as being connected and can be managed by Enterprise Console.

A product defect has been raised by Sophos (DEF63008) and hopefully will be rectified with the next major release of SAV (v9.7) sometime in February 2011 (Big thanks go to JM & WB in Sophos Support for their assistance in getting to the bottom of this issue).

Hope this is of some assistance to others who may experience similar difficulties.

Best regards,

John P