Hello,
I'm having a problem with one of our machines. It is connected, but doesn't show as connected in the console. The firewall isn't on and I can ping the ip-address. And it seems the machine is till doing his update, probably via the sophos server (I set it up to be the second update server) instead of our server. What could it be?
Jo
Thanks a lot Christian( again ;) ), but even after I changed it there, I cannot get the Sophos Message Router started. is there a way to completely uninstall Sophos from that machine and also all references in the registry, so Icloud try to reinstall it afterwards. Or are there other things I could check, do, ...?
Jo
Christian,
I checked the ClientMRIni log and here it is:
23.05.2011 12:20:39 05F4 I SOF: C:\Windows\TEMP/ClientMRInit-20110523-102039.log 23.05.2011 12:20:39 05F4 D ClientMRInit installing 23.05.2011 12:20:39 05F4 D mrfile=`MRInit.conf` cafile=`cac.pem` filepath=`C:\Program Files (x86)\Sophos\Remote Management System"` rtrname=`Router` logpath=`C:\Windows\TEMP` 23.05.2011 12:20:39 05F4 I Opening initialisation file: C:\Program Files (x86)\Sophos\Remote Management System/MRInit.conf 23.05.2011 12:20:39 05F4 I Opening root certificate initialisation file: C:\Program Files (x86)\Sophos\Remote Management System/cac.pem 23.05.2011 12:20:39 05F4 I Intelligent updating is: Off 23.05.2011 12:20:39 05F4 E MRInitData failed with exception: CAccessFailureException:CACertificate not found 23.05.2011 12:20:39 05F4 D Old certificate not present, using new. 23.05.2011 12:20:39 05F4 T New Message Router identity key is present. 23.05.2011 12:20:39 05F4 T New Managed Application identity key is present. 23.05.2011 12:20:39 05F4 T New Management Agent identity key is present. 23.05.2011 12:20:39 05F4 D CheckParentAddress( `*** NOT SET ***`->`PC20-121.RBINS,PC20-121` ) 23.05.2011 12:20:39 05F4 D IsThisComputer[PC20-121.RBINS,PC20-121] 23.05.2011 12:20:39 05F4 D Found 6 addresses 23.05.2011 12:20:39 05F4 D Just use new parent 23.05.2011 12:20:39 05F4 I Parent router IOR port: 8192 23.05.2011 12:20:39 05F4 I New router IOR port: 8192 23.05.2011 12:20:39 05F4 I Setting router service arguments: "-ORBListenEndpoints iiop://:8193/ssl_port=8194" 23.05.2011 12:20:41 05F4 I ClientMRInit successful exit
The fact this pc has several IP addresses is because he uses virtualbox. For that case I posted those two links.
Jvuz
Looks ok so far (still wonder why the additional .RBINS name is there). Can you find the corresponding entries in the Router logs on PC20-121 (which I assume act as your management server)? They might have a hint why the client receives the NO_PERMISSION error.
Christian
This is the result of the ipconfig /all on PC20-121 (which act as server):
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC20-121
Primary Dns Suffix . . . . . . . : RBINS
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : RBINS
kbinirsnb.be
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : kbinirsnb.be
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : XX-XX-XX-Xx-XX-XX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.20.121(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 20 May 2011 08:04:30
Lease Expires . . . . . . . . . . : 26 May 2011 08:04:30
Default Gateway . . . . . . . . . : 192.168.20.1
DHCP Server . . . . . . . . . . . : 192.168.20.4
DNS Servers . . . . . . . . . . . : 192.168.20.11
192.168.14.16
Primary WINS Server . . . . . . . : 192.168.20.16
NetBIOS over Tcpip. . . . . . . . : EnabledHere you can find the log on that pc: http://www.2shared.com/file/0h3AoNtZ/Router-20110520-060436.html
Jo
Jo, are the client and the server running with the same time/timezone settings (and BTW what's the Primary DNS Suffix RBINS for)? While the server's logs show entries for PC20-126 on 23rd (i.e. yesterday) on the 24th there are almost not entries during the time covered by the client's log
=== Server === 24.05.2011 06:38:18 0A3C I Routing to EM: id=01DB3670, origin=Router$pc09-142:99014.Agent, dest=EM, type=EM-GetStatus-Reply 24.05.2011 06:38:18 0A34 I Sent message (id=01DB3670) to EM 24.05.2011 06:46:06 0A3C I Routing to EM: id=01DB380E, origin=Router$PC20-121.Agent, dest=EM, type=EM-GetStatus-Reply 24.05.2011 06:46:06 0A2C I Sent message (id=01DB380E) to EM 24.05.2011 06:56:06 0A3C I Routing to EM: id=01DB3A66, origin=Router$PC20-121.Agent, dest=EM, type=EM-GetStatus-Reply 24.05.2011 06:56:06 0A28 I Sent message (id=01DB3A66) to EM 24.05.2011 07:04:54 0900 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 6, max number of user ports 15360 === Client === 24.05.2011 06:49:13 0898 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20110524-044913.log 24.05.2011 06:49:13 0898 I Sophos Messaging Router 3.3.0.2059 starting... ..... 24.05.2011 07:05:14 08F0 I Accessing parent 24.05.2011 07:05:14 08F0 E ParentLogon::RegisterParent: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/NO_PERMISSION:1.0' Unknown vendor minor code id (0), minor code = 0, completed = NO
Do you have the client log corresponding to this time:
23.05.2011 13:37:20 0A3C I Routing to Router$PC20-126:72012: id=01DA46F0, origin=Router$PC20-121.EM, dest=Router$PC20-126:72012.Agent, type=EM-DoAction 23.05.2011 13:37:27 0A3C I Routing to Router$PC20-126:72012: id=01DA46F7, origin=Router$PC20-121.EM, dest=Router$PC20-126:72012.Agent, type=EM-SetConfiguration 23.05.2011 13:39:56 0950 I Writing router table file 23.05.2011 13:39:56 0950 I Registered router Router$PC20-126:117017 23.05.2011 13:39:56 0A3C I Routing to EM: id=01DA478C, origin=Router$PC20-121, dest=EM, type=EM-RouterRegistered 23.05.2011 13:39:56 0A1C I Sent message (id=01DA478C) to EM 23.05.2011 13:39:56 091C I RouterTableEntry state (router, logging on): Router$PC20-126:117017 is active consumer (will try to notify), active supplier 23.05.2011 13:39:56 091C I Logged on Router$PC20-126:117017 as a router 23.05.2011 13:39:56 0A3C I Routing to EM: id=03DA478C, origin=Router$PC20-121, dest=EM, type=EM-RouterLogon 23.05.2011 13:39:56 0A20 I Sent message (id=03DA478C) to EM 23.05.2011 13:39:56 0A3C I Routing to CM: id=01DA4575, origin=Router$PC20-126:117017.Agent, dest=CM, type=Certification.CertRequest 23.05.2011 13:39:56 0950 W Expanded Envelope, id=01DA4575, type=Certification.CertRequest, no Originator Cert 23.05.2011 13:39:56 0950 I Supplying message (id=01DA4575) to CM
As you see there was a change (Router$PC20-126:72012 --> Router$PC20-126:117017) and I wonder what the client did at this time.
As for the NO_PERMISSION error I didn't find anything which could explain it to me. So you should perhaps call Support about it. They probably know more about its meaning.
Christian
I'm having this same issue.
I checked the registry on the client, its not receiving the server certificate. The HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private registry key is empty.
The latest log file here C:\ProgramData\Sophos\Remote Management System\3\Router\Logs reports an error:
07.08.2013 10:57:42 0FC0 E Failed to get certificate, retrying in 600 seconds
07.08.2013 11:07:43 0FC0 I Getting parent router IOR from WIN-C3IG4ZGDGFD.att.net:8192
07.08.2013 11:07:43 0FC0 I Getting a new router certificate...
07.08.2013 11:08:29 0FC0 E Router::GetCertificate: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'
OMG minor code (2), described as '*unknown description*', completed = NO
Any suggestions?
Hello Ed_,
I'm having this same issue
please be careful with such conclusions. While it is a good idea to follow up on an existing and applicable thread you should make sure that it is indeed the same or a similar issue - not just on the surface (i.e. not showing as connected). Following the thread you'd have seen that you didn't get as far as Jvuz.
Anyway, it could be the client has problems accessing the parent's RMS port (8194). Would be interesting what is returned in the IOR (Getting parent router IOR from WIN-C3IG4ZGDGFD.att.net:8192). If you telnet WIN-C3IG4ZGDGFD.att.net 8192 it will return the IOR as response, please post it here if possible. Does your server get its address with DHCP - it looks like your mrinit.conf does not contain a numeric IP address for ParentRouterAddress.
Christian
Hi Christian,
I understand about following up on an existing thread. I usually try to add on to an existing thread whenever possible, perhaps too often.
Here is the telnet output per your request:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f75
7465723a312e300000000100000000000000a0000000010102000e0000003139322e3136382e312e
3234320001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f75
74657250657273697374656e740003000000010000004d657373616765526f757465720000000300
0000000000000800000001001001004f415401000000140000000100100101000100000000000901
01000000000014000000080000000100a60086000220
Connection to host lost.
All our network devices use DHCP.
Here is a portion of the client mrinit.conf:
"MRParentAddress"="WIN-C3IG4ZGDGFD.att.net,WIN-C3IG4ZGDGFD"
"ParentRouterAddress"="WIN-C3IG4ZGDGFD.att.net,WIN-C3IG4ZGDGFD"
Hello Ed_,
feeding the IOR through http://catior.org/(thanks, Jak, for the reference) gives:
Type ID: "IDL:SophosMessaging/MessageRouter:1.0"
Profiles:
1. IIOP 1.2 192.168.1.242 8193 "....NUP...!........RootPOA.RouterPersistent.........MessageRouter"
TAG_ORB_TYPE 0x54414f00
TAG_CODE_SETS char native code set: ISO-8859-1
char conversion code set:
wchar native code set: UTF-16
wchar conversion code set:
TAG_SSL_SEC_TRANS port = 8194 supports = 166 requires = 134that is, the response instructs the client to connect to 192.168.1.242 port 8194. Is this the correct address for WIN
-C3IG4ZGDGFD (i.e. ? If you telnet 192.168.1.242 8194 you should get a blank screen, wait about 10 seconds, press enter - this should quietly return you to the command prompt.
Christian