Enterprise Console 4.7 not starting

HI,

So if you restart the Sophos Management Service, what gets logged to the Application Event log an error?  If so what is it?

Cheers,

Jak 

hi

Restarting the management server doesn't bring the console back again. If haven even boot the server.

Update:

console is back again!!! It took ages to load.

The amount of "connected" machines is increasing very slowly.

Good Day oli

Is the 4.7 a upgrade from 4.5? or was a it a clean install?

The Sophos mangement service is the link between the console and the Sophos database.

The Sophos management service should automatically start and run when the system boots up.

If you have upgraded the console, and kept the certauthstore certificate in the registry, the machines will pull back into the console after the upgrade, as this certificate holds the current config set and machine information on your network.

Please leave the console open until 'connected' machines number has stabilized. You can configure the policies and your console while the machines are pulling back into your console.

Kind Regards

hi

It's an upgrade from 4.5 to 4.7

After the week-end, the console has "stabilized", but that took very long.

By the way: what it the normal amount of envelopes in the envelopes folder?

Good Day Oli

The evenlopes which fall under your groups on the left pane, are all your groups which was created by you or a adminstrator and  in the enterpise console 4.5.

The upgrade uplifts everything what you had in 4.5 to 4.7 console. the number of envolopes varies depending on your network, or whne syncing with your AD.

the envolopes are fully configurable, you can delete, create and edit.

Kind Regards

HI,

There is not really a "normal" number of envelopes (.msg files in the Envelopes directory).  It depends what is taking place on the system.

Typically if there is a build up on the server, they tend to be outgoing messages, i.e. Em-Set-Configuration, or EM-Do-Action. More than likely they come about by someone selecting all machines and chosen to comply all policies or a policy change has been made affecting a large number of machines.  For the machines that are connected, they should get the message in a few seconds providing the clients are actually logged on and have port 8194 open, for all the disconnected machines or those that can't be connected on 8194, the messages will be queued on the server until the clients log back in or those active clients next poll the server for messages, which by default is every 15 minutes.  

The above could account for a large number of messages as each policy would account for a single message and when you multiple that by 1000 disconnected machines you start to have quite a number of messages.  The set-config and do-action messages will time out within a few days if not delivered.  The TTL value in the message file will give you the time when the message expires when converted as it's in Epoch time.  So after an upgrade, when your changing policies, etc, all machines will be sent messages.  I suspect, that's what you're seeing, so over the next 3 days they should start to go down as clients log in or as messages time out.

Something is typically wrong in the system or it would be under very heavy load for incoming messages on the server to back up.  E.g. Virus outbreak or the connection between the router and the management server is disconnected, forcing the router to queue all messages.

Also of note, as of  SEC 4.7, when the management service performs its maintenance tasks once a day, it will also mark any machine that hasn't sent in a status message or entity event (last message time) within 24 hours as disconnected.  You can filter on this time in the computer list view, under the computer details tab.  This helps us only perform tasks on machines that should be connected and also makes the "number of out of date machines" look much healthier as the "connected" state is now more reliable.

Regards,

Jak