Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 13866 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

About Awaiting Policy Transfer and Up to date problems

Nok

Sophos Enterprise Console is 5.2.1.197

Sophos Endpoint is 10.3

We have around 260 Managed computer.

Recently , there are around 10 of computers show Awaiting Policy Transfer in the Console all the time.

It's also show Up to date "not since xxxxxxxx" .

However all of the virus definition is up to date in these 10 computers, I view the updating log in client side, there is no error and the log show that it can download the updates from the Sophos Server.

What should I do to fix these problems? 

There is an example photo, The ITD01 and ITD05 computer is online, but it show Awaiting Policy Transfer and not up to date now.

Thanks!

:52765


This thread was automatically locked due to age.
  • 0

    Hello Nok,

    could be that the endpoints are not communicating (note that the connected status is sometimes not correct) with SEC as they should. Go to the Computer Details tab and check the Last message time. Should be fairly recent, if not (and especially if it roughly corresponds to the Not since time) this suggests an RMS issue. You'd have to check the Message Router logs (%ProgramData%\Sophos\Remote Management System\3\Router\Logs\) then.

    Christian

    :52771
  • 0

    Thanks For your reply.

    I have checked the Computer Details (ITD01) . The last message received from computer is 8/12/2014 , which is same with the SEC.

    In the Router Logs, I search the word "ITD01" , it show the following:

    20.08.2014 08:17:36 3450 I RouterTableEntry state (router, logging on): Router$ITD01:72012 is active consumer (will try to notify), active supplier
    20.08.2014 08:17:36 3450 I Logged on Router$ITD01:72012 as a router

    20.08.2014 08:19:23 222C I RouterTableEntry state (router, logging on): Router$ITD05:81012 is active consumer (will try to notify), active supplier
    20.08.2014 08:19:23 222C I Logged on Router$ITD05:81012 as a router

    :52805
  • 0

    Hello Nok,

    apparently the endpoint's RMS can connect to the management server but fails to send its status. Please check the router as well as the agent logs on the endpoint (ITD10) - should be simple to locate this less-than-two-minutes interval. This could give a hint what's not working.

    Christian

    :52821
  • 0

    Here is the Log :

    27.08.2014 07:26:48 0E20 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20140826-232648.log
    27.08.2014 07:26:48 0E20 I Sophos Messaging Router 3.4.1.3411 starting...
    27.08.2014 07:26:48 0E20 I Setting ACE_FD_SETSIZE to 138
    27.08.2014 07:26:48 0E20 I Initializing CORBA...
    27.08.2014 07:26:48 0E20 I Setting connection cache limit to 10
    27.08.2014 07:26:48 0E20 I Creating ORB runner with 4 threads
    27.08.2014 07:26:49 0E20 I This computer is part of the domain SERVER
    27.08.2014 07:26:49 0E20 E ACE_DLL::open failed for TAO_ImR_Client: Error: check log for details.
    27.08.2014 07:26:49 0E20 E Unable to find service: ImR_Client_Adapter
    27.08.2014 07:26:49 0E20 I This router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e3000000001000000000000009c000000010102000a00000031302e312e332e35310001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001003d00004f4154010000001400000001003d000100010000000000090101000000000014000000080000000100a60086000220
    27.08.2014 07:26:49 0E20 I Successfully validated this router's IOR
    27.08.2014 07:26:49 0E20 I Reading router table file
    27.08.2014 07:26:49 0E20 I Host name: ITD01
    27.08.2014 07:26:49 0E20 I Local IP addresses: 10.1.3.51
    27.08.2014 07:26:49 0E20 I Resolved name: ITD01.mgt.nissinfoods.com.hk
    27.08.2014 07:26:49 0E20 I Resolved alias/es:
    27.08.2014 07:26:49 0E20 I Resolved IP addresses: 10.1.3.51
    27.08.2014 07:26:49 0E20 I Resolved reverse names/aliases: ITD01.mgt.nissinfoods.com.hk
    27.08.2014 07:26:49 0E20 I Waiting for messages...
    27.08.2014 07:26:49 0E20 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 5, max number of user ports 15360
    27.08.2014 07:26:49 0EE8 I Getting parent router IOR from 10.1.3.65:8192
    27.08.2014 07:26:49 0EE8 I Received parent router's IOR:
    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000a00000031302e312e332e36350001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100b700004f415401000000180000000100b700010001000100000001000105090101000000000014000000080000000100a60086000220
    27.08.2014 07:26:49 0EE8 I Successfully validated parent router's IOR
    27.08.2014 07:26:49 0EE8 I Accessing parent
    27.08.2014 07:26:49 0EE8 I Parent is Router$SS
    27.08.2014 07:26:49 0EE8 I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
    27.08.2014 07:26:49 0EE8 I RouterTableEntry state (router, logging on): Router$SS is passive consumer, passive supplier
    27.08.2014 07:26:49 0EE8 I Logged on to parent router as Router$ITD01:72012

    :52949
  • 0

    Hello Nok,

    initial connection is - as expected - apparently fine. One of the next lines should contain: Logged on Agent as a client. If there isn't please check if the Sophos Agent service is running. Also if you request Comply with ... from the console you should see the incoming message shortly after which should be followed by Routing to Agent: .... If these lines are missing then the communication between Message Router and Agent is failing.

    Christian

    :52955