Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2577 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console on XP SP3 in workgroup want to manage computers in workgroup and domain

newco

Hello,

Our customer has installed Sophos Enterprise Console 5.1.0.1839 on a Windows XP SP3 Pro machine. The machine is in a workgroup. The Windwos firewall is turned off. There is also installed Endpoint Security and Control 10.0.

Everything works fine, but...

We want to manage computer in the same workgroup and in a domain too. The endpoint is installed fine on the computers and they can download the updates. They are also XP SP3 Professionals. On the Windows firewall TCP ports 8192, 8193 and 8194 are open. Simple file sharing is off. Everything is set fine. The clients can telnet to the console computer and the console can telnet to the clients.

The only problem is that they can't report back to the console. For a few hours there is a yellow down-arrow, and then it says that the computer is protected but has not yet reported back.

There is a computer in the same workgroup as the management console (previously it was in a domain, but was removed). The Windows firewall is turned off on both computers and no Sophos firewall is installed. Still the client doesn't  report back, but every setting is set as it should be. We are trying now for days but can't get it work. We reinstalled the client from the console multiple times but still nothing.

Can someone please help?

:28977


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    The server parentaddress value should be empty as the router on the server has no parent, it's the end of the line if you like.

    So that suggests, the router has its PKC and PKP, but the agent doesn't.  it is the agent on the client that needs to obtain its certificate.  The router requests this.

    When I telnet 8192 then I get back the IOR. But with 8194 I only get a "blank screen".

    That is expected, only 8192 gives you output.

    31.08.2012 15:21:36 0E8C I Getting parent router IOR from localhost:8192
31.08.2012 15:21:36 0E8C I Received parent router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000d00000031302e362e3138302e313937000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001da8e00004f4154010000001400000001da8e0001000100000000000901010000000000140000000800000001daa60086000220
31.08.2012 15:21:36 0E8C I Successfully validated parent router's IOR
31.08.2012 15:21:36 0E8C I Accessing parent

     Is a bit odd, 

    I Getting parent router IOR from localhost:8192

    I don't understand why that would be in a router log on the client.  It should have:

     I Getting parent router IOR from [SECSERVERADDRESS]:8192

    Was this router log from the client, if so, what is in the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router\ParentAddress ?

    on a client, it should be:

    serverip, fqdn, netbios

    if the server has a static IP

    or just

    fqdn, netbios

    if it is DHCP.

    Regards,

    Jak

    :29027
Reply
  • 0

    Hi,

    The server parentaddress value should be empty as the router on the server has no parent, it's the end of the line if you like.

    So that suggests, the router has its PKC and PKP, but the agent doesn't.  it is the agent on the client that needs to obtain its certificate.  The router requests this.

    When I telnet 8192 then I get back the IOR. But with 8194 I only get a "blank screen".

    That is expected, only 8192 gives you output.

    31.08.2012 15:21:36 0E8C I Getting parent router IOR from localhost:8192
31.08.2012 15:21:36 0E8C I Received parent router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000d00000031302e362e3138302e313937000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001da8e00004f4154010000001400000001da8e0001000100000000000901010000000000140000000800000001daa60086000220
31.08.2012 15:21:36 0E8C I Successfully validated parent router's IOR
31.08.2012 15:21:36 0E8C I Accessing parent

     Is a bit odd, 

    I Getting parent router IOR from localhost:8192

    I don't understand why that would be in a router log on the client.  It should have:

     I Getting parent router IOR from [SECSERVERADDRESS]:8192

    Was this router log from the client, if so, what is in the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router\ParentAddress ?

    on a client, it should be:

    serverip, fqdn, netbios

    if the server has a static IP

    or just

    fqdn, netbios

    if it is DHCP.

    Regards,

    Jak

    :29027
Children
No Data