Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 5911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some Update Managers not updating

Sys_Engineer

Hi all,

We have one Sophos Enterprise Console server and one Sophos Message Router server on site. All the clients have a SUM server on site. Some of these SUM's don't appear to be reporting in, although there is no error. Please note that some of them are working fine.

Our setup:

Local: ( SOPHOS > SOPHOSMR ) - INTERNET - ( CLIENT 1 SUM ---- Client 1 PCs )

Ports 8192/8194/80 are open and telnet works.

LogViewer.exe doesn't show any errors on either server.

Windows Event viewer doesn't show any errors either.

This all started on the day we pushed out the Sophos 10 update and upgraded to Enterprise Console 5. (10th Feb, as per pic below)

http://imageshack.us/f/842/updatemanagers.jpg/

Thanks for any help.

:22387


This thread was automatically locked due to age.
Parents
  • 0

    Ahh, those are the logs of the SUM not the relay, I should have realized by parsing the IOR that it contained locally IPs, in that case the values are correct.

    The router logs show nothing odd, the machine received a new IP at 29.02.2012 08:58:14 , this caused the router to reinit, forcing it to update it's IOR but the local agent service then logs on and it ends up sending in EM-GetStatus-Reply messages, so from those logs it all looks like it's all working at least on the "client" end.

    AS some information: "Clients" will show with a red-cross in SEC if:
     

    1. The client router logs off the server router.  You should see the router logoff message in the server router log for the client.

    2. The Client misses 2 polls to the server router, which is 2X15 mins (twice the getter interval).  The router log will indicate this has happened.

    3. With SEC 4.7 onwards, every 24 hours the Sophos Management Service runs a maintenance job, one of the operations is to mark as disconnected, all machines which have a lastmessagetime older than 24 hours.  The last message time for a client is updated, when the server receives either a EM-GetStatus-Reply or a Entity-Event.  So essentially a status message or an alert.

    I would track , that the EM-GetStatus-Reply message that is generated by the SUM, is received on the relay router and then found in the router logs of the router on the SEC server.  Maybe then check that you can find the corresponding entry in the sophos-management-services.log and  Msgn-[timestamp].log.

    So:

    SUM Agent -> SUM Router -> Relay Router -> SEC Router -> Sophos Management Service -> Database -> SEC GU.

    Is the path for the message. 

    Regards,

    Jak

    :22441
Reply
  • 0

    Ahh, those are the logs of the SUM not the relay, I should have realized by parsing the IOR that it contained locally IPs, in that case the values are correct.

    The router logs show nothing odd, the machine received a new IP at 29.02.2012 08:58:14 , this caused the router to reinit, forcing it to update it's IOR but the local agent service then logs on and it ends up sending in EM-GetStatus-Reply messages, so from those logs it all looks like it's all working at least on the "client" end.

    AS some information: "Clients" will show with a red-cross in SEC if:
     

    1. The client router logs off the server router.  You should see the router logoff message in the server router log for the client.

    2. The Client misses 2 polls to the server router, which is 2X15 mins (twice the getter interval).  The router log will indicate this has happened.

    3. With SEC 4.7 onwards, every 24 hours the Sophos Management Service runs a maintenance job, one of the operations is to mark as disconnected, all machines which have a lastmessagetime older than 24 hours.  The last message time for a client is updated, when the server receives either a EM-GetStatus-Reply or a Entity-Event.  So essentially a status message or an alert.

    I would track , that the EM-GetStatus-Reply message that is generated by the SUM, is received on the relay router and then found in the router logs of the router on the SEC server.  Maybe then check that you can find the corresponding entry in the sophos-management-services.log and  Msgn-[timestamp].log.

    So:

    SUM Agent -> SUM Router -> Relay Router -> SEC Router -> Sophos Management Service -> Database -> SEC GU.

    Is the path for the message. 

    Regards,

    Jak

    :22441
Children
No Data