Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 13570 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Message Router DNS Lookup Failure

Azrael

I'm using Endpoint Security & Control 10.3 - the issue I'm experiencing is upon Windows (Win 7 64-bit) loading I get an error message popup that states "Error handle", when I examine the Application Event logs I have the following:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Level: Error         Source:  Sophos Message Router         Event ID:  8005         Task Category:  Runtime environment


Error Message (General tab):

"DNS lookup failure trying to resolve the following addresses: [server prefix], [server prefix.domain].

For more information, see the RMS status report.  To open the report, click Start, point to All Programs, point to Sophos, point to Sophos Endpoint Security and Control, and then click View Sophos Network Communications Report."

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I couldn't locate the report from within the client itself, I looked up the report location on the Sophos website and found the location to be: C:\ProgramData\Sophos\Remote Management System\3\Router\NetworkReport\ReportData.xml - when viewing the report it gives the following categories/sections: State of name resolution (DNS), State of Sophos security framework, State of incoming communications from server, State of outgoing communications to server, Computer details.  Each category states "no problems detected." and the Computer details simply has my computer information.

When I looked up my system in the management console there was initially a communications issue, however after I manually updated it there was no further evidence of a problem in the mgmt console.  Yet, this issue still persists every time I reboot (I've rebooted 4 times after to verify the persistence of this issue).

I appreciate any thoughts / comments regarding this.  Thanks very much everyone!!

-Azrael

:41561


This thread was automatically locked due to age.
  • 0

    HI,

    What is in this reg key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\Router\ParentAddress

    Is it:

    IP, FQDN, NetBIOS

    or

    FQDN, NetBIOS?

    The router will attempt to connect to these in order.  I've observerd that it can take about 5 mins to try the next.

    I'm curious to know what the first address is as either it's a timing issue at startup or, it's failing over to an address it can use.

    Regards,

    Jak

    :41571
  • 0

    Hi Jak,

    Thanks for the quick response.  In that registry key it's FQDN, NetBIOS, does this help explain?  I'm able to complete a dns lookup (nslookup) from that machine without issue.

    :41575
  • 0

    Hi,

    Typically if the management server has a static IP address, during the initial install of the management software, when the file mrinit.conf is created (this is the config file passed to clients on initial install to configure the message router), the parent address takes the form:

    IP, FQDN, NetBIOS

    Not having an IP would suggest you have a management server with a dynamic IP?  Maybe it was when you installed but isn't now?

    As a test you could change the registry key mentioned above on the client to be:

    IP, FQDN, NetBIOS

    restart a few times and see if you see the same error.  I suspect not.

    As another test, you could add the FQDN and IP into the hosts file of the computer, reboot a few times and see if it's ok.

    I suspect that maybe the router is starting before the client can resolve the FQDN but the above options, certianly suggestion one would be a valid workaround if the management server does now have a static IP.

    Regards,

    Jak

    :41585
  • 0

    I've made the addition of the server IP to the registry key and also made the change to the hosts file.  There is still no change to this issue.  I've verified this issue is on both wired and wireless.

    :41625