Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 12302 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Communication problem between Sophos Endpoint and Sophos Enterprise Console

Wagab

Hello all,

I have a strange problem. I have 2 servers with Windows 2K8 with Sophos Endpoint. They update without mistakes with my Enterprise Console on Windows 2K8. However, I can't manage them because they stay in grey. For your information, clients servers are on one site and my Enterprise Console is on a remote site and there are 2 firewalls between them. I have opened a few ports but maybe, I have forgotten something. The fact that the updates work fine and that the communication for managing through the console doesn't work is abnormal !!

Someone could help me please :-).

Thank you in advance.

PS : I'm sorry for my bad English, I don't practice enough ;-)

Regards,

Wagab

:33535


This thread was automatically locked due to age.
  • 0

    Hello Wagab,

    your English is good enough. So you installed Sophos "manually" on the servers (i.e. not using Protect Computers)?

    Management (RMS) uses ports 8192 and 8194 -  (see also Firewall exceptions for Sophos Remote Management System TCP ports - including direction).

    HTH

    Christian

    :33539
  • 0

    Hello,

    after checking all firewall rules and logs with "telnet mgmt-server 8192 and 8194" from both client servers and "telnet both client servers 8192 and 8194" I have seen that the flux are "action=pass". So in my opinion, finally, my problem doesn't come from firewall but I'm sure that that comes from comunication problem.

    Thank you for your link, it's very interesting. I'm still checking and I will let you know when I'll find solution.

    BR,

    Wagab

    :33567
  • 0

    Hello Wagab,

    I'm still checking

    the ClientMRInit logs from the system %TEMP% directory and the Router logs (under %ProgramData%\Sophos\Remote Management System) are probably of help.

    Christian

    :33573
  • 0

    Hello,

    I have this one in C:\ProgramData\Sophos\Remote Management System\3\Router\Logs

    04.10.2012 16:00:32 0AF8 E Failed to get certificate, retrying in 600 seconds
    04.10.2012 16:10:40 0AF8 I Getting parent router IOR from mgmt-server:8192
    04.10.2012 16:10:40 0AF8 I Getting a new router certificate...
    04.10.2012 16:11:26 0AF8 E Router::GetCertificate: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'
    OMG minor code (2), described as '*unknown description*', completed = NO
     
    04.10.2012 16:11:26 0AF8 E Failed to get certificate, retrying in 600 seconds

    I don't know what it means.

    Moreover, in my firewall logs I can see that sometime, clients call the wrong IP address. I modified mrinit.conf (there were a wrong IP and the good IP, I only erased the wrong IP) and in the regedit and I restarted the RMS service but there still are some calling to the wrong IP. Is there another thing to modify ? Have I to restart my servers ?

    In anycase, thank you for your help.

    Wagab

    :33577
  • 0

    Hello Wagab,

    you've probably looked up some articles (as you mention regedit) - did you aslo read http://www.sophos.com/en-us/support/knowledgebase/12507.aspx?

    You should eliminate the wrong IP first. 

    Sorry, no more details right now, I'm at home using a "smart" device ...

    Christian

    :33579
  • 0

    Hello Christian,

    I would like to say : yeeeeeeeeeeeaaaaaaaaahhhhhhhhh ;)

    Thank you, that works. When I told you that I had change something in the register, I didn't find that on forum, I knew it, I already had some troubles with Sophos. However, I changed only on clients and never on server. With the modification which is described in your link, everything work, or almost ;).

    I have a last question. On one client, I have the Sophos Agent which doesn't want to kill the update cancellation. Is there an process that I can kill in task manager or have I to reboot my server ?

    In anycase, thank you for your help.

    Wagab

    :33631
  • 0

    Hello Wagab,

    fine that it (almost) works now.

    On one client

    Err - what exactly is stuck? Could you give some details - I can't quite figure out what you mean by update cancellation.

    Christian

    :33637
  • 0

    Hello,

    Finally I don't have troubles anymore but I'm even trying to explain you ;). After doing modification explained in your link, management worked fine but no updates anymore. So on client, I modified something and I tried to force update. That didn't work yet so I modifed another thing but when I wanted to force again the update, I was not able to do again this action. So I tried to cancel the update but nothing responded. My questions came from that, I wanted to know how stop the update cancellation (or just the update) in order to test my new configuration but finally I don't have trouble anymore in the management console. Everything work (I hope so ^^).

    Have I been clear ;) ?

    Thank you for eveything.

    Bye

    Wagab

    :33643
  • 0

    I see, Wagab, thanks for the clarification.

    Without going into details - when modifying something you should wait for an update to complete (whether success or failure), it will do so eventually. A connection attempt on a UNC path might take some time - but not an excessive amount - to, well, time out and there are usually at least three (for SAV, RMS and AutoUpdate).

    Christian

    :33675
  • 0

    Hello Christian,

    Finally, I have another question which is linked with this problem. My first was that 2 remote clients communicated on the wrong IP. I changed as you told me the conf on the mgmt server. But clients on the same site that mgmt server communicated on another IP. So now remote clients work but client on the same site that mgmt server don't work.

    Is it possible for mgmt server to listening on 2 IPs addresses in same time ?  Maybe with that line in regedit :

    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194

    instead of

    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://mgmt-server-ip1:8193/ssl_port=8194

    ?

    Thank you in advance for your help.

    Regards,

    Wagab

    :33743