This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy not applied / computer deployed but cannot connect

Pierre over 13 years ago

Dear readers and helpers,

We have a double issue with our Sophos Enterprise console 5.

1. I see only 5 computer connected instead of around 120.

2. Computers do not receive policies for Anti-virus and HIPS but receive for Firewall policies.

Where should i start investigating?

Thanks in advance,

This thread was automatically locked due to age.

0 QC over 13 years ago

Hello Pierre,
is this a fresh installation or did you upgrade from a previous version? How did you install on the clients?
Do I understand you correctly that only 5 show as connected and these 5 receive only the firewall policy? How did you find out? By checking the policies on the client or monitoring the status shown in SEC?
As for the clients not connected: What is their status in SEC? Are any fields filled in?
Christian
:20843
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierre over 13 years ago

Dear Christian,
It has been upgraded from version 4.
It has been in production for 3 weeks and was fine until i leave it to someone else during my vacation ;^)
Clients have been deployed through the console. (AD environment)
Yes, i noticed discrepency between clients and the Anti-virus policy by checking on the clients VS policy.
In SEC clients are shown as disconnected computers. (most of them waiting policy transfer, firewall disabled)
After a reboot, clients are shown as connected, then few minutes later disconnected.
Any idea ?
:20847
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 13 years ago

Hello Pierre,
it could have been this someone else :smileywink:. You probably don't know if any changes have been made.
I'd take a look at the router logs ([%Alluserprofile%\Application Data\|%ProgramData%]\Sophos\Remote Management System\3\Router\Logs\ ) on a client, please post the next 20 or so lines after Sophos Messaging Router 3.4.0.2209 starting...
Christian
:20851
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierre over 13 years ago

13.01.2012 12:07:16 06B8 I Sophos Messaging Router 3.4.0.2209 starting...
13.01.2012 12:07:16 06B8 I Setting ACE_FD_SETSIZE to 20640
13.01.2012 12:07:16 06B8 I Initializing CORBA...
13.01.2012 12:07:16 06B8 I Setting connection cache limit to 20512
13.01.2012 12:07:16 06B8 I Creating ORB runner with 16 threads
13.01.2012 12:07:16 06B8 I This computer is part of the domain MYDOMAIN
13.01.2012 12:07:16 06B8 E ACE_DLL::open failed for TAO_ImR_Client: Error: check log for details.
13.01.2012 12:07:16 06B8 E Unable to find service: ImR_Client_Adapter
13.01.2012 12:07:16 06B8 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000d0000003139322e3136382e312e3431000001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100b400004f415401000000140000000100b4000100010000000000090101000000000014000000080000000100a60086000220
13.01.2012 12:07:16 06B8 I Successfully validated this router's IOR
13.01.2012 12:07:16 06B8 I Reading router table file
13.01.2012 12:07:16 06B8 I Restoring logon for Router$MOUTSEND03:20
13.01.2012 12:07:16 06B8 I RouterTableEntry state (router, restoring): Router$MOUTSEND03:20 is active consumer (will try to notify), active supplier
13.01.2012 12:07:16 06B8 I Restoring logon for Router$TS2:9131
13.01.2012 12:07:16 06B8 I RouterTableEntry state (router, restoring): Router$TS2:9131 is active consumer (will try to notify), active supplier
13.01.2012 12:07:16 06B8 I Restoring logon for Router$maudparl02:22
13.01.2012 12:07:16 06B8 I RouterTableEntry state (router, restoring): Router$maudparl02:22 is active consumer (will try to notify), active supplier
13.01.2012 12:07:18 06B8 I Host name: SOPHOS
13.01.2012 12:07:18 06B8 I Local IP addresses: X.X.X.X
13.01.2012 12:07:18 06B8 I Resolved name: SOPHOS.mydomain
13.01.2012 12:07:18 06B8 I Resolved alias/es:
13.01.2012 12:07:18 06B8 I Resolved IP addresses: X.X.X.X
13.01.2012 12:07:18 06B8 I Resolved reverse names/aliases: SOPHOS.mydomain
13.01.2012 12:07:18 06B8 I Waiting for messages...
13.01.2012 12:07:18 06B8 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 6, max number of user ports 15360
:20863
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 13 years ago

Hello Pierre,

this is from the server?
Same part of the log including the lines where it mentions the "parent" from a client which can't connect will probably tell more. From the same client's Windows\Temp the ClientMRInit......txt log has perhaps some useful information. And - you should run the Network Communication Report (from the Start menu, Sophos).
Sorry for the terse reply - these "smart" devices don't lend themselves to detailed posts ;)

Christian
:20867
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierre over 13 years ago

Yes it was from the server.
Here from one client :
13.01.2012 13:02:05 0AB4 I Sophos Messaging Router 3.4.0.2209 starting...
13.01.2012 13:02:05 0AB4 I Setting ACE_FD_SETSIZE to 138
13.01.2012 13:02:05 0AB4 I Initializing CORBA...
13.01.2012 13:02:06 0AB4 I Setting connection cache limit to 10
13.01.2012 13:02:06 0AB4 I Creating ORB runner with 4 threads
13.01.2012 13:02:06 0AB4 I This computer is part of the domain DOMAIN
13.01.2012 13:02:06 0AB4 E ACE_DLL::open failed for TAO_ImR_Client: Error: check log for details.
13.01.2012 13:02:06 0AB4 E Unable to find service: ImR_Client_Adapter
13.01.2012 13:02:06 0AB4 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000e0000003139322e3136382e312e3134310001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001008c00004f4154010000001400000001008c000100010000000000090101000000000014000000080000000100a60086000220
13.01.2012 13:02:06 0AB4 I Successfully validated this router's IOR
13.01.2012 13:02:06 0AB4 I Reading router table file
13.01.2012 13:02:06 0AB4 I Host name: mitmngd01
13.01.2012 13:02:06 0AB4 I Local IP addresses: 192.168.1.141
13.01.2012 13:02:06 0AB4 I Resolved name: mitmngd01.domain.local
13.01.2012 13:02:06 0AB4 I Resolved alias/es:
13.01.2012 13:02:06 0AB4 I Resolved IP addresses: 192.168.1.141
13.01.2012 13:02:06 0AB4 I Resolved reverse names/aliases: mitmngd01.domain.local
13.01.2012 13:02:06 0AB4 I Waiting for messages...
13.01.2012 13:02:06 0AB4 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 6, max number of user ports 15360
13.01.2012 13:02:06 0B94 I Routing to parent: id=010FE66A, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-EntityEvent
13.01.2012 13:02:06 0B94 I Routing to parent: id=010FE6E1, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-EntityEvent
13.01.2012 13:02:06 0B94 I Routing to parent: id=010FED83, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-GetStatus-Reply
13.01.2012 13:02:06 0B94 I Routing to Agent: id=010FF2D3, origin=Router$mitmngd01:9078, dest=Router$mitmngd01:9078.Agent, type=EM-ClientLogoff
13.01.2012 13:02:06 0BA4 I Getting parent router IOR from 192.168.1.41:8192
13.01.2012 13:02:12 0AF8 I Client::LogonPushPush() successfully called back to client
13.01.2012 13:02:12 0AF8 I Logged on Agent as a client
I just changed the domain in this copy of the logs.
Thanks in advance
:20873
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 13 years ago

Sorry for the delay, Pierre
In response to
13.01.2012 13:02:06 0BA4 I Getting parent router IOR from 192.168.1.41:8192
there should be one or more lines with the same tag (0BA4 ) talking about either preliminary success (Successfully validated parent router's IOR ) or failure. Could you please search for all the lines with the mentioned tag (0BA4 )?
Christian
:20879
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierre over 13 years ago

No worries Christian.
Is this enough below ?
14.01.2012 14:03:24 0BA4 I Successfully validated parent router's IOR
14.01.2012 14:03:24 0BA4 I Accessing parent
14.01.2012 14:03:24 0BA4 I Parent is Router$SOPHOS
14.01.2012 14:03:24 0BA4 I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
14.01.2012 14:03:24 0BA4 I RouterTableEntry state (router, logging on): Router$SOPHOS is passive consumer, passive supplier
14.01.2012 14:03:24 0BA4 I Logged on to parent router as Router$mitmngd01:9078
14.01.2012 14:03:24 0BA4 I This computer is part of the domain DOMAIN
14.01.2012 14:03:24 0B94 I Routing to Agent: id=4B0FE774, origin=Router$SOPHOS.EM, dest=Router$mitmngd01:9078.Agent, type=EM-SetConfiguration
14.01.2012 14:03:24 0B88 I Sent message (id=010FE66A) to Router$SOPHOS
14.01.2012 14:03:24 0B94 I Routing to Agent: id=070FED5E, origin=Router$SOPHOS.EM, dest=Router$mitmngd01:9078.Agent, type=EM-SetConfiguration
14.01.2012 14:03:24 0B88 I Sent message (id=010FE6E1) to Router$SOPHOS
14.01.2012 14:03:24 0B94 I Routing to Agent: id=4B0FEDD7, origin=Router$SOPHOS.EM, dest=Router$mitmngd01:9078.Agent, type=EM-SetConfiguration
14.01.2012 14:03:24 0B88 I Sent message (id=010FF445) to Router$SOPHOS
14.01.2012 14:03:24 0B94 I Routing to Agent: id=4B0FEE62, origin=Router$SOPHOS.EM, dest=Router$mitmngd01:9078.Agent, type=EM-SetConfiguration
14.01.2012 14:03:24 0B94 I Routing to Agent: id=010FEEB5, origin=Router$SOPHOS.EM, dest=Router$mitmngd01:9078.Agent, type=EM-SetConfiguration
14.01.2012 14:03:25 0B88 I Sent message (id=0110B4C6) to Router$SOPHOS
14.01.2012 14:03:25 0B88 I Sent message (id=0110DC89) to Router$SOPHOS
14.01.2012 14:03:25 0B88 I Sent message (id=011129DF) to Router$SOPHOS
14.01.2012 14:03:25 0B88 I Sent message (id=0111445A) to Router$SOPHOS
14.01.2012 14:03:25 0B8C I Sent message (id=4B0FE774) to Agent
14.01.2012 14:03:25 0B8C I Sent message (id=070FED5E) to Agent
14.01.2012 14:03:25 0B8C I Sent message (id=4B0FEDD7) to Agent
14.01.2012 14:03:25 0B8C I Sent message (id=4B0FEE62) to Agent
14.01.2012 14:03:25 0B8C I Sent message (id=010FEEB5) to Agent
14.01.2012 14:03:47 0B94 I Routing to parent: id=01115303, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-GetStatus-Reply
14.01.2012 14:04:12 0B94 I Routing to parent: id=0111531C, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-GetStatus-Reply
14.01.2012 14:07:23 0B94 I Routing to parent: id=011153DB, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-EntityEvent
14.01.2012 14:09:28 0B90 E Failed to send message (id=01115303) because of unknown exception, adding message back to queue
14.01.2012 14:09:28 0B90 E Failed to send messages, logging Router$SOPHOS off
14.01.2012 14:09:28 0B90 E SenderWorker: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'
OMG minor code (2), described as '*unknown description*', completed = NO

:20881
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 13 years ago

Enough in terms of relevant lines, yes (these are from the following day, right)? So the client can log on (therefore it should appear briefly as connected), receives some policies but subsequently encounters a problem when sending its status to the server (0B90 E Failed to send message (id=01115303) because of unknown exception, adding message back to queue ).
There should be a corresponding entry in the server's log (but it might have already wrapped after two days and be no longer available - in which case just try to recreate the problem).
On the client - are there any (many) files (xxxxxxxx.msg) in the ...\Remote Management System\3\Router\Envelopes folder? It might be worth a try to clear them (please see 63588 and 16336).
Christian
:20883
Cancel
Vote Up 0 Vote Down

Cancel
0 Pierre over 13 years ago

I cleaned as asked the envelopes folder on a client. No luck the computer is still disconnected.
Clients logs after the clean up :
16.01.2012 15:42:25 0848 I SOF: C:\ProgramData/Sophos/Remote Management System/3/Router/Logs/Router-20120116-114225.log
16.01.2012 15:42:25 0848 I Sophos Messaging Router 3.4.0.2209 starting...
16.01.2012 15:42:25 0848 I Setting ACE_FD_SETSIZE to 138
16.01.2012 15:42:25 0848 I Initializing CORBA...
16.01.2012 15:42:25 0848 I Setting connection cache limit to 10
16.01.2012 15:42:25 0848 I Creating ORB runner with 4 threads
16.01.2012 15:42:26 0848 I This computer is part of the domain DOMAIN
16.01.2012 15:42:26 0848 E ACE_DLL::open failed for TAO_ImR_Client: Error: check log for details.
16.01.2012 15:42:26 0848 E Unable to find service: ImR_Client_Adapter
16.01.2012 15:42:26 0848 I This router's IOR:
IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000e0000003139322e3136382e312e3136350001204100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f757465720000000300000000000000080000000100a100004f415401000000140000000100a1000100010000000000090101000000000014000000080000000100a60086000220
16.01.2012 15:42:26 0848 I Successfully validated this router's IOR
16.01.2012 15:42:26 0848 I Reading router table file
16.01.2012 15:42:26 0848 I Host name: mitmngd01
16.01.2012 15:42:26 0848 I Local IP addresses: 192.168.1.165
16.01.2012 15:42:26 0848 I Resolved name: mitmngd01.domain.local
16.01.2012 15:42:26 0848 I Resolved alias/es:
16.01.2012 15:42:26 0848 I Resolved IP addresses: 192.168.1.165
16.01.2012 15:42:26 0848 I Resolved reverse names/aliases: mitmngd01.domain.local
16.01.2012 15:42:26 0848 I Waiting for messages...
16.01.2012 15:42:26 2314 I Getting parent router IOR from 192.168.1.41:8192
16.01.2012 15:42:26 0848 I RouterSystemCheck::onInfoPortsUsed() - number of user ports 11, max number of user ports 15360
16.01.2012 15:45:28 1DFC I Writing router table file
16.01.2012 15:45:28 1DFC I Registered client Agent
16.01.2012 15:45:28 21D4 I Routing to Agent: id=03140DD8, origin=Router$mitmngd01:9078, dest=Router$mitmngd01:9078.Agent, type=EM-ClientRegistered
16.01.2012 15:45:29 2134 I Client::LogonPushPush() successfully called back to client
16.01.2012 15:45:29 2134 I Logged on Agent as a client
16.01.2012 15:45:29 21D4 I Routing to Agent: id=01140DD9, origin=Router$mitmngd01:9078, dest=Router$mitmngd01:9078.Agent, type=EM-ClientLogon
16.01.2012 15:45:29 0FC4 I Sent message (id=03140DD8) to Agent
16.01.2012 15:45:29 0FC4 I Sent message (id=01140DD9) to Agent
16.01.2012 15:45:49 21D4 I Routing to parent: id=01140DED, origin=Router$mitmngd01:9078.Agent, dest=EM, type=EM-GetStatus-Reply
Any idea on the next move ?
:20893
Cancel
Vote Up 0 Vote Down

Cancel