Hi All,
I have some problems with connecting my Mac OS X endpoint to a sophos enterprise console,
What I want to do:
Setup a Sophos Enterprise Console on Amazon EC2 instance and manage antiviruses on laptops which are placed and moving between different networks (office, home, etc) (Linux, Mac OS X) to console without using VPN.
What I have:
Server - Windows 2012 R2 Standard, Sophos Enterpise Console 5.2.2
Clients: Mac OS X 10.9 (Sophos Antivirus 9.1.6), Ubuntu
I've installed an antivirus to my Mac laptop from a S.E.C. update directory, configured for updating from shared directory by HTTP and updating works well but I cannot manage endpoints from enterprise console.
My issues:
Router and Agent cannot connect to the enterprise console, I can see in logs how they're trying to do it but cannot connect.
Client router:
How it started
/Library/Sophos Anti-Virus/RMS/SophosMessageRouter -debug -ORBListenEndpoints iiop://:8193/ssl_port=8194
I see this log and after some time there's a timeout error.
20.08.2014 09:22:23 21A8 I Sophos Messaging Router 3.0.14.1748 starting... 20.08.2014 09:22:23 21A8 I Setting ACE_FD_SETSIZE to 138 20.08.2014 09:22:23 21A8 I Initializing CORBA... 20.08.2014 09:22:23 21A8 I Setting connection cache limit to 10 20.08.2014 09:22:23 21A8 I Creating ORB runner with 4 threads 20.08.2014 09:22:23 21A8 I Getting parent router IOR from 11.111.11.11:8192 20.08.2014 09:22:23 21A8 I This computer is part of the workgroup WORKGROUP 20.08.2014 09:22:23 21A8 I Getting a new router certificate...
20.08.2014 09:32:25 21A8 I Timed out, resending certification message...
20.08.2014 10:07:32 21A8 I Timed out, resending certification message...
20.08.2014 10:17:33 21A8 I Timed out, resending certification message...
20.08.2014 10:27:34 21A8 I Timed out, resending certification message...
Client agent:
/Library/Sophos Anti-Virus/RMS/SophosManagementAgent -debug
Log:
0.08.2014 09:22:23 21A8 I Sophos Management Agent 3.0.14.1748 starting...
20.08.2014 09:22:23 1000 I AdapterManager::LoadAdapter, adapter ALC does not export GetAdapterVersion
20.08.2014 09:22:23 1000 I ALC state observer received a configuration
20.08.2014 09:22:23 7000 I ALC state observer notified that ALC is running
20.08.2014 09:22:23 7000 I ALC state observer received a status: <?xml version="1.0" encoding="UTF-8"?>
<status xmlns="com.sophos\mansys\status" xmlns:csc="com.sophos\msys\csc" type="ALC"><csc:CompRes Res="NoRef"/></status>
20.08.2014 09:22:23 1000 I ALC adapter loaded
20.08.2014 09:22:24 1000 I AdapterManager::LoadAdapter, adapter SAV does not export GetAdapterVersion
20.08.2014 09:22:24 F000 I SAV state observer notified that SAV is running
20.08.2014 09:22:24 F000 I SAV state observer received a status: <?xml version="1.0" encoding="UTF-8" standalone="no"?>
status xmlns:csc="com.sophos\msys\csc" xmlns="http://www.sophos.com/EE/EESavStatus">
<csc:CompRes Res="NoRef"></csc:CompRes>
<csc:CompRes Res="NoRef" policyType="19"></csc:CompRes>
<tp:tamperProtectionStatus xmlns:tp="http://www.sophos.com/xml/msys/tamperprotectionstatus.xsd" scanningState="off"></tp:tamperProtectionStatus>
<csc:CompRes Res="NoRef" policyType="16"></csc:CompRes>
<dev:deviceControlStatus scanningState="off" xmlns:dev="http://www.sophos.com/xml/msys/devicecontrol.xsd"></dev:deviceControlStatus>
<entity>
<productId>SAVEEOSX</productId>
<product-version>9.1.6</product-version>
</entity>
<on-access>true</on-access>
<quarantine>0</quarantine>
<vdl-info>
<virus-engine-version>3.53.1</virus-engine-version>
<virus-data-version>5.04</virus-data-version>
....
20.08.2014 09:22:25 1000 I SAV state observer received a configuration
20.08.2014 09:22:25 1000 I SAV adapter loaded
20.08.2014 09:22:25 3000 E Failed to read in the router's IOR from the supplied address and port.
20.08.2014 09:22:25 3000 E NoRouterIORException: Caught MessagingSystemClientLib::NoRouterIORException (failed to get router's IOR from supplied address and port) ClientConnection::Reconnect()
20.08.2014 09:22:32 3000 E Failed to read in the router's IOR from the supplied address and port.
20.08.2014 09:22:32 3000 E NoRouterIORException: Caught MessagingSystemClientLib::NoRouterIORException (failed to get router's IOR from supplied address and port) ClientConnection::Reconnect()NoRouterIORException keep spamming forever
Log from server
Router:
"C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe" -service -name Router -ORBDottedDecimalAddresses 0 -ORBListenEndpoints iiop://:8193/ssl_port=8194&hostname_in_ior=11.111.11.11
20.08.2014 16:37:30 307C I Logged on Router$My,’’’’s MacBook Pro:0 for certification 20.08.2014 16:37:30 37EC I Routing to CM: id=0311ECA, origin=Router$WIN-SOPHOSSEVER.Router$My,’’’’s MacBook Pro:0, dest=CM, type=Certification.UniqueTokenRequest 20.08.2014 16:37:34 35F4 E Attempt to get client interface from non-local caller 20.08.2014 16:37:34 35F4 E Attempt to get client interface from non-local caller 20.08.2014 16:37:34 3038 E Attempt to get client interface from non-local caller
'Attempt to get client interface from non-local caller' keep spamming
Agent:
"C:\Program Files (x86)\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe" -service -name Agent -ORBListenEndpoints iiop://127.0.0.1
With every try to connect I see this error.
20.08.2014 16:19:44 0468 I Initializing ... 20.08.2014 16:19:44 0468 I Running certificate verification... 20.08.2014 16:19:44 0468 I Compliant certificate hashing algorithm. 20.08.2014 16:19:45 0468 E CORBA::Exception: Caught CORBA user exception, ID 'IDL:SophosMessaging/Rejected:1.0' ClientConnection::Reconnect()
I tried to reassign 8194 port to 8198 - didn't help.
Any ideas what I did wrong? Can be there something related to AWS?
Thanks,
Roman.
This thread was automatically locked due to age.
