Some Clients "Out-Of-Date"

Hello JP,

if the clients appear as managed in SEC they have reported in (with AV and update information) at some time. Usual question - do the outdated clients have something in common?

The Last message time column in the Computer Details tab gives the time of the last report. If the values are roughly the same (i.e. within a day or so) then "something has happened" around this time. Anyway please have a look at the relevant logs on the clients - likely they contain some information why the communication fails.

Christian

Hi Christian,

Thank you for posting on this. I checked out the RMS Logs (as per your suggestion) on the affected computers and indeed I am seeing some error entries in the Router logs. An extract is shown below:

09.10.2012 08:30:20 0070 E Failed to get messages, logging Router$SERVERNAME off
09.10.2012 08:30:20 06B8 E Failed to send message (id=00659510) because of unknown exception, adding message back to queue
09.10.2012 08:30:20 06B8 E Failed to send messages, logging Router$SERVERNAME off
09.10.2012 08:30:20 06B8 E SenderWorker: Caught CORBA user exception, ID 'IDL:SophosMessaging/NotLoggedOn:1.0' during logoff
09.10.2012 08:30:20 06B8 E SenderWorker: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/OBJECT_NOT_EXIST:1.0'
OMG minor code (2), described as '*unknown description*', completed = NO
 
09.10.2012 08:30:50 06C0 I RouterTableEntry::LogonToParentRouter() - logging on as active consumer
09.10.2012 08:30:50 06C0 I RouterTableEntry state (router, logging on): Router$SERVERNAME is passive consumer, passive supplier
09.10.2012 08:30:50 06C0 I Logged on to parent router as Router$CLIENTPCNAME:45046
09.10.2012 08:30:50 06C0 I This computer is part of the domain DOMAINNAME
09.10.2012 08:32:29 07F8 E GetterWorker: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/OBJECT_NOT_EXIST:1.0'
OMG minor code (2), described as '*unknown description*', completed = NO
 
09.10.2012 08:32:29 07F8 E Failed to get messages, logging Router$SERVERNAME off

SEC is stating (as you suspected) that the client PCs have a 'Last Message Time' similar to one another (in this case 28/09/2012).

What do you think should be my next step in resolving this issue?

Many thanks for your kind assistance,

JP

Hello JP,

What do you think should be my next step

wish I had a good suggestion :smileywink: - seriously, the OBJECT_NOT_EXIST is probably not the issue (might be more or less normal as I see it occasionally in the logs). More interesting is the Failed to send message (id=00659510) line, as it signifies that the client can't communicate upstream.

I can think of two probably more helpful parts in the logs:

1. the lines mentioning id=00659510 and the ones in between
2. and the lines following a Getting parent router IOR from ...

Also the should be a ClientMRInit log in the Windows\temp directory - maybe it is from around the date it started to fail. But anyway it has some information which could be useful in conjunction with the Router log.

Christian

Hi Christian,

I logged this with Sophos Support and followed their suggestion to run the Sophos Diagnostic Utility and submit the results to them. The issue seemed to lie with the Remote Management System as there were lo router logs being created on the affected PCs. I re-protected the PCs in question and everything seems to be working OK.

Many thanks for your assistance with this.

Best regards,

John P