Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 4302 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Child server not updating from parent

Jun

hi,

One of my child server is no longer updating from my parent server. No errors was found it's just that the last updated status was stuck to 2/25/2011 8:14:01pm. I tried to manual update it by right clicking and click on update now but still the same. I'm using enterprise console 4.5

Has anybody encountered this issue? Please share a possible work around or fix on this if you have.

Thanks

:9753


This thread was automatically locked due to age.
  • 0

    Hello Jun,

    is it talking to the parent? If you view it in the Endpoints view->Computer details do you see a recent timestamp for "Last message received from computer". Check the CIDs on the child whether they are up to date or not - if they are, then it's likely RMS not correctly reporting. If not check if the Sophos Update Manager service is running. Please come back with what you've found.

    Christian 

    :9761
  • 0

    hi Christian,

    Sorry for the late reply. Yes it is talking to the parent. Last message receive from computer is 2/25/2011 8:30:46am. I have compared the CIDs from the parent server and the child server that is having the issue and they are the same. Sophos Update Manager is running and also tried to restart the service but the issue is still the same. Do you have any suggestion how to fix this RMS not correctly reporting, if indeed this is a RMS problem. Thank you for the help

    Jun

    :9807
  • 0

    Hello Jun,

    Yes it is talking to the parent. Last message receive from computer is 2/25/2011 8:30:46am

    Can we agree upon it was talking to the parent :smileywink:?

    Restart the Sophos Message Router service on the child and if the status still doesn't update check the newest router log  in {appdata}\Sophos\Remote Management System\3\Router\Logs for any errors (if you're not sure post a snippet here). 

    Christian

    :9809
  • 0

    hi Christian,

    Sorry about that, yeah it should be was. Tried to restart Sophos Message Router but still the same. I even tried this KB (http://www.sophos.com/support/knowledgebase/article/14449.html) procedure 1 and 2 only but still the same. I have search the logs and search for an error word and found this line below.

    02.03.2011 16:37:54 1678 E ACE_SSL (1284|5752) error code: 336134278 - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    Thanks,

    Jun

    :9813
  • 0

    Hi,

    It would be worth tracing the status message from the SUM to the management server.  The Sophos Agent service on the SUM machine talks to SUM by using a socket.  I,e, the Sophos Agent connects to TCP 51234 of SophosUpdateMgr.exe.

    Can we check this is happening first?  

    To do so, I would:

    1. Stop the Sophos Agent Service and the Sophos Update Manager service on the SUM machine.

    2. Ensure that the process SophosUpdatemgr.exe is no longer running

    3. Start the Sophos Update Manager Service

    4. Start the Sophos Agent Service

    5. In the newly created Sophos Agent log (C:\programdata\Sophos\Remote Management System\3\Agent\Logs\) on the SUM machine you should see when the Agent Starts up the lines:

    I SDDM:SCAPI: Connect succeeded.
    I SDDMA: Logon key written successfully.
    I SDDMA: Logon key sent.
    I SDDMA: Socket connection authenticated.
    I SDDMA: The adapter is connected to SDDM.

    This should then be followed with XML which describes the status of the SUM.  You should see UNC paths and timestamps for "lastNonNullFinishedAt" etc.. Basically something that looks like a message from SUM.  This will be followed up with a:

    I SendStatus: Sent EM-GetStatus-Reply (id=[MESSAGEID]) to EM

    You should be able to find this entry in the Router logs (C:\programdata\Sophos\Remote Management System\3\Router\Logs\) of the SUM machine.  E.g.

    I Routing to EM: id=[MESSAGEID], origin=Router$p4.Agent, dest=EM, type=EM-GetStatus-Reply

    I Sent message (id=[MESSAGEID) to EM

    EM is essentially the address of the management server.

    From there it's over to the management server, you should be able to see the EM-GetStatus-Reply message in the Router logs of the server and from there identify the lines in the sophos-management-services.log file (C:\programdata\Sophos\Sophos Endpoint Management\4.7\log\) that correspond to processing the message.


    If the message is getting this far, it should only be one more short step into the database.

    As the last message time of the machine is recent, this would suggest RMS is ok, so it's either that the status of the SUM is not being included at the start, in which case checking the above should help verify it is.

    Regards,

    Jak

    :9815
  • 0

    Hm ... as it worked before I wonder why it has stopped. Which time zone are you in? 02.03.2011 16:37:54 seems a little bit odd if you restarted RMS after my previous post.

    Christian

    :9817
  • 0

    Hi Jun,

    im facing diffrent issue childsum failed to get certificate from parent server and not visible at console when installed and all services is restarted still failed to get certificate from parent.

    After a few days later  childsum server is visible at console and updated however manual update failed. Please share troubleshooting step and solution for this issue if  you have solved the problem. Thanks

    :14365
  • 0

    Hello Azwan,

    im facing diffrent issue

    if you think it is different then the solution might or might not apply. Thus perhaps creating a new thread would be better. 

    So the problem that you child SUM did not register with the management server has "magically" resolved itself? I don't quite get what you mean by is [...] updated however manual update failed . Could you perhaps post a link to one or more screenshots so I can understand what exactly the problem is?

    Christian

    :14369