Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 5385 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprice Console dashboard is not functioning properly

Shariar

Hi,
We are using Sophos Enterprise Console 4.5 and End point Security 9.5.
Last few days we are facing problem with the Sophos Console.
1.PC shows cross though we can ping the PC from both end and PC AV update is working properly
2.Can’’’’t find the PC using find new computers tab
3.Newly installed PCs and SUM are not responding to the server(can’’’’t find the IP)
4.Can’’’’t update SUM through Update Manager
Work Done:
1.Restart both the server s (application and Database) several times
2.Scan both servers
3.Restart the SOPHOS services several times
4.Deleted Envelopes , table_router.txt and working folders files (please note enterprise console servers Envelopes files was edited automatically but database server Envelopes is not updated properly.)
Server Part Changes:
1.Changed the IP address of both application and database server.
2.Changed mrinit.conf file with the New server IP address


Please help.

Thanks & Regards,

Shariar

:12357


This thread was automatically locked due to age.
Parents
  • 0

    Hi Christian

    -          If you sort the Last updated column - is the current date only shown for your main server and all other SUMs have some date in the past?

    No, varies,

    May 4, 2011 – 39 Unit – Including Servers which takes update from Sophos

    May 3, 2011 – 63

    May 2, 2011 – 08

    April 28 to April 20, 2011 – 19

    Older then April 19, 2011 – 10

    -          Some (many, all? - I did not understand this part yet) clients appear as disconnected (the x) but they do update from their respective CIDs

    Many clients appear as disconnected (the x) but they do update from their respective CIDs

    -          You are no longer able to find new computers - is this correct? Which method do you use - on the network or by IP (I assume you're not using with AD)

    I use “find by IP address”, I am able to find new computers but it sometimes shows the following error message “Search for computers by IP address has failed”

    Last few lines of Log (from a Client including SUM) :

    04.05.2011 12:31:51 0230 I Getting parent router IOR from 10.20.0.57:8192

    04.05.2011 12:37:12 0230 I This computer is part of the domain BD-BRACBANK

    04.05.2011 12:37:12 0230 I Getting parent router IOR from sophossrv.bd.bracbank.com:8192

    04.05.2011 12:37:12 0230 I This computer is part of the domain BD-BRACBANK

    04.05.2011 12:37:12 0230 I Received parent router's IOR:

    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000b00000031302e352e31342e31310000012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001a4a200004f4154010000001400000001a4a20001000100000000000901010000000000140000000800000001a4a60086000220

    04.05.2011 12:37:12 0230 I Successfully validated parent router's IOR

    04.05.2011 12:37:12 0230 I Accessing parent

    04.05.2011 12:37:12 0230 E ParentLogon::RegisterParent: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'

    OMG minor code (2), described as '*unknown description*', completed = NO

     04.05.2011 12:37:42 0230 I Getting parent router IOR from 10.20.0.57:8192

    ** Please note that 10.20.0.57 is OLD IP address, new IP address is 10.5.14.11

    We have checked the mrinit.conf file in client and found new IP address 10.5.14.11

    Last few lines of Log file From Server:

    04.05.2011 11:38:30 0CFC I Routing to EM:, origin=Router$W-1549-010:1630333.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:30 0CC0 I Sent message (id=01C0D677) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-4901-001:1360318.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CF4 I Sent message (id=01C0E656) to EM

    04.05.2011 11:38:34 0A24 I RouterTableEntry state (router, logging on): Router$W-1512-021:1297334 is active consumer (will try to notify), active supplier

    04.05.2011 11:38:34 0A24 I Logged on Router$W-1512-021:1297334 as a router

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$sophossrv, dest=Router$sophossrv.EM,-RouterLogon

    04.05.2011 11:38:34 0BE4 I Sent message (id=01C0E65A) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-EntityEvent

    04.05.2011 11:38:34 0C8C I Sent message (id=01BFFBB1) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CBC I Sent message (id=01C0CB5E) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-EntityEvent

    04.05.2011 11:38:34 0C90 I Sent message (id=01C0CC8A) to EM

    04.05.2011 11:38:34 098C I Communications timeout, logging Router$W-6304-004:1262043 off

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$sophossrv, dest=Router$sophossrv.EM,-RouterLogoff

    04.05.2011 11:38:34 0CC4 I Sent message (id=03C0E65A) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CC0 I Sent message (id=01C0CCA3) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CF4 I Sent message (id=01C0DA9D) to EM

    -          Problem 2. is likely something different. As in two recent "cases" firewall settings were the culprit I'll just want to mention them here. If you can't browse from the server to an undetected PC C$ share it might not be found. Also try to telnet from the server to the client's 8194 port and from the client to the server's 8192.

    Yes we can access C$, can telnet client's 8194 port from Server, can telnet server's 8192 from Client

    Thanks

    Shariar

    :12535
Reply
  • 0

    Hi Christian

    -          If you sort the Last updated column - is the current date only shown for your main server and all other SUMs have some date in the past?

    No, varies,

    May 4, 2011 – 39 Unit – Including Servers which takes update from Sophos

    May 3, 2011 – 63

    May 2, 2011 – 08

    April 28 to April 20, 2011 – 19

    Older then April 19, 2011 – 10

    -          Some (many, all? - I did not understand this part yet) clients appear as disconnected (the x) but they do update from their respective CIDs

    Many clients appear as disconnected (the x) but they do update from their respective CIDs

    -          You are no longer able to find new computers - is this correct? Which method do you use - on the network or by IP (I assume you're not using with AD)

    I use “find by IP address”, I am able to find new computers but it sometimes shows the following error message “Search for computers by IP address has failed”

    Last few lines of Log (from a Client including SUM) :

    04.05.2011 12:31:51 0230 I Getting parent router IOR from 10.20.0.57:8192

    04.05.2011 12:37:12 0230 I This computer is part of the domain BD-BRACBANK

    04.05.2011 12:37:12 0230 I Getting parent router IOR from sophossrv.bd.bracbank.com:8192

    04.05.2011 12:37:12 0230 I This computer is part of the domain BD-BRACBANK

    04.05.2011 12:37:12 0230 I Received parent router's IOR:

    IOR:010000002600000049444c3a536f70686f734d6573736167696e672f4d657373616765526f757465723a312e300000000100000000000000a0000000010102000b00000031302e352e31342e31310000012000004100000014010f004e5550000000210000000001000000526f6f74504f4100526f7574657250657273697374656e740003000000010000004d657373616765526f7574657200000003000000000000000800000001a4a200004f4154010000001400000001a4a20001000100000000000901010000000000140000000800000001a4a60086000220

    04.05.2011 12:37:12 0230 I Successfully validated parent router's IOR

    04.05.2011 12:37:12 0230 I Accessing parent

    04.05.2011 12:37:12 0230 E ParentLogon::RegisterParent: Caught CORBA system exception, ID 'IDL:omg.org/CORBA/TRANSIENT:1.0'

    OMG minor code (2), described as '*unknown description*', completed = NO

     04.05.2011 12:37:42 0230 I Getting parent router IOR from 10.20.0.57:8192

    ** Please note that 10.20.0.57 is OLD IP address, new IP address is 10.5.14.11

    We have checked the mrinit.conf file in client and found new IP address 10.5.14.11

    Last few lines of Log file From Server:

    04.05.2011 11:38:30 0CFC I Routing to EM:, origin=Router$W-1549-010:1630333.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:30 0CC0 I Sent message (id=01C0D677) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-4901-001:1360318.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CF4 I Sent message (id=01C0E656) to EM

    04.05.2011 11:38:34 0A24 I RouterTableEntry state (router, logging on): Router$W-1512-021:1297334 is active consumer (will try to notify), active supplier

    04.05.2011 11:38:34 0A24 I Logged on Router$W-1512-021:1297334 as a router

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$sophossrv, dest=Router$sophossrv.EM,-RouterLogon

    04.05.2011 11:38:34 0BE4 I Sent message (id=01C0E65A) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-EntityEvent

    04.05.2011 11:38:34 0C8C I Sent message (id=01BFFBB1) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CBC I Sent message (id=01C0CB5E) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-EntityEvent

    04.05.2011 11:38:34 0C90 I Sent message (id=01C0CC8A) to EM

    04.05.2011 11:38:34 098C I Communications timeout, logging Router$W-6304-004:1262043 off

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$sophossrv, dest=Router$sophossrv.EM,-RouterLogoff

    04.05.2011 11:38:34 0CC4 I Sent message (id=03C0E65A) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CC0 I Sent message (id=01C0CCA3) to EM

    04.05.2011 11:38:34 0CFC I Routing to EM:, origin=Router$W-1512-021:1297334.Agent, dest=EM,-GetStatus-Reply

    04.05.2011 11:38:34 0CF4 I Sent message (id=01C0DA9D) to EM

    -          Problem 2. is likely something different. As in two recent "cases" firewall settings were the culprit I'll just want to mention them here. If you can't browse from the server to an undetected PC C$ share it might not be found. Also try to telnet from the server to the client's 8194 port and from the client to the server's 8192.

    Yes we can access C$, can telnet client's 8194 port from Server, can telnet server's 8192 from Client

    Thanks

    Shariar

    :12535
Children
No Data