Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 7852 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Envelopes folder filling with EM-RouterLogon messages after device control policy push

jim_digriz

Enterprise Console 5.2/SESC 10.3

After enabling Device Control and pushing the policy to all workstation clients the Envelopes folder is filling up rapidly (several thousand per hour) with undelivered messages most of which are EM-RouterLogon messages from the Sophos server to itself (see below). This behaviour did not occur before the device control push.

I've followed the standard instructions for clearing the Envelopes folder but this only offers a temporary recovery as the messages keep on coming. Server has been rebooted as well.

Any ideas folks?

[PersistentIndex] 15012
[FromParent] 0
[Originator] Router$sophos-svr-1
[OriginatorCertificate] 1200000000000000840400002d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d4949444b544343416847674177494241674942416a414e42676b71686b69473977304241515146414441524d513877445159445651514446415a4654544a660a513045774868634e4d544d774e6a49774d446b304e5441355768634e4d7a4d774e6a45324d446b304e544135576a41654d527777476759445651514446424e530a623356305a58496b633239776147397a4c584e32636930784d494942496a414e42676b71686b6947397730424151454641414f43415138414d49494243674b430a41514541746d55522b46536d3068532b69635659462b5868356c6d34655a6a424a475a694a2f4c396f595755367946324c6a2b76754a5250712f436c547253780a6f6c6e56622b504b42786359784342464b4268346864787777572b7050644c564b794332585048446b2f5039764b4963595976347132556b6b39585a43502f640a775153487432767857376a33444370576f55356343645070766c52747954334741735674674a62684a77745a346e4f664256306a3841494333454433584230440a6c657458572b73575364473538786d42354550466567634c366d6c36494771706a59614249536c74695a73644851436264524a616a304c50386743453559386d0a796b73365451584a4554455955345a314e4b62506b67414b4d3050746e44326a6c736f4c766e70536d45383933674743487a324a4f7958526a7254565266796b0a62696a73627a6a435749514a57497533494861427263427932774944415141426f3338776654416442674e5648513445466751556c6d38595649305644586a550a44317a41424b524930547454593259774f5159445652306a424449774d49415570596a304b58466a736b6853506a39385a6f55755a4662386c525768466151540a4d424578447a414e42674e5642414d55426b564e4d6c3944515949424154414a42674e5648524d45416a41414d41344741315564447745422f775145417749460a6f44414742674a33415151414d413047435371475349623344514542424155414134494241514131552f595159517665513351472f424a627546504a586e616a0a6e327738617037785247337a6d526f6e682b63457343564b696c38456c7a3258302b2b4b6d3475374e6a78687532756b74426e33707a53444f4d4d55475556390a686a6655526e2f7868437558334f65784231536671765a73324e676a795158703136526e502b34415342333058445045767643646f5748333269707353634f650a33566c504a68664f324276366b5852734672356a67436730634b754c6f7a316b553678463958636d3343753738757862446e5a626a34576b534a4369634c32790a6f4d34395343412f4764716c6759715558654e5432356b6d793651342f474a5477786c69684957494c466d505779553038394a3067376a6557413077734139460a5a6c414975777741456a33667242464770696a684f6f4a594a4b7737393835726c6d4970723549784279646c514933422f662f316d465834694461550a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a00
[PhysicalDestination] Router$sophos-svr-1.EM
[MessageId] 146779180
[Destination] Router$sophos-svr-1.EM
[Priority] 0
[TTL] 1421890796
[Type] EM-RouterLogon
[Data] 12000000000000001c000000526f7574657224555753554b32573032343833323a33303636303000
[Timestamps] (2,(Router$sophos-svr-1,54bfac2c),(Router$sophos-svr-1,54bfac2c))
[Options]
:55460


This thread was automatically locked due to age.
  • 0

    Hello jim_digriz,

    can't see how this could be related to enabling the Device Control policy ... What does the router log say? How frequent are these logon attempts? Any anomalies in the console, does it show the server itself as connected or not?

    Christian

    :55461
  • 0

    I was unable to pick up the router log yesterday but over night the issue has resolved itself. At its peak there were approximately 5,000 messages being left every hour and that behaviour persisted for 48 hours after the policy push (we've been able to correlate the start of the problem almost exactly with that policy push) and through several reboots and repeated clearing of the evelopes folder.

    The console appeared to be behaving normally and I could see the server correctly logged in, also I could query devices and perform Anti-Virus operations without issue, until the envelopes folder became to full that is.

    I'm trying to get a support call opened for this as I'd very much like to stop it happening again.

    :55486