Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to debug Endpoint heartbeat "The network status has changed, the Firewall may disconnect."

LHerzog

We have a client currently that is only connected with LAN. The client is reporting network changes the the firewall every few minutes and generates a new HB session. Causing many interruptins for the user.

The client computer remains connected to the network all the time and ping and voip applications have no outages. eventlog of windows also is not showing network reconnects. anyway the heartbeat agent re-initiates HB against the firewall every few minutes.

I can follow the communication on wireshark - the clients terminates the HB session and sends a FIN to the heartbeat IP and starts a new HB TLS session to the HB IP afterwards. that is regardless a user is logged on or not.

We have ruled out drivers and BIOS - that is all up to date and the issue was also with older versions - only for that client.

Question:

What I need from some skilled Sophos guys is how to debug the heartbeat agent on the client computer so I can see, what causes it to "think" there are network changes.

2023-03-17T11:05:35.453Z [ 5484: 6264] A Sending network status
2023-03-17T11:05:35.454Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:05:35.456Z [ 5484: 6264] A Received request to enable enhanced application control
2023-03-17T11:05:35.457Z [ 5484: 6264] A Sending endpoint state list request
2023-03-17T11:05:35.457Z [ 5484: 6264] A Sending login status.
2023-03-17T11:05:35.457Z [ 5484: 6264] A User:
2023-03-17T11:05:35.457Z [ 5484: 6264] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-03-17T11:05:35.458Z [ 5484: 6264] A Received response to endpoint state list request, size: 2
2023-03-17T11:08:34.755Z [ 5484: 6264] A Sending network status
2023-03-17T11:08:34.755Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:08:34.758Z [ 5484: 6264] A Connection closed (network error).
2023-03-17T11:08:35.810Z [ 5484: 6264] A Connection succeeded.
2023-03-17T11:08:35.810Z [ 5484: 6264] A Connected to 'ed98a5bf-xxxxxxxxxxxxxxxxxxxxx13f1b' at IP address 52.5.76.173 on port 8347
2023-03-17T11:08:35.810Z [ 5484: 6264] A Sending network status
2023-03-17T11:08:35.810Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:08:35.862Z [ 5484: 6264] A Received request to enable enhanced application control
2023-03-17T11:08:35.862Z [ 5484: 6264] A Sending endpoint state list request
2023-03-17T11:08:35.863Z [ 5484: 6264] A Sending login status.
2023-03-17T11:08:35.863Z [ 5484: 6264] A User:
2023-03-17T11:08:35.863Z [ 5484: 6264] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-03-17T11:08:35.864Z [ 5484: 6264] A Received response to endpoint state list request, size: 2
2023-03-17T11:11:35.089Z [ 5484: 6264] A Sending network status
2023-03-17T11:11:35.089Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:11:35.091Z [ 5484: 6264] A Connection closed (network error).
2023-03-17T11:11:36.131Z [ 5484: 6264] A Connection succeeded.
2023-03-17T11:11:36.131Z [ 5484: 6264] A Connected to 'ed98a5bf-xxxxxxxxxxxxxxxxxxxxx13f1b' at IP address 52.5.76.173 on port 8347
2023-03-17T11:11:36.132Z [ 5484: 6264] A Sending network status
2023-03-17T11:11:36.132Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:11:36.185Z [ 5484: 6264] A Received request to enable enhanced application control
2023-03-17T11:11:36.186Z [ 5484: 6264] A Sending endpoint state list request
2023-03-17T11:11:36.186Z [ 5484: 6264] A Sending login status.
2023-03-17T11:11:36.186Z [ 5484: 6264] A User:
2023-03-17T11:11:36.187Z [ 5484: 6264] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-03-17T11:11:36.188Z [ 5484: 6264] A Received response to endpoint state list request, size: 2

Here A client log together with filtered hblog from firewall below

2023-03-17T11:21:36.167Z [ 5484: 6264] A Sending network status
2023-03-17T11:21:36.167Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:21:36.170Z [ 5484: 6264] A Connection closed (network error).
2023-03-17T11:21:37.216Z [ 5484: 6264] A Connection succeeded.
2023-03-17T11:21:37.216Z [ 5484: 6264] A Connected to 'ed98a5bf-xxxxxxxxxxxxxxxxxxxxx13f1b' at IP address 52.5.76.173 on port 8347
2023-03-17T11:21:37.217Z [ 5484: 6264] A Sending network status
2023-03-17T11:21:37.217Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:21:37.263Z [ 5484: 6264] A Received request to enable enhanced application control
2023-03-17T11:21:37.263Z [ 5484: 6264] A Sending endpoint state list request
2023-03-17T11:21:37.263Z [ 5484: 6264] A Sending login status.
2023-03-17T11:21:37.263Z [ 5484: 6264] A User:
2023-03-17T11:21:37.263Z [ 5484: 6264] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-03-17T11:21:37.265Z [ 5484: 6264] A Received response to endpoint state list request, size: 2

[2023-03-17 11:21:13.309Z] INFO HBSessionHandler.cpp[32722]:125 removeDirtySessions - Number of sessions: 174
[2023-03-17 11:21:13.431Z] INFO HBSessionHandler.cpp[32722]:152 findPinnedEndpointIdentity - Number of sessions: 175
[2023-03-17 11:21:16.102Z] WARN ModuleNetwork.cpp[32722]:62 processNetworkRequest - Network settings changed on endpoint, so disconnect it.
[2023-03-17 11:21:16.102Z] ERROR ModuleMessageHub.cpp[32722]:82 onHBMsgReceive - sending no response for unhandled message network
[2023-03-17 11:21:17.138Z] INFO HBSessionHandler.cpp[32722]:125 removeDirtySessions - Number of sessions: 174
[2023-03-17 11:21:17.216Z] INFO HBSessionHandler.cpp[32722]:152 findPinnedEndpointIdentity - Number of sessions: 175
[2023-03-17 11:21:36.172Z] WARN ModuleNetwork.cpp[32722]:62 processNetworkRequest - Network settings changed on endpoint, so disconnect it.
[2023-03-17 11:21:36.172Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 11:21:36.172Z] ERROR ModuleMessageHub.cpp[32722]:82 onHBMsgReceive - sending no response for unhandled message network
[2023-03-17 11:21:37.207Z] INFO HBSessionHandler.cpp[32722]:125 removeDirtySessions - Number of sessions: 174
[2023-03-17 11:21:37.221Z] INFO HBSessionHandler.cpp[32722]:152 findPinnedEndpointIdentity - Number of sessions: 175
[2023-03-17 11:21:37.221Z] INFO HBSession.cpp[32722]:504 logNewSession - New Session: [172.xxx.xxx.86]:20977 connected
[2023-03-17 11:21:37.222Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 11:21:37.222Z] INFO ModuleSacFirst.cpp[32722]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=172.xxx.xxx.86)
[2023-03-17 11:21:37.267Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 11:21:37.269Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 11:21:46.176Z] WARN ModuleNetwork.cpp[32722]:62 processNetworkRequest - Network settings changed on endpoint, so disconnect it.
[2023-03-17 11:21:46.176Z] ERROR ModuleMessageHub.cpp[32722]:82 onHBMsgReceive - sending no response for unhandled message network
[2023-03-17 11:21:47.222Z] INFO HBSessionHandler.cpp[32722]:125 removeDirtySessions - Number of sessions: 174
[2023-03-17 11:21:47.298Z] INFO HBSessionHandler.cpp[32722]:152 findPinnedEndpointIdentity - Number of sessions: 175



This thread was automatically locked due to age.
Parents
  • 0

    Unlikely you will find somebody here to look into this. That requires a intervention within the SDU and looking into all logs to find the reason for this, and for this you need a support case and GES / DEV involved. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    probably this is a difficult task. agree.

    in the meantime I found this logs appearing in the connect client logs:

    PS C:\Windows\system32> Get-Content "C:\Program Files (x86)\Sophos\Connect\*.log"
    2023-03-17 11:47:57AM 00[DMN] Starting IKE service charon-svc (strongSwan 5.9.5, Windows Client 6.2.9200 (SP 0.0)
    2023-03-17 11:47:57AM 00[LIB] TAP-Windows driver version 1.0 available.
    2023-03-17 11:47:59AM 00[LIB] opened TUN device: {F6000DAC-C01B-4E9D-B452-B92E09A1A981}
    2023-03-17 11:47:59AM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-l
    ibipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
    2023-03-17 11:47:59AM 00[JOB] spawning 16 worker threads
    2023-03-17 11:48:17AM 17[KNL] 169.254.229.153 disappeared from interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz'
    2023-03-17 11:48:17AM 17[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 11:48:17AM 18[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 11:49:46AM 17[KNL] interface 18 'Microsoft Wi-Fi Direct Virtual Adapter #2' appeared
    2023-03-17 11:54:18AM 19[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 11:54:18AM 19[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 11:57:18AM 20[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 11:57:18AM 20[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:00:18PM 21[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:00:18PM 22[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:02:19PM 21[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:02:19PM 22[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:05:19PM 23[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:05:19PM 24[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:08:19PM 25[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:08:19PM 25[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:11:20PM 26[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:11:20PM 27[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:13:21PM 28[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:13:21PM 29[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:17:22PM 30[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:17:22PM 31[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:21:23PM 32[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:21:23PM 33[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:21:23PM 32[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:25:23PM 34[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:25:23PM 34[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:25:23PM 34[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:31:23PM 35[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:31:23PM 36[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:38:22PM 37[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:38:22PM 38[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:43:23PM 39[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:43:23PM 39[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:47:24PM 40[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:47:24PM 41[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:51:25PM 42[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:51:25PM 43[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:53:26PM 44[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:53:26PM 45[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:59:25PM 46[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:59:25PM 46[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:02:25PM 47[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:02:25PM 48[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:05:26PM 49[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:05:26PM 50[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:10:27PM 51[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:10:27PM 52[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:14:28PM 53[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:14:28PM 53[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:21:28PM 54[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:21:28PM 54[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:26:30PM 55[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:26:30PM 56[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:34:16PM [8696] inf Sophos-Connect-Version: 2.2.90.1104
    2023-03-17 12:34:16PM [8696] inf strongSwan-Version: 5.9.5
    2023-03-17 12:34:16PM [8696] inf OpenVPN-Version: 2.5.6.0
    2023-03-17 11:47:55AM [6044] inf Starting Sophos Sophos Connect version 2.2.90.1104
    2023-03-17 11:47:55AM [6044] dbg Initializing protected storage
    2023-03-17 11:47:55AM [6044] inf No user is currently logged on
    2023-03-17 11:47:55AM [6044] dbg Starting the auto-importer
    2023-03-17 11:47:56AM [6044] inf Initializing strongSwan
    2023-03-17 11:48:01AM [6044] dbg strongSwan version 5.9.5 has been started
    2023-03-17 11:48:02AM [6044] inf Initializing open vpn service
    2023-03-17 11:48:02AM [6044] dbg Starting the communications module
    2023-03-17 11:48:02AM [6044] dbg Starting HTTP server on 127.0.0.1:60110
    2023-03-17 11:48:02AM [6044] inf Sophos Connect started
    2023-03-17 11:48:07AM [8724] dbg Sending telemetry data to sftelemetry.sophos.com:443
    2023-03-17 11:48:09AM [8724] wrn Timed out waiting for response from telemetry server
    2023-03-17 12:33:21PM [5412] dbg User change detected: current user is xxxxxxxx\xxxxx
    2023-03-17 12:33:21PM [5412] inf Logged on user is xxxxxxxx\xxxxx
    PS C:\Windows\system32>

    Most interesting is the WiFi Adapter that is logged gone appeared / disappeared 

    client hb logs:

    2023-03-17T11:47:39.064Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:47:40.096Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:51:39.388Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:51:40.431Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:53:39.661Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:53:40.742Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:59:40.352Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:59:41.420Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:02:40.703Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:02:41.766Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:05:41.024Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:05:42.085Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:10:41.615Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:10:42.649Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:14:42.079Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:14:43.136Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:21:42.801Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:21:43.842Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:26:43.475Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:26:44.531Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:29:43.724Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:29:44.757Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:31:43.939Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:31:44.981Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:36:44.564Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:36:45.626Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.

    and the FW hb logs logs

    [2023-03-17 12:02:41.771Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:02:41.817Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:02:41.819Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:05:41.029Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:05:42.090Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:05:42.136Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:05:42.137Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:10:41.623Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:10:42.656Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:10:42.707Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:10:42.708Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:14:42.086Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:14:43.150Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:14:43.204Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:14:43.206Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:21:42.807Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:21:43.848Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:21:43.899Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:21:43.900Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:26:43.481Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:26:44.539Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:26:44.540Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:26:44.542Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:29:43.732Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:29:44.765Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:29:44.816Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:29:44.818Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:31:43.947Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:31:44.988Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:31:45.042Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:31:45.044Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1

Reply
  • 0 in reply to LuCar Toni

    probably this is a difficult task. agree.

    in the meantime I found this logs appearing in the connect client logs:

    PS C:\Windows\system32> Get-Content "C:\Program Files (x86)\Sophos\Connect\*.log"
    2023-03-17 11:47:57AM 00[DMN] Starting IKE service charon-svc (strongSwan 5.9.5, Windows Client 6.2.9200 (SP 0.0)
    2023-03-17 11:47:57AM 00[LIB] TAP-Windows driver version 1.0 available.
    2023-03-17 11:47:59AM 00[LIB] opened TUN device: {F6000DAC-C01B-4E9D-B452-B92E09A1A981}
    2023-03-17 11:47:59AM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-l
    ibipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
    2023-03-17 11:47:59AM 00[JOB] spawning 16 worker threads
    2023-03-17 11:48:17AM 17[KNL] 169.254.229.153 disappeared from interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz'
    2023-03-17 11:48:17AM 17[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 11:48:17AM 18[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 11:49:46AM 17[KNL] interface 18 'Microsoft Wi-Fi Direct Virtual Adapter #2' appeared
    2023-03-17 11:54:18AM 19[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 11:54:18AM 19[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 11:57:18AM 20[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 11:57:18AM 20[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:00:18PM 21[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:00:18PM 22[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:02:19PM 21[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:02:19PM 22[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:05:19PM 23[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:05:19PM 24[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:08:19PM 25[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:08:19PM 25[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:11:20PM 26[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:11:20PM 27[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:13:21PM 28[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:13:21PM 29[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:17:22PM 30[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:17:22PM 31[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:21:23PM 32[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:21:23PM 33[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:21:23PM 32[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:25:23PM 34[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:25:23PM 34[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:25:23PM 34[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:31:23PM 35[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:31:23PM 36[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:38:22PM 37[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:38:22PM 38[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:43:23PM 39[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:43:23PM 39[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:47:24PM 40[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:47:24PM 41[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:51:25PM 42[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:51:25PM 43[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:53:26PM 44[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:53:26PM 45[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:59:25PM 46[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 12:59:25PM 46[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:02:25PM 47[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:02:25PM 48[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:05:26PM 49[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:05:26PM 50[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:10:27PM 51[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:10:27PM 52[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:14:28PM 53[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:14:28PM 53[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:21:28PM 54[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:21:28PM 54[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 01:26:30PM 55[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' disappeared
    2023-03-17 01:26:30PM 56[KNL] interface 16 'Intel(R) Wi-Fi 6 AX201 160MHz' appeared
    2023-03-17 12:34:16PM [8696] inf Sophos-Connect-Version: 2.2.90.1104
    2023-03-17 12:34:16PM [8696] inf strongSwan-Version: 5.9.5
    2023-03-17 12:34:16PM [8696] inf OpenVPN-Version: 2.5.6.0
    2023-03-17 11:47:55AM [6044] inf Starting Sophos Sophos Connect version 2.2.90.1104
    2023-03-17 11:47:55AM [6044] dbg Initializing protected storage
    2023-03-17 11:47:55AM [6044] inf No user is currently logged on
    2023-03-17 11:47:55AM [6044] dbg Starting the auto-importer
    2023-03-17 11:47:56AM [6044] inf Initializing strongSwan
    2023-03-17 11:48:01AM [6044] dbg strongSwan version 5.9.5 has been started
    2023-03-17 11:48:02AM [6044] inf Initializing open vpn service
    2023-03-17 11:48:02AM [6044] dbg Starting the communications module
    2023-03-17 11:48:02AM [6044] dbg Starting HTTP server on 127.0.0.1:60110
    2023-03-17 11:48:02AM [6044] inf Sophos Connect started
    2023-03-17 11:48:07AM [8724] dbg Sending telemetry data to sftelemetry.sophos.com:443
    2023-03-17 11:48:09AM [8724] wrn Timed out waiting for response from telemetry server
    2023-03-17 12:33:21PM [5412] dbg User change detected: current user is xxxxxxxx\xxxxx
    2023-03-17 12:33:21PM [5412] inf Logged on user is xxxxxxxx\xxxxx
    PS C:\Windows\system32>

    Most interesting is the WiFi Adapter that is logged gone appeared / disappeared 

    client hb logs:

    2023-03-17T11:47:39.064Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:47:40.096Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:51:39.388Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:51:40.431Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:53:39.661Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:53:40.742Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:59:40.352Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T11:59:41.420Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:02:40.703Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:02:41.766Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:05:41.024Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:05:42.085Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:10:41.615Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:10:42.649Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:14:42.079Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:14:43.136Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:21:42.801Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:21:43.842Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:26:43.475Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:26:44.531Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:29:43.724Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:29:44.757Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:31:43.939Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:31:44.981Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:36:44.564Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.
2023-03-17T12:36:45.626Z [ 5484: 6264] A The network status has changed, the Firewall may disconnect.

    and the FW hb logs logs

    [2023-03-17 12:02:41.771Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:02:41.817Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:02:41.819Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:05:41.029Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:05:42.090Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:05:42.136Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:05:42.137Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:10:41.623Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:10:42.656Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:10:42.707Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:10:42.708Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:14:42.086Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:14:43.150Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:14:43.204Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:14:43.206Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:21:42.807Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:21:43.848Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:21:43.899Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:21:43.900Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:26:43.481Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:26:44.539Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:26:44.540Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:26:44.542Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:29:43.732Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:29:44.765Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:29:44.816Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:29:44.818Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1
[2023-03-17 12:31:43.947Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <1> -> <5>
[2023-03-17 12:31:44.988Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a>: <5> -> <1>
[2023-03-17 12:31:45.042Z] INFO EpStateListBroker.cpp[32722]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a(172.xxx.xxx.86)
[2023-03-17 12:31:45.044Z] INFO ModuleStatus.cpp[32722]:137 processMessageStatus - Status request received from endpoint: 6c9d2bxxxxxxxxxxxxxxxxxxxe2462d84a (172.xxx.xxx.86) health: 1

Children
  • 0 in reply to LHerzog

    Likely thats your Problem. The Wireless Adapter is one Connectivity Module. You need to check with the vendor for the reasoning of this flapping. 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    to find the cause for the adapter behaviour is probably a hard nut for our guys from the endpoint team. eventually it is faulty.

    we have a working workaround by disabling WiFi in Windows as long as the machine is LAN-connected.

    That stops the WiFi NIC from dis- and re-appearing.

Unfiltered HTML