[8.910][CLOSED] Endpoint unable to register itself to the config

Also it seems that there are quite a few errors on the endpoint log

>=========================================================================

2012:03:20-09:25:21 ***** epsecd[4773]: E Error creating listening socket. Error:

2012:03:20-09:25:21 ***** epsecd[4773]: IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)

2012:03:20-09:25:21 ***** epsecd[4773]: 

2012:03:20-09:25:21 ***** epsecd[4773]:  1. Epsec::Logic::Client::_start:75() /Epsec/Logic/Client.pm

2012:03:20-09:25:21 ***** epsecd[4773]:  2. Epsec::Logic::Client:[:$]n_load:38() /Epsec/Logic/Client.pm

2012:03:20-09:25:21 ***** epsecd[4773]:  3. (eval):53() /Epsec/Logic/Base.pm

2012:03:20-09:25:21 ***** epsecd[4773]:  4. Epsec::Logic::Base::run:52() /Epsec/Logic/Base.pm

2012:03:20-09:25:21 ***** epsecd[4773]:  5. main::top-level:58() client.pl

2012:03:20-09:25:23 ***** epsecd[4773]: |=========================================================================

2012:03:20-09:25:23 ***** epsecd[4773]: E Epsecd error: $VAR1 = 'Can\'t use an undefined value as a symbol reference at /Epsec/Logic/Client.pm line 754.

2012:03:20-09:25:23 ***** epsecd[4773]: ';

2012:03:20-09:25:23 ***** epsecd[4773]: 

2012:03:20-09:25:23 ***** epsecd[4773]:  1. Epsec::Logic::Client:[:$]n_error:876() /Epsec/Logic/Client.pm

2012:03:20-09:25:23 ***** epsecd[4773]:  2. Epsec::Logic::Base::run:63() /Epsec/Logic/Base.pm

2012:03:20-09:25:23 ***** epsecd[4773]:  3. main::top-level:58() client.pl

2012:03:20-09:25:28 ***** epsecd[4773]:  Run initialization database

2012:03:20-09:25:30 ***** epsecd[4773]: >=========================================================================

2012:03:20-09:27:32 ***** epsecd[4773]: T Epsec::Logic::Client::_command:217() => Confd changes:$VAR1 = {

  Run initialization database

2012:03:20-09:29:33 ***** epsecd[4773]: |=========================================================================

2012:03:20-09:29:34 ***** epsecd[4773]: T Epsec::Logic::Client::_report:176() => $VAR1 = {

2012:03:20-09:29:34 ***** epsecd[4773]:           'operation' => 'Quit'

2012:03:20-09:29:34 ***** epsecd[4773]:         };

2012:03:20-09:31:35 ***** epsecd[4773]:  Run initialization database

2012:03:20-09:31:35 ***** epsecd[4773]: >=========================================================================

2012:03:20-09:31:35 ***** epsecd[4773]: T Epsec::Logic::Client::_command:217() => Confd changes:$VAR1 = {

2012:03:20-09:31:35 ***** epsecd[4773]:           'trigger' => {},

2012:03:20-09:31:35 ***** epsecd[4773]:           'objects' => {

2012:03:20-09:31:35 ***** epsecd[4773]:                          'REF_heqygyURNf' => {

2012:03:20-09:31:35 ***** epsecd[4773]:                                                'ref' => 'REF_heqygyURNf',

2012:03:20-09:31:35 ***** epsecd[4773]:                                                'type' => 'dns_host',

2012:03:20-09:31:35 ***** epsecd[4773]:                                                'class' => 'network',

2012:03:20-09:31:35 ***** epsecd[4773]:                                                'internal' => [],

2012:03:20-09:31:35 ***** epsecd[4773]:                                                'attributes' => [

2012:03:20-09:31:35 ***** epsecd[4773]:                                                                  'address'

2012:03:20-09:31:35 ***** epsecd[4773]:                                                                ]

2012:03:20-09:31:35 ***** epsecd[4773]:                                              }

2012:03:20-09:31:35 ***** epsecd[4773]:                        },

2012:03:20-09:31:35 ***** epsecd[4773]:           'main' => {

2012:03:20-09:31:35 ***** epsecd[4773]:                       'epp->status->broker' => 1

2012:03:20-09:31:35 ***** epsecd[4773]:                     },

2012:03:20-09:31:35 ***** epsecd[4773]:           'exclusive' => {}

2012:03:20-09:31:35 ***** epsecd[4773]:         };

2012:03:20-09:31:36 ***** epsecd[4773]: |=========================================================================

2012:03:20-09:31:36 ***** epsecd[4773]: E sysread() error on SSL socket: Connection reset by peer

2012:03:20-09:31:36 ***** epsecd[4773]: 

2012:03:20-09:31:36 ***** epsecd[4773]:  1. Epsec::Logic::Client::_getline:840() /Epsec/Logic/Client.pm

2012:03:20-09:31:36 ***** epsecd[4773]:  2. Epsec::Logic::Client::_receive:790() /Epsec/Logic/Client.pm

2012:03:20-09:31:36 ***** epsecd[4773]:  3. Epsec::Logic::Client::_report:172() /Epsec/Logic/Client.pm

2012:03:20-09:31:36 ***** epsecd[4773]:  4. Epsec::Logic::Client:[:$]n_run:150() /Epsec/Logic/Client.pm

2012:03:20-09:31:36 ***** epsecd[4773]:  5. (eval):55() /Epsec/Logic/Base.pm

2012:03:20-09:31:36 ***** epsecd[4773]:  6. Epsec::Logic::Base::run:52() /Epsec/Logic/Base.pm

2012:03:20-09:31:36 ***** epsecd[4773]:  7. main::top-level:58() client.pl

2012:03:20-09:31:48 ***** epsecd[4773]: |=========================================================================

2012:03:20-09:31:48 ***** epsecd[4773]: E Timeout while reading from SSL socket

2012:03:20-09:31:48 ***** epsecd[4773]: 

2012:03:20-09:31:48 ***** epsecd[4773]:  1. Epsec::Logic::Client::_getline:832() /Epsec/Logic/Client.pm

2012:03:20-09:31:48 ***** epsecd[4773]:  2. Epsec::Logic::Client::_receive:790() /Epsec/Logic/Client.pm

2012:03:20-09:31:48 ***** epsecd[4773]:  3. Epsec::Logic::Client::_report:172() /Epsec/Logic/Client.pm

2012:03:20-09:31:48 ***** epsecd[4773]:  4. Epsec::Logic::Client:[:$]n_run:150() /Epsec/Logic/Client.pm

2012:03:20-09:31:48 ***** epsecd[4773]:  5. (eval):55() /Epsec/Logic/Base.pm

2012:03:20-09:31:48 ***** epsecd[4773]:  6. Epsec::Logic::Base::run:52() /Epsec/Logic/Base.pm

2012:03:20-09:31:48 ***** epsecd[4773]:  7. main::top-level:58() client.pl

Hi wingman.

First off, please restart the following service: /var/mdw/scripts/epsecc restart.

Secondly, if you delete an endpoint from the UTM, it should delete all known records of it both from the UTM confd and UTM db. Then this command must be reproduced on the cloud service(invalidate credentials and such) so that the endpoint can no longer talk to the cloud service(Sophos LiveConnect).

The first error you posted signals that there are still reports coming for that endpoint(possibly because the last step for this failed).

I'd like to have a look over your logs file, so if possible please attache /var/log/epsecd.log to this thread.

Does your UTM ID end in 'cfe7861a'?

Thanks

I have executed the command for service restart. I have also sent you via PM the UTM ID as shown on my UTM (advanced tab)

Logs attached. I have restarted the service but still getting the same error message

var/mdw/scripts/epsecc restart 15:42 PM lOndon time

2012:03:20-15:45:23 ***** epsecd[4203]: 6. main::top-level:58() client.pl

2012:03:20-15:45:35 ***** epsecd[5226]: T main::top-level:47() => Epsecd starting

2012:03:20-15:45:40 ***** epsecd[5226]: T Epsec::Helpers::Client::init_db:341() => Run initialization database

2012:03:20-15:45:45 ***** epsecd[5226]: >=========================================================================

2012:03:20-15:45:45 ***** epsecd[5226]: T Epsec::Logic::Client::_report:176() => $VAR1 = {

2012:03:20-15:45:45 ***** epsecd[5226]: 'reports' => [

2012:03:20-15:45:45 ***** epsecd[5226]: {

2012:03:20-15:45:45 ***** epsecd[5226]: 'ack_id' => 85711,

2012:03:20-15:45:45 ***** epsecd[5226]: 'timestamp' => '2012-03-20 15:44:37',

2012:03:20-15:45:45 ***** epsecd[5226]: 'content' => '{"geo_ip":"109.145.50.85","sav_status":1,"type":"ep_status","mcs_id":"7ac35073-87ad-9cac-3b62-715e7663c62c","last_ping":"Tue Mar 20 15:44:37 2012","geo_city":"TG9uZG9u","geo_country":"VW5pdGVkIEtpbmdkb20="}'

2012:03:20-15:45:45 ***** epsecd[5226]: }

2012:03:20-15:45:45 ***** epsecd[5226]: ],

2012:03:20-15:45:45 ***** epsecd[5226]: 'operation' => 'Report'

2012:03:20-15:45:45 ***** epsecd[5226]: };

2012:03:20-15:45:45 ***** epsecd[5226]: |=========================================================================

2012:03:20-15:45:45 ***** epsecd[5226]: E Endpoint need to register in the Confd!

The restart service command was performed at 15:42 PM (London Time)

Hi wingman,

After looking at the logs, my assumption came true.

You get that warning message in the logs, because you get reports for an endpoint your UTM doesn't know about. This is because, there were connection problems at the moment when you triggered the delete endpoint action and that action never reached the cloud service.

I consider this a bug, and hopefully this will get fixed in the following release.

Now, I can "acknowledge" that action for you on the cloud service if you don't like getting that warning in the logs, or if you don't have any other endpoints connected you can just enable/disable the feature again [:)]. Let me know how you want to proceed with this.

Hi rfarcas

I have another user using the endpoint service at the moment so please "acknowledge"

"Acknowledged".