07 September 2011

Sophos Endpoint does not communicate to Enterprise Management Console

On machines with Multiple network adapters you might experience that there is not communication with the Enterprise Management console.  This will indicate the machine as un-managed in the console.  Re-installing Sophos Anti-Virus on the computers does not resolve this issue.

This problem is becoming more prevalent as more virtual machines and therefore virtual network adapters are being installed on PCs and servers.  This is a problem with Vmware, VirtualBox, Hyper-V and Virtual PC.

The solution to this is documented in http://www.sophos.com/support/knowledgebase/article/12507.html - but here is the solution:

Follow the procedure below. This forces the Remote Management System to listen on one IP address only, so the certificate manager will have only one, correct, IP address to bind to.
Note: In the following procedure, the example in step 7 assumes that the IP address you chose is You must enter the correct value for your system, as obtained from the list of IP addresses in step 2.
  1. Log on at the server. Determine the IP addresses of the server. On the menu bar, click Start|Programs|Accessories|Command Prompt. In the Command Prompt window, type ipconfig -all .
  2. Make a note of all the IP addresses allocated to the computer, and determine which one is on the same subnet as your client computers. (If you are unsure of this, check your system documentation.)
  3. Click Start|Run and type regedit. Click 'OK'. The Registry Editor window opens.
    Warning: Before attempting to edit the registry, read the warning issued by Microsoft.
  4. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
  5. In the right-hand pane, double-click 'ImagePath'. The Edit String dialog box opens.
  6. The 'Value data' field displays the value:
    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194
  7. Change this to:
    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://
    (Replace with the IP address you noted in step 2 above.)
  8. Click 'OK'.
  9. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\sophos\Messaging System\Router.
  10. In the right-hand pane, double-click 'ServiceArgs'. The Edit String dialog box opens.
  11. The 'ServiceArgs' field displays the value:
    "-ORBListenEndpoints iiop://:8193/ssl_port=8194"
  12. Change this to:
    "-ORBListenEndpoints iiop://"
    (Replace with the IP address you noted in step 2 above.)
  13. Click 'OK', and close the Registry Editor.
  14. Open the Services window on your server.
  15. Scroll down to the Sophos Message Router service. Right-click the service and select 'Restart'. Click 'OK' or 'Yes' to any messages you receive about service dependencies.
  16. In the same Services window, ensure that all other services starting with the word "Sophos" are running. It is not necessary for SQLAgent$Sophos to be running.
Your computers should now be able to retrieve certificates from the server and, over a short period, will start to appear as managed in the Enterprise Console.

 For other potential problems check:


No comments:

Post a Comment