Why is port 80 required/ needs configuring when installing or upgrading to Enterprise Console 5.x?

  • Article ID: 114182
  • Rating:
  • 11 customers rated this article 3.5 out of 6
  • Updated: 12 Jun 2012

Issue

During the installation of, or upgrading to, Sophos Enterprise Console version 5.x the installer prompts for port 80 access and allows you to configure another port. Why is this required?

First seen in

Enterprise Console 5.0.0

Cause

A port number must be configured during the management server installation to enable: 

  • Managed endpoints running the Sophos Patch Agent to communicate with the management server.
  • An Enterprise Console installation (local or remote to the management server) to communicate with the Web Control, Patch and Encryption server-side components.

What To Do

If you do not want to use port 80 or cannot use it (i.e. port 80 is already being used by an application that is unable to share the port - see Technical Information below) you can change the default port number to another, available port.

Warning: The port number you decide to use now can be changed later on by running the console installer again. However please be aware that if you change the port, after installing a remote console(s) or deploying Sophos Patch to clients, you will also need to re-configure all remote consoles and re-deploy Sophos endpoint security software to any clients using Sophos Patch.

If you are getting a message that the port is already in use, see KBA 116881

Technical Information

The requirement for this port is due to the new framework in Enterprise Console which enables it to communicate with the new server-side web services hosted on the Sophos management server.  It is also used by managed clients running the Sophos Patch Agent as the patch agent connects to the management server on this port to retrieve patch definitions and to report assessments.

It is possible to re-use port 80 even on a machine running IIS 6+ which is already bound to port 80 to serve content as both IIS and WCF (the technology used by Enterprise Console) use the kernel-mode HTTP stack (HTTP.sys). HTTP.sys allows the port to be shared through URL reservations and therefore you should not see any port conflicts with applications that also use HTTP.sys such as IIS.  To view the URL reservations on the management server you can run the following commands:  

Windows 7 and 2008/2008 R2

netsh http show urlacl

On Windows 2003 you will require httpcfg.exe which is part of the Support tools.

httpcfg.exe query urlacl

To prove that the "client", in this case EnterpriseConsole.exe is in alignment with the registrations on the server, if you open up the file EnterpriseConsole.exe.config, which is in the same directory as EnterpriseConsole.exe, you will see sections at the bottom which define the addresses of the web services. 

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments