Messages sent to a reinstalled message relay server remain unsent

  • Article ID: 14691
  • Updated: 09 May 2014

Issue

If Sophos Anti-Virus is removed from a message relay server, and that computer is then reinstalled as a message relay server, any previously unsent messages on the workstations reporting to the server are not forwarded to the computer running Enterprise Console, but are left unsent. Also, no new messages are sent until the Sophos Agent has been restarted.

First seen in

Sophos Anti-Virus for Windows 2000+ 7.6.21

Cause

If a server is installed as a message relay server, and Sophos Anti-Virus is then removed from it while workstations are attached to it, those workstations will no longer communicate with the main console server. If the old message relay server is reinstalled with Sophos Anti-Virus, and again established as a message relay server using the same Central Installation Directory (CID) as before, and to manage the same workstations, when a 'Comply' message is sent to those workstation the unsent messages remain unsent. No messages are received from the workstations, either.

This happens because during installation the message relay router is given a token type ID which forms part of the router address used by the Sophos Remote Management System (RMS). When it is re-installed it is given a different ID. The unsent messages used the old ID.

If the Sophos Agent is restarted on the workstations, all new messages will be correctly sent. However, the old messages will remain in the envelopes folder as they point to the wrong router address.

What To Do

  • When re-installing a message relay server, you should temporarily set workstations currently reporting to the message relay server to report to the main server, or to another message relay server.
  • If you did not temporarily redirect your workstations, restart the Sophos Agent on the workstations to initiate the sending of newly created messages. The old unsent messages will remain unsent, as they use an incorrect router address. Run an immediate, or scheduled, scan on the affected computers to make them report any detected threats.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments