If computers appear in the Enterprise Console as un-managed, and the Windows Event Log shows that the Enterprise Console service is failing to start, it is possible that there is a port conflict between Enterprise Console and a Bloomberg application.
In the past Bloomberg only used port 8194 and this port clashes with Sophos ports. Now Bloomberg has also reserved port 8195 as a Bloomberg port and so this needs to be changed accordingly (to 8196).
First seen in
Enterprise Console 4.5.0
What to do
During this procedure you need to reprotect clients. If this is potentially problematic, e.g., if you have a very large network, alternative ways of managing this are described in the section entitled Reprotecting clients which can be found at the end of this article.
- On the management server open the registry editor (Start | Run | Type:
regedit.exe | Press return). Before editing the registry read article 10388.
- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router.
- Double click the ImagePath value in the right hand pane and edit the string to change ssl_port value from 8194 to 8196.
(Note: You only need to change this once on the server.)
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router
- Double click the ServiceArgs value and edit the string to change the ssl port value from 8194 to 8196.
- Go to the file mrinit.conf1 in a text editor such as Notepad and change the line:
- Copy mrinit.conf (edited in step 6.) to the following three locations:
- C:\Program Files\Sophos\Enterprise Console\
- C:\Program Files\Sophos\Enterprise Console\SUMInstaller\
- The folder described below based on your console version1.
- On the management server, open Enterprise Console and click Update Managers.
- Right click on the SUM server and select Update Now, this will update the associated distribution location.
(To verify the new mrinit.conf file is now available to the endpoints, open the mrinit.conf file in Notepad located here:
(2003) C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP
(2008) C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCXP
Note: The path may vary depending on the update policy assigned to your endpoints.
- The client computers must then be reprotected from Enterprise Console.
- On the management server, go to Windows Services and stop and start the Sophos Message Router service.
- If necessary adjust Windows-Firewall configuration on Windows XP or Windows Vista, if activated It will take between ten minutes and one hour for the workstations to be updated with the new policy. Alternatively force the policy on to one or more machines.
- To confirm the change, open a command prompt in Windows and display a list of active connections by running the command:
- Confirm that the server is listening on port 8196.
1The mrinit.conf file is located in the following folder:
- Enterprise Console 4.x: C:\Program Files\Sophos\Enterprise Console\SUM\
- Enterprise Console 5 (upgraded from version 4): C:\Program Files\Sophos\Enterprise Console\SUM\
- Enterprise Console 5 (fresh install): C:\Program Files\Sophos\Enterprise Console\Update Manager\
Note: On 64-bit computers 'Program Files' is 'Program Files (x86)'.
If this is undesirable one of the following alternatives may be used: