This article explains what the Envelopes folder is used for and some causes for the buildup of files within it.
Applies to the following Sophos product(s)
Sophos Endpoint Security and Control
What is the Envelopes folder?
The Sophos Remote Management System is used for communication between endpoint computers and the management server. The Envelopes folder is a staging location for messages that are pending delivery to the Sophos Enterprise Console or endpoint computers. The message files may contain policy changes or status notifications, event or alert notifications, or the update status of the endpoint. They can also contain commands for the endpoint to carry out, such as to Update Now or to perform a full system scan.
By default, the Envelopes folder is located in the following location:
\ProgramData\Sophos\Remote Management System\3\Router\Envelopes\
\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Router\
If the communication between the endpoint computers and the management server is working correctly there should be very few, or even zero, message files (.MSG) in the folder. The number of pending messages can vary though, and a number of variables can affect how many messages are stored in this location. Messages can also be generated for disconnected or retired endpoints. Depending on the time-to-live (TTL) of the message, these may remain in the Envelopes directory for up to 2 weeks.
The presence of .MSG files in the Envelopes folder in itself does not represent a problem. However, if there are a large number of .MSG files (large defined as 3x's the number of managed endpoints or more) this could indicate a problem that needs to be addressed. Deleting the .MSG files generally only addresses the symptom and does not address the cause, so this should be avoided whenever possible.
The first step to re-mediate a message delivery issue is by restarting the Sophos services.
- First, close any Sophos Enterprise Console sessions that are open
- Then click Start | Run and type
- Scroll down to the Sophos services and stop the following services:
- Sophos Management Service
- Sophos Certification Manager
- Sophos Message Router
- Restart the services in the reverse order.
It may take a few minutes for the message count to start decreasing. If the issue is not resolved, please see below for more information on what to check.
Message buildup due to insufficient resources
Message buildup in the Envelopes directory may occur if the server does not have sufficient memory, processor, or disk I/O resources available. Below are some scenarios to consider:
- Too many endpoints reporting directly to the Sophos Enterprise Console. Sophos recommends using Message Relays whenever the managed endpoint count exceeds 5000 endpoints (4000 when using Windows 2008 servers).
- Frequent use of the
Comply With | All Group Policies option on large numbers of endpoints within Sophos Enterprise Console.
- Virtual Machine over-commitment. Over-committing memory, processor and disk I/O can lead to poor system performance.
Windows Firewall is enabled
If the Windows Firewall is enabled but not configured for use with the Remote Management System this may cause a delay in message delivery. See article 12340 for directions on configuring the Windows Firewall to avoid this.
Insufficient disk space on the boot volume (typically C:\)
In some situations where the boot volume is a small partition on the drive, it may be desirable to move the Envelopes directory to a different location. See article 113040 for directions on how to do this.
Endpoints show an Up To Date status of Unknown:
This is typically not related to a MSG buildup in the Envelopes folder. To investigate this further, see article 112127.
If the information in this article has not helped resolved the issue, please contact Technical Support for further assistance.