Troubleshooting Sophos Management Communication issues managed by Sophos Cloud

  • ID de l'article 119638
  • Mis à jour : 24 oct. 2013

This article explains how to troubleshoot the most common problems which can occur with the Sophos Management Communication System used with SophosCloud Managed installer.

Known to apply to the following Sophos product(s) and version(s)

Sophos Cloud Managed Endpoint
Sophos Cloud

What To Do

New Installation of Sophos Cloud Managed Endpoint installer Existing Sophos Cloud Managed Endpoint installation.

New Installation of Sophos Cloud Managed Endpoint installer.

Step 1 Checking Internet Connection.

When the Sophos Cloud installer is run on the endpoint at Step 1 of the installation process, a check is made to make sure there is an Internet Connection.

.  

An Internet Connection is required so the endpoint can register and communicate with SophosCloud, then download and update as part of the installation.

If you encountered issues at this stage where no Internet Connection is found, try the following:

  1. Confirm the endpoint can access the Internet by browsing a website successfully.  The Installer will attempt to connect to: http://dci.sophosupd.com.
  2. If the endpoint is using a proxy to connect to the Internet see the proxy article.

Step 5 Registering with the server

At Step 5 of the installation process the endpoint will attempt to register using Sophos Management Communication to the Sophos Cloud broker.

 

A symptom of the Endpoint failing to register is that primary update location shows no configured address or username/password details (to check open Sophos Endpoint Security and Control and click on 'Configure Updating'). Example:

If there is an issue with the registration, try the following:

Checking Firewall access

  • Confirm there is no firewall blocking access to Port 443 - HTTPS

Access to Sophos Cloud broker

  • First we need to establish which Sophos Live Connect address the endpoint is trying to connect to and whether the computer can access this location. To identify the address check the config.xml located in the following location:

    • Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Management Communications System\Endpoint\Config\
    • Windows Vista and above: C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\

    Open the config.xml with notepad and verify the server address listed. The address will look something like: mcs-amzn-eu-west-1-b844.upe.p.hmr.sophos.com/sophos/management/ep/.)

    We need to confirm whether the endpoint can access the address listed in the config.xml by checking following:

  1. Can you run an nslookup successfully against the address like mcs-amzn-eu-west-1-b844.upe.p.hmr.sophos.com?
  2. If you copy the address within the config.xml like mcs-amzn-eu-west-1-b844.upe.p.hmr.sophos.com/sophos/management/ep/into a web browser and try to access the location. Is this successful?

    If successful you receive an ouput showing the following:

<?xml version="1.0" ?>
<ns:server xmlns:ns="http://www.sophos.com/xml/mcs/server" schemaVersion="1.0" preferredProtocolVersion="1.0" /> 

Checking Log Files

  1. See the following article for the Sophos Cloud installer logs files.
  2. Then check the log files of Sophos Management Communication System for errors.

Existing Sophos Cloud Managed Endpoint installation.

Symptoms of a communication issue.

If an endpoint is online and connected to the Internet but shows an incorrect 'Online' time within the Sophos Cloud 'Reports' section for 'Computers' and 'Users', this indicates there is likely to be an issue with Sophos Management Communication System (MCS) communicating to the Sophos Cloud Broker.

In this example the endpoint shows it was online 5 days ago, however the endpoint is online and connected to the Internet currently. (Click to enlarge)


If you have an existing installation of the Sophos Cloud Managed endpoint installed, which was working but is now experiencing issues with communication to the Sophos Cloud. try the following:

Checking Log Files

  1. Then check the log files of Sophos Management Communication System for errors.

    Within the MCSClient.log you may see a similar warning message if there are issues with communication:

    2013-07-17T15:25:58.929Z [ 2664] INFO  CommandHandler::GetCommands About to send the request to the server.
    2013-07-17T15:25:58.929Z [ 2664] INFO  HttpServerImpl::SendRequest The HTTP request was initiated successfully.
    2013-07-17T15:25:58.976Z [ 4072] INFO  HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 0.
    2013-07-17T15:25:58.976Z [ 4072] INFO  CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 0.


    Note: If the HTTP result code is anything apart from 200 this indicates an unsuccessful connection.

    An example of a successful connection:

    2013-07-22T07:32:28.118Z [ 3868] INFO  CommandHandler::GetCommands About to send the request to the server.
    2013-07-22T07:32:28.118Z [ 3868] INFO  HttpServerImpl::SendRequest The HTTP request was initiated successfully.
    2013-07-22T07:32:28.212Z [ 1744] INFO  HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 200.
    2013-07-22T07:32:28.212Z [ 1744] INFO  CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 200.


  2. Confirm whether there has been any proxy changes to the endpoint which could be impacting on the communication.
  3. Confirm there is no firewall blocking access to Port 443 - HTTPS for this endpoint(s)
  4. Try restarting the MCS Client and MCS Agent services, within the services.msc. Then Confirm if there are any changes in the MCS logs for this endpoint.
  5. If the MCS logs show the latest events as HTTP result code 200 and the endpoint(s) 'Online' time is incorrect in Sophos Cloud reports section, then enable message trail logging to see what messages are being sent to Sophos Cloud.

 
Si vous avez besoin de plus d'informations ou d'instructions, veuillez contacter le support technique.

Évaluez cet article

Très mauvais Excellent

Commentaires