Enterprise Console: Fixing a port conflict between Bloomberg applications and Enterprise Console

Issue
If computers appear in the Enterprise Console as unmanaged, and the Windows Event Log shows that the Enterprise Console service is failing to start, it is possible that there is a port conflict between Enterprise Console and a Bloomberg application.

In the past Bloomberg only used port 8194 and this port clashes with Sophos ports.
Now Bloomberg has also reserved port 8195 as a Bloomberg port and so this needs to be changed accordingly (to 8196).

Sophos Product and Version
Enterprise Console

Operating System
Windows

What to do

Note: during this procedure you need to reprotect clients. If this is potentially problematic, e.g. if you have a very large network, alternative ways of managing this are described in the section entitled Reprotecting clients which can be found at the end of this article.

Enterprise Console version 4.x

1. On the management server, click Start|Run... and type regedit to open the Registry.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router.
3. Double click the ImagePath value in the right hand pane and edit the string to change ssl_port value from 8194 to 8196.
   (Note: You only need to change this once on the server.)
4. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router
5. Double click the ServiceArgs value and edit the string to change the ssl port value from 8194 to 8196.
6. Go to the folder C:\Program Files\Sophos\Enterprise Console\SUM and open the file mrinit.conf in a text editor such as Notepad and change the line:
   "ClientSSLPort"=dword:00002002
   to
   "ClientSSLPort"=dword:00002004
7. Copy mrinit.conf (as edited in 6.) to the following locations:
   C:\Program Files\Sophos\Enterprise Console
   C:\Program Files\Sophos\Enterprise Console\SUM
   C:\Program Files\Sophos\Enterprise Console\SUMInstaller
8. On the management server, open Enterprise Console and click Update Managers.
9. Right click on the SUM server and select Update Now, this will update the associated distribution location.
   (To verify the new mrinit.conf file is now available to the endpoints, open the mrinit.conf file in Notepad located here:
   (2003) C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP
   (2008) C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCXP
   Note: The path may vary depending on the update policy assigned to your endpoints.
10. The client computers must then be reprotected from Enterprise Console.
11. On the management server, go to Windows Services and stop and start the Sophos Message Router service.
12. If necessary adjust Windows-Firewall configuration on Windows XP or Windows Vista, if activated It will take between ten minutes and one hour for the workstations to be updated with the new policy. Alternatively force the policy on to one or more machines.
13. To confirm the change, open a command prompt in Windows and display a list of active connections by running the command:
    netstat -a
14. Confirm that the server is listening on port 8196.

Enterprise Console version 3.x

1. On the management server, click Start|Run... and type regedit to open the Registry.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router.
3. Double click the ImagePath value in the right hand pane and edit the string to change ssl_port value from 8194 to 8196. (Note: You only need to change this once on the server.)
4. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System\Router
5. Double click the ServiceArgs value and edit the string to change the ssl_port value from 8194 to 8196 .
6. Go to the folder C:\Program Files\Sophos Enterprise Manager\Library and open the file mrinit.conf in a text editor such as Notepad and change the line:
   "ClientSSLPort"=dword:00002002
to
   "ClientSSLPort"=dword:00002004
7. Update Sophos EM Library manually. Then check that mrinit.conf (as edited in 6.) can be found in every CID (locally in the folder C:\Program Files\Sophos Sweep for NT\ or remotely in \\UpdateServer\Interchk\).
8. The client computers must then be reprotected from Enterprise Console.
9. On the management server, go to Windows Services and stop and start the Sophos Message Router service.
10. If necessary adjust Windows-Firewall configuration on Windows XP or Windows Vista if activated It will take between ten minutes and one hour for the workstations to be updated with the new policy. Alternatively force the policy on to one or more machines.
11. To confirm the change, open a command prompt in Windows and run the command:
    netstat -a
    to list active connections
12. Confirm that the server is listening on port 8196

Reprotecting clients

If this is undesirable one of the following alternatives may be used:

• For a small number of computers, see Sophos Anti-Virus for Windows: changing port 8194 on a managed client computer
• For a large number of computers, you could update the CID the clients point to with a custom mrinit.conf file in the CID, in a similar way as you would create a Message Relay. (Note that in this article they are just changing the port numbers and not changing the parentaddress.)