Solved

Security log - 529 -Sophos_AU_Client

Posted on 2008-10-26
6
1,286 Views
Last Modified: 2012-05-05
Hi,
After un-installing Sophos security centre on my small business server I am receiving hundreds of errors:

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Sophos_AU_Client
       Domain:            Server-Name
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      Server-Name
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      127.0.0.1
       Source Port:      0

I have checked this link http://www.sophos.com/support/knowledgebase/article/14567.html but because I uninstalled the program the registry entries are not there. Also none of my client computers have there sophos settings pointing to my server. Any ideas?
0
Comment
Question by:Dan560
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 22810950
It looks like the server itself tries to log on with  the username Sophos_AU_Client. So check if the uninstall left a Sophos service running on your server...
0
 
LVL 2

Author Comment

by:Dan560
ID: 22811052
Nothing seems be there that shouldnt be.
I have puremessage and sophos anti Virus. The following services are running:

Sophos agent
Sophos Anti-Virus
anti-virus status reported
sophos auto-update servic
sophos message router
puremessage
puremessage runing object table
puremessage scanner
puremessage web agent

0
 
LVL 2

Author Comment

by:Dan560
ID: 22811063
Ok  I have figured it out. Sophos AV auto-date settings are pointing to \\server\sophos\sav...(this was created by the security console) and is using sophos_AU_Client as its username. but when I try to remove update details its all greyed out  :(
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:Dan560
ID: 22820027
I'm not sure whether I should open another question because I fixed the above issue by reinstalling sophos anti virus, but now after I did this the following automatic service will not start
 : Sophos message router
Could not start the Sophos message router service on the local computer
error 1053:the service did not respond to the start or control request in timely fasion.

Do you think you could help? I have restarted the server twice but that didnt seem to fix it.
0
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 500 total points
ID: 22820061
It seems the entire Sophos installation is messed up...

Have a look at this Sophos KB article:

http://www.sophos.com/support/knowledgebase/article/14449.html

But I believe it might be better to call Sophos support. Or you can open a new question and find someone who has a similiar Sophos installation that you can compare to.
0
 
LVL 2

Author Comment

by:Dan560
ID: 22820366
Thanks,calling Sophos was the correct thing to do, basically I needed to uninstall Sophos remote management, this was a bit of an obvious thing to do, after the uninstall it the sophos message router automatically disabled, it was also recommended that I re-install Sophos Anti-Virus.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question