?
Solved

Security log - 529 -Sophos_AU_Client

Posted on 2008-10-26
6
Medium Priority
?
1,293 Views
Last Modified: 2012-05-05
Hi,
After un-installing Sophos security centre on my small business server I am receiving hundreds of errors:

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Sophos_AU_Client
       Domain:            Server-Name
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      Server-Name
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      127.0.0.1
       Source Port:      0

I have checked this link http://www.sophos.com/support/knowledgebase/article/14567.html but because I uninstalled the program the registry entries are not there. Also none of my client computers have there sophos settings pointing to my server. Any ideas?
0
Comment
Question by:Dan560
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 22810950
It looks like the server itself tries to log on with  the username Sophos_AU_Client. So check if the uninstall left a Sophos service running on your server...
0
 
LVL 2

Author Comment

by:Dan560
ID: 22811052
Nothing seems be there that shouldnt be.
I have puremessage and sophos anti Virus. The following services are running:

Sophos agent
Sophos Anti-Virus
anti-virus status reported
sophos auto-update servic
sophos message router
puremessage
puremessage runing object table
puremessage scanner
puremessage web agent

0
 
LVL 2

Author Comment

by:Dan560
ID: 22811063
Ok  I have figured it out. Sophos AV auto-date settings are pointing to \\server\sophos\sav...(this was created by the security console) and is using sophos_AU_Client as its username. but when I try to remove update details its all greyed out  :(
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 2

Author Comment

by:Dan560
ID: 22820027
I'm not sure whether I should open another question because I fixed the above issue by reinstalling sophos anti virus, but now after I did this the following automatic service will not start
 : Sophos message router
Could not start the Sophos message router service on the local computer
error 1053:the service did not respond to the start or control request in timely fasion.

Do you think you could help? I have restarted the server twice but that didnt seem to fix it.
0
 
LVL 29

Accepted Solution

by:
Michael Pfister earned 2000 total points
ID: 22820061
It seems the entire Sophos installation is messed up...

Have a look at this Sophos KB article:

http://www.sophos.com/support/knowledgebase/article/14449.html

But I believe it might be better to call Sophos support. Or you can open a new question and find someone who has a similiar Sophos installation that you can compare to.
0
 
LVL 2

Author Comment

by:Dan560
ID: 22820366
Thanks,calling Sophos was the correct thing to do, basically I needed to uninstall Sophos remote management, this was a bit of an obvious thing to do, after the uninstall it the sophos message router automatically disabled, it was also recommended that I re-install Sophos Anti-Virus.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question