Solved

Security log - 529 -Sophos_AU_Client

Posted on 2008-10-26
6
1,280 Views
Last Modified: 2012-05-05
Hi,
After un-installing Sophos security centre on my small business server I am receiving hundreds of errors:

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Sophos_AU_Client
       Domain:            Server-Name
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      Server-Name
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      127.0.0.1
       Source Port:      0

I have checked this link http://www.sophos.com/support/knowledgebase/article/14567.html but because I uninstalled the program the registry entries are not there. Also none of my client computers have there sophos settings pointing to my server. Any ideas?
0
Comment
Question by:Dan560
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 28

Expert Comment

by:Michael Pfister
ID: 22810950
It looks like the server itself tries to log on with  the username Sophos_AU_Client. So check if the uninstall left a Sophos service running on your server...
0
 
LVL 2

Author Comment

by:Dan560
ID: 22811052
Nothing seems be there that shouldnt be.
I have puremessage and sophos anti Virus. The following services are running:

Sophos agent
Sophos Anti-Virus
anti-virus status reported
sophos auto-update servic
sophos message router
puremessage
puremessage runing object table
puremessage scanner
puremessage web agent

0
 
LVL 2

Author Comment

by:Dan560
ID: 22811063
Ok  I have figured it out. Sophos AV auto-date settings are pointing to \\server\sophos\sav...(this was created by the security console) and is using sophos_AU_Client as its username. but when I try to remove update details its all greyed out  :(
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:Dan560
ID: 22820027
I'm not sure whether I should open another question because I fixed the above issue by reinstalling sophos anti virus, but now after I did this the following automatic service will not start
 : Sophos message router
Could not start the Sophos message router service on the local computer
error 1053:the service did not respond to the start or control request in timely fasion.

Do you think you could help? I have restarted the server twice but that didnt seem to fix it.
0
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 500 total points
ID: 22820061
It seems the entire Sophos installation is messed up...

Have a look at this Sophos KB article:

http://www.sophos.com/support/knowledgebase/article/14449.html

But I believe it might be better to call Sophos support. Or you can open a new question and find someone who has a similiar Sophos installation that you can compare to.
0
 
LVL 2

Author Comment

by:Dan560
ID: 22820366
Thanks,calling Sophos was the correct thing to do, basically I needed to uninstall Sophos remote management, this was a bit of an obvious thing to do, after the uninstall it the sophos message router automatically disabled, it was also recommended that I re-install Sophos Anti-Virus.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question