Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Security log - 529 -Sophos_AU_Client

Posted on 2008-10-26
6
Medium Priority
?
1,302 Views
Last Modified: 2012-05-05
Hi,
After un-installing Sophos security centre on my small business server I am receiving hundreds of errors:

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Sophos_AU_Client
       Domain:            Server-Name
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      Server-Name
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      127.0.0.1
       Source Port:      0

I have checked this link http://www.sophos.com/support/knowledgebase/article/14567.html but because I uninstalled the program the registry entries are not there. Also none of my client computers have there sophos settings pointing to my server. Any ideas?
0
Comment
Question by:Dan560
  • 4
  • 2
6 Comments
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 22810950
It looks like the server itself tries to log on with  the username Sophos_AU_Client. So check if the uninstall left a Sophos service running on your server...
0
 
LVL 2

Author Comment

by:Dan560
ID: 22811052
Nothing seems be there that shouldnt be.
I have puremessage and sophos anti Virus. The following services are running:

Sophos agent
Sophos Anti-Virus
anti-virus status reported
sophos auto-update servic
sophos message router
puremessage
puremessage runing object table
puremessage scanner
puremessage web agent

0
 
LVL 2

Author Comment

by:Dan560
ID: 22811063
Ok  I have figured it out. Sophos AV auto-date settings are pointing to \\server\sophos\sav...(this was created by the security console) and is using sophos_AU_Client as its username. but when I try to remove update details its all greyed out  :(
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:Dan560
ID: 22820027
I'm not sure whether I should open another question because I fixed the above issue by reinstalling sophos anti virus, but now after I did this the following automatic service will not start
 : Sophos message router
Could not start the Sophos message router service on the local computer
error 1053:the service did not respond to the start or control request in timely fasion.

Do you think you could help? I have restarted the server twice but that didnt seem to fix it.
0
 
LVL 29

Accepted Solution

by:
Michael Pfister earned 2000 total points
ID: 22820061
It seems the entire Sophos installation is messed up...

Have a look at this Sophos KB article:

http://www.sophos.com/support/knowledgebase/article/14449.html

But I believe it might be better to call Sophos support. Or you can open a new question and find someone who has a similiar Sophos installation that you can compare to.
0
 
LVL 2

Author Comment

by:Dan560
ID: 22820366
Thanks,calling Sophos was the correct thing to do, basically I needed to uninstall Sophos remote management, this was a bit of an obvious thing to do, after the uninstall it the sophos message router automatically disabled, it was also recommended that I re-install Sophos Anti-Virus.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Screencast - Getting to Know the Pipeline
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses
Course of the Month15 days, 15 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question