Sophos SUM: SUM core daemon not running – restarted

When using Sophos UTM manager (SUM) to manage your UTM’s, you will find that it is a brilliant tool for central backup’s and firmware upgrades among other things.

Suddenly I kept getting theese mails at work:

“[INFO-132] SUM core daemon not running – restarted”

After some debugging at the SUM, I looked in the SUM Core logsfiles, I found this:

2020:10:10-00:00:00 sum accd: 6867436 [0xdc9dfb70] WARN server.device.DeviceCache null – DeviceCache::login() device is already connected 251[device;guid:<guid obfuscated for blog post);ip:<IP obfuscated for blog post)]
2020:10:10-00:00:00 sum accd: 6867436 [0xde9e3b70] WARN server.device.DeviceSession null – DeviceSession::clear() IO error during recv [device;guid:<guid obfuscated for blog post);ip:<IP obfuscated for blog post)]
2020:10:10-00:00:00 sum accd: 6867436 [0xea9fbb70] ERROR libs.io.Session null – send attempted after previous error [device;guid:<guid obfuscated for blog post);ip:<IP obfuscated for blog post)]
2020:10:10-00:00:00 sum accd: 6867436 [0xea9fbb70] WARN server.device.DeviceSession null – DeviceSession::clear() IO error during sendDone [device;guid:<guid obfuscated for blog post);ip:<IP obfuscated for blog post)]

So it looks like there are more than on UTM connected to this SUM with same GUID, no good!

This can happen if you import a backup to a new UTM device but did not take down the first one.

How to solve?

  1. Connect to the device not allowed to connect – in other words, connect to the IP above from the log file (obfuscated)
  2. Enable SSH
  3. Run this: rm -f /etc/guid
  4. And this: /var/mdw/scripts/nextgen-agent restart (restarting the next-gen agent will recreate a new guid for the one obove, that was deleted)
  5. Next you will find that this blocked device will now show up in SUM
  6. Case closed 🙂

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close