This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Install Sophos EDR, requestion full version

I am trying to install Sophos in some remote sites which is protected by Sophos XG. While it is working on some sites, I am unable to install on most of the sites.

I already added the following to allow FW rule but it seems it doesnt connect to Sophos Central on those sites.

 

I tried SophosInstall.exe with command and even with the message relay server. The Device register but most of the components don't install and always show red.

SophosSetup.exe --quiet --messagerelays=[IP address]:8190

The recommendation as always to install and use SophosSetup.exe which is not working and it is not what I want

I created a rule and added the following to the allowed list:

*.sophos.com
az416426.vo.msecnd.net
dc.services.visualstudio.com
*.cloudfront.net
*.sophosupd.com
*.sophosupd.net
*.sophosxl.net
*.globalsign.com
*.s3.amazonaws.com

 

 

But even with this, it doesnt work sometimes as per logs:

 

2020-02-09T13:23:26.2928848Z INFO : Stage 1 command-line options:
2020-02-09T13:23:26.2928848Z INFO : ---
2020-02-09T13:23:26.2928848Z INFO : Quiet mode on: 1
2020-02-09T13:23:26.2928848Z INFO : Automatic Proxy detection disabled: 0
2020-02-09T13:23:26.2928848Z INFO : No feedback mode on: 0
2020-02-09T13:23:26.2928848Z INFO : Dump feedback enabled: 0
2020-02-09T13:23:26.2928848Z INFO : Bypass competitor removal: 0
2020-02-09T13:23:26.2928848Z INFO : Using CRT catalog file path: --
2020-02-09T13:23:26.2928848Z INFO : Only register endpoint with Central: 0
2020-02-09T13:23:26.2928848Z INFO : Log messages between endpoint and Central: 0
2020-02-09T13:23:26.2928848Z INFO : Log command-line passed to executables: 0
2020-02-09T13:23:26.2928848Z INFO : Using custom server that hosts the installer stage2 filename : --
2020-02-09T13:23:26.2928848Z INFO : Using cloud group: --
2020-02-09T13:23:26.2928848Z INFO : Overriding computer name: --
2020-02-09T13:23:26.2928848Z INFO : Overriding computer description: --
2020-02-09T13:23:26.2928848Z INFO : Overriding domain name: --
2020-02-09T13:23:26.2928848Z INFO : Language will be set to: --
2020-02-09T13:23:26.2928848Z INFO : Using message relays: --
2020-02-09T13:23:26.2928848Z INFO : Proxy address: --
2020-02-09T13:23:26.2928848Z INFO : Proxy user name: --
2020-02-09T13:23:26.2928848Z INFO : Using custom customer token: --
2020-02-09T13:23:26.2928848Z INFO : Using specified products: --
2020-02-09T13:23:26.2928848Z INFO : Using certificates from the MCS app data folder.: 0
2020-02-09T13:23:26.2928848Z INFO : Using custom customer ID.: --
2020-02-09T13:23:26.2928848Z INFO : Using specified user ID.: --
2020-02-09T13:23:26.2928848Z INFO : Using local install source.: --
2020-02-09T13:23:26.2928848Z INFO : ---
2020-02-09T13:23:26.2928848Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/a95228bc-e837-4f9f-b916-8428a5478ce8
2020-02-09T13:23:26.2928848Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-02-09T13:23:26.2928848Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-02-09T13:23:26.2928848Z INFO : Set security protocol: 00000800
2020-02-09T13:23:26.2928848Z INFO : Opening connection to dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com
2020-02-09T13:23:26.2928848Z INFO : Request content size: 31
2020-02-09T13:23:33.2131135Z INFO : Sending request
2020-02-09T13:23:33.2131135Z INFO : Request sent
2020-02-09T13:23:35.0878104Z INFO : Sending request
2020-02-09T13:23:35.0878104Z INFO : Request sent
2020-02-09T13:23:35.0878104Z INFO : Response status code: 200
2020-02-09T13:23:35.0878104Z INFO : Response data size: 175
2020-02-09T13:23:35.0878104Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-02-09T13:23:35.0878104Z INFO : Parsing message received for Stage 2 filename: '{"mcs_server":"dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com","stage2_filename":"stage2-1.6.1112.0-7c172ee33a33004f58c51d634349303caf768675a278b74bb1e9d5acde4f3f87.tar.gz"}'
2020-02-09T13:23:35.0878104Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/stage2-1.6.1112.0-7c172ee33a33004f58c51d634349303caf768675a278b74bb1e9d5acde4f3f87.tar.gz
2020-02-09T13:23:35.0878104Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-02-09T13:23:35.1032407Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-02-09T13:23:35.1032407Z INFO : Set security protocol: 00000800
2020-02-09T13:23:35.1032407Z INFO : Opening connection to downloads.sophos.com
2020-02-09T13:23:35.1032407Z INFO : Request content size: 0
2020-02-09T13:23:48.8191632Z INFO : Sending request
2020-02-09T13:23:48.8191632Z INFO : Request sent
2020-02-09T13:25:08.5917154Z INFO : Response status code: 200
2020-02-09T13:25:08.5917154Z INFO : Response data size: 1745182
2020-02-09T13:25:08.5917154Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
2020-02-09T13:25:08.5917154Z INFO : Extracting files:
2020-02-09T13:25:08.5917154Z INFO : integrity.dat
2020-02-09T13:25:08.5917154Z INFO : manifest.dat
2020-02-09T13:25:08.6071749Z INFO : rootca.crl
2020-02-09T13:25:08.6071749Z INFO : rootca.crt
2020-02-09T13:25:08.6071749Z INFO : scf.dat
2020-02-09T13:25:08.6071749Z INFO : sof.dat
2020-02-09T13:25:08.6071749Z INFO : SophosSetup_Stage2.exe
2020-02-09T13:25:08.6384154Z INFO : sul.dll
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca1.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca1.crt
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca2.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca2.crt
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca3.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca3.crt
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca4.crl
2020-02-09T13:25:08.6540387Z INFO : Management Certs/sophosca4.crt
2020-02-09T13:25:08.7009033Z INFO : Running setup.
Started C:\Program Files (x86)\Sophos\CloudInstaller\SophosSetup_Stage2.exe
2020-02-09T13:25:08.8727058Z INFO : Stage 2 command-line options:
2020-02-09T13:25:08.8727058Z INFO : ---
2020-02-09T13:25:08.8727058Z INFO : Parent PID: 10560
2020-02-09T13:25:08.8727058Z INFO : Server: dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com
2020-02-09T13:25:08.8727058Z INFO : Message relays: --
2020-02-09T13:25:08.8727058Z INFO : Suppressing feedback: 0
2020-02-09T13:25:08.8727058Z INFO : Dump feedback to disk: 0
2020-02-09T13:25:08.8727058Z INFO : Register only: 0
2020-02-09T13:25:08.8727058Z INFO : Trail logging: 0
2020-02-09T13:25:08.8727058Z INFO : Command-line logging: 0
2020-02-09T13:25:08.8727058Z INFO : Bypassing competitor removal: 0
2020-02-09T13:25:08.8727058Z INFO : CRT catalog: --
2020-02-09T13:25:08.8727058Z INFO : Language: --
2020-02-09T13:25:08.8727058Z INFO : Log files: C:\\ProgramData\\Sophos\\CloudInstaller\\Logs\\SophosCloudInstaller_20200209_132326.log
2020-02-09T13:25:08.8727058Z INFO : Group: --
2020-02-09T13:25:08.8727058Z INFO : Quiet: 1
2020-02-09T13:25:08.8727058Z INFO : Virtual appliance: 0
2020-02-09T13:25:08.8727058Z INFO : Proxy address: --
2020-02-09T13:25:08.8727058Z INFO : Proxy user: --
2020-02-09T13:25:08.8727058Z INFO : Overriding computer name: --
2020-02-09T13:25:08.8727058Z INFO : Overriding computer description: --
2020-02-09T13:25:08.8727058Z INFO : Overriding domain: --
2020-02-09T13:25:08.8727058Z INFO : Disable proxy detection: 0
2020-02-09T13:25:08.8727058Z INFO : Customer Token Specified: a95228bc-e837-4f9f-b916-8428a5478ce8
2020-02-09T13:25:08.8727058Z INFO : Products: all
2020-02-09T13:25:08.8727058Z INFO : Pipe write handle: 1848
2020-02-09T13:25:08.8727058Z INFO : MCS Certificates Folder: 0
2020-02-09T13:25:08.8727058Z INFO : MCS Customer Id: b4408ca6-f137-a4a5-c991-548e9f96e0d8
2020-02-09T13:25:08.8727058Z INFO : User Id: --
2020-02-09T13:25:08.8727058Z INFO : Local install source: --
2020-02-09T13:25:08.8727058Z INFO : Partner Id: --
2020-02-09T13:25:08.8727058Z INFO : Customer Estate Id: --
2020-02-09T13:25:08.8727058Z INFO : ---
2020-02-09T13:25:08.8727058Z ERROR : Stage 2 error: CoInitialize failed: 0x80070008
2020-02-09T13:25:08.8883269Z INFO : Cleaning up extracted files
2020-02-09T13:25:10.7316351Z ERROR : Exception: ReadFile failed: 109



This thread was automatically locked due to age.
Parents Reply Children
  • FormerMember
    0 FormerMember in reply to Support ZMI

    Yes, the Central Install has to reach out to our Servers at least once. You can do that on one endpoint that copy the AutoUpdate folder and use that as a local install source for future installs. However, the AutoUpdate function will keep reaching out to get updates from us - so if the initial install is failing then there is concerns future updates will as well. 

    It is better to setup and Update Cache in the local network that 100% has the correct access out.

     

    From there, the other endpoints can update from it later.