Hi, for years we have been using the Enduser Protection. Since a week we've changed to Intercept X via Sophos Central. I checked the page they are suggesting about installations: https://support.sophos.com/support/s/article/KB-000034831?language=en_US
I'm trying to set up a GPO like in this page, but it seems that it doesn't install because the old one is still present. Can I add the uninstallation part in the script, and won't this pose any problem as I thought you need to restart before you can install the new one. Or am I missing something?
Hi, no I don't get any prompt for credentials. Concerning the proxy I need to check, but normally we should have a direct connection.
Hi Jo Vanattenhoven
Could you please Open a web browser and enter the following three addresses into the address box. If a successful connection is made you will see the message "it works - authed", "Connection Successful" or "it works".
Please check this article for the initial checks while using the Sophos Central Migration tool.
Hope Jo doesn't mind me posting my results but all 3 sites give results as per below for d2:
Sophos d2 Site - hosted on Akamai
The 'reason for error' column does not seem to contain specific error message reported.
Hi Sean Rodgerson
Could you please under c:\windows\temp for the logs as mentioned here and see if you get any specific error.
Sorry if excessive post but grateful for assistance.
Most of the time log only shows:
[Begin]2020-11-18T10:30:18.461Z  WARN AppViewModel.IsLaunchable Sophos Central Migration Tool is unable to start. Unable to connect to Sophos Central.
Do you want to view knowledgebase article 122503 for more information?2020-11-18T10:30:18.711Z  ERROR App.App_OnStartup Initialize failed. Reason: Sophos Central Migration Tool is unable to start. Unable to connect to Sophos Central.
Do you want to view knowledgebase article 122503 for more information?
But found one occasion this morning when I got this:
2020-11-18T10:31:18.082Z  INFO RulesDownloader.RequestSucceeded Migration rules request succeeded.2020-11-18T10:31:18.940Z  WARN HttpHelper.LogExceptionAndGetStatus Cloud to SEC feature mapping request failed with status: SendFailure. Details: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Receive(Byte buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.TlsStream.CallProcessAuthentication(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace ---
Server stack trace: at System.Net.HttpWebRequest.GetResponse() at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object args, Object server, Object& outArgs) at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at : at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase) at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData) at System.Func`1.EndInvoke(IAsyncResult result) at Sophos.CloudMigration.Cloud.HttpHelper.GetCancellableResponse(HttpWebRequest request, CancellationToken token) at Sophos.CloudMigration.Cloud.FeaturesDataDownloader.GetFeatureMappings(ISessionHandler sessionHandler, String featureMappingsPath)2020-11-18T10:31:18.940Z  ERROR HttpHelper.DoOperationAndRetryIfTooManyRequests Central API call exception: Central API call failed. Status: CannotConnect2020-11-18T10:31:18.940Z  ERROR MigrationCoordinator.UpdateAvailableCloudFeatures Failed to update available Central features list. Endpoint migration ability may not be accurate or up-to-date.2020-11-18T10:32:03.939Z  INFO App.App_OnStartup Shutting down...2020-11-18T10:32:04.039Z  INFO App.App_OnExit On exit has been called...2020-11-18T10:32:06.084Z  INFO Background.Continuation Background task was successfully cancelled.2020-11-18T10:32:06.084Z  INFO Background.Continuation Background task was successfully cancelled.2020-11-18T10:32:06.113Z  INFO Background.Continuation Background task was successfully cancelled.[End]
hmm, either there is an exception in the local stack or you are getting rst from the server. Can you do a wireshark and see what traffic you are getting back from the server. If the data is getting out and you get data back with a RST packet - we need to see why.
Are you running this on the SEC server?
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Same issue here, also on a Server W2k8R2 excatly same logs. connection-test to all host was sucessfully. Server is running the SEC. Server is a VMWare Machine.