Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Terminal Servers with User Profile Disks crash

Hi all,

since a few months we are facing heavy problems with our terminal server (rdsh) in combination with Sophos Intercept X Advanced and user profile disks.
The User Profile Disk (UPDs) are stored on a normal file server and are accessed through a share.

For about 2 years everything was running smoothly and stable. However, since a few months we are facing the problem that out of the blue the users lose the connection to their UPDs and therefore are disconnected from the server. Actually the entire server kind of freezes and we need to reboot it.
After disabling most of the features of Sophos Intercept X the systems went back to normal.
However, a few days ago we re-enabled all the security features and today we had another server crash.

We are not sure which feature is causing the trouble. According to some research on the internet it could be the Sophos hitman.alert.pro feature.

Any help to narrow down the problem would be greatly appreciated.
Btw. all the servers are running Win Server 2019 with all the latest Windows updates and patches.

Thanks in advance!

Kind regards,
Aktuator



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember in reply to Aktuator

    Hi Aktuator,

    You're welcome.

    I'm glad its now working on your end :)

  • bad news....we had another crash today :-(

  • FormerMember
    0 FormerMember in reply to Aktuator

    Hi Aktuator,

    I think this needs to be escalated now.

    How often does the crash happen?

    Here's my recommendation:

    open this KB and follow the instructions on how to setup/get procdump on the machine the next time the crash happens

    support.sophos.com/.../KB-000033914

    After the crash happens, generate SDU logs on the machine.

    Then please contact now our supportline and give them the 2 files (procdump and SDU) so support can escalate the issue.

  • Hi Fernan,

    the servers were already configured to create a complete memory dump when the crash happens. However, the problem is that the dump files never get created.

    I think the reason is that the server doesn't get a BSOD, it is more like all the network connections are disconnected and the server is still running but isolated from the network. It is really a weird problem and feels like a dead end

    Before we installed the hotfix the servers crashed about once or twice a week.

    When we disable most of the Sophos features the servers don't crash anymore.


  • FormerMember
    0 FormerMember in reply to Aktuator

    Hi Aktuator,

    We are running out of options on this case. Please check my reply on this thread 25 days ago on how to assign the affected machine to sophos early access program.

    Try assigning the machine first on the list>save>then do sophos update afterwards then restart the machine. Check if problem would still persist.

    IF problem persist then generate SDU logs on the machine and try to contact our supportline so then can escalate this issue.

    I'm honestly not sure if SDU would be enough as procdump is really needed. Process monitor won't help on this scenario as well as the crash happens randomly.

  • ok, I will do so.

    Thanks again for your support Fernan - appreciated!