Install: Failed (Reason: Unexpected Error.....)

Hello Mj,

Thank you for reaching us. based on the logs you've shared, You need to update the certificates on those affected machines by following the steps in this Article and ensuring that all Sophos domains and ports are already open.

We have 5,500 endpoints to deploy Intercept X on. All of them coming from another endpoint protection vendor. They haven't had Sophos installed before.

Is there a way to deploy the agent with up to date certs already in the package? I'm not liking the idea of having to do this 5,500 times either manually or trying to come up with some kind of script.

-Mike

Hi MJ, 

Thank you for sharing the info. I would like to ask what method of deployment you use on deploying the endpoint to your environment.
Is it via SCCM or Via GPO? Do you have any proxy on your environment? In order to further analyze and Isolate the issue that you're currently facing. I would also like to ask if you could collect SDU logs for at least 2-3 systems and create a case ID then share it with me via DM. 

DM sent.

-Mike

Hello MJ,

We raised the concern to our internal team and below was the advice. 

- confirm version of Sophos plug in (1.0.0.134 is the latest) Though we expectign that you are on that version since you just starting out/recently but it is important to confirm.
- Check version of Automate used - there is a known automate issue specific to version 2021.10 that can interfere with script scheduling (sophos plug in runs scripts to get updated data). If you are on 2021.10 - You need to upgrade Automate first.
- Check if systems in question show 'online' within Automate itself (they should, but its important to confirm that first). eg. if the automate system sees the endpoint(s) as offline, then the sophos plugin will not be able to get an update on its status (note this is the 'automate' online, and not the 'central' online.

- Once confirmed systems are 'online' in automate re trigger the 'sophos auto register script'
Go to: Automation -> Monitors -> Internal Monitors
In Internal Monitors search for “Sophos - Auto-Register”
Now right click on “Sophos - Auto-Register” and click on “Run Now”
Wait 30 minutes to see if any changes in their status

- If that does not change their status in our plug in - find one system that is still online to use an example and
From the Computers tab of Sophos Plug in - select that system and select button 'deploy' Sophos again to it (sophos is already installed, so it will try to map it with the endpoint if it is not)

- If that works, then you can choose to do that on the other ones, or we can provide separate steps to delete and re-add sophos scripts to see if this will resolve all of them

If none of those options work above, or you wish to go the route of further investigation, let us know and we'll re-raise this to our internal team.

Hello MJ,

We raised the concern to our internal team and below was the advice. 

- confirm version of Sophos plug in (1.0.0.134 is the latest) Though we expectign that you are on that version since you just starting out/recently but it is important to confirm.
- Check version of Automate used - there is a known automate issue specific to version 2021.10 that can interfere with script scheduling (sophos plug in runs scripts to get updated data). If you are on 2021.10 - You need to upgrade Automate first.
- Check if systems in question show 'online' within Automate itself (they should, but its important to confirm that first). eg. if the automate system sees the endpoint(s) as offline, then the sophos plugin will not be able to get an update on its status (note this is the 'automate' online, and not the 'central' online.

- Once confirmed systems are 'online' in automate re trigger the 'sophos auto register script'
Go to: Automation -> Monitors -> Internal Monitors
In Internal Monitors search for “Sophos - Auto-Register”
Now right click on “Sophos - Auto-Register” and click on “Run Now”
Wait 30 minutes to see if any changes in their status

- If that does not change their status in our plug in - find one system that is still online to use an example and
From the Computers tab of Sophos Plug in - select that system and select button 'deploy' Sophos again to it (sophos is already installed, so it will try to map it with the endpoint if it is not)

- If that works, then you can choose to do that on the other ones, or we can provide separate steps to delete and re-add sophos scripts to see if this will resolve all of them

If none of those options work above, or you wish to go the route of further investigation, let us know and we'll re-raise this to our internal team.