This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Install: Failed (Reason: Unexpected Error.....)

We are beginning a deployment of Intercept X Advanced using our RMM, ConnectWise Automate.

I deployed to 41 endpoints for one customer via Automate. 31 came back with the error like the subject line advising me to check the log file on the endpoint at C:\ProgramData\Sophos\CloudInstaller\Logs. Near the end of the single log file in that folder I see some certificate errors, but other than that Intercept X is installed and working just fine. All services are running. All green lights in Sophos Central for one of the endpoints I checked.

I attached a screenshot of what it looks like in the Automate plugin.

Here is the text of the error message I found in that log file:

2022-03-16T00:57:39.2713019Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2022-03-16T00:57:39.2742943Z INFO : Subject certificate failed validation against root CA: SophosCA1
2022-03-16T00:57:39.2742943Z INFO : Subject certificate failed validation against root CA: SophosCA2
2022-03-16T00:57:39.2762883Z INFO : Certificate check succeeded

Does anyone know why it is reporting as failed in the plugin when it shows as successfully installed?

-Mike



This thread was automatically locked due to age.
Parents
  • Hello Mj,

    Thank you for reaching us. based on the logs you've shared, You need to update the certificates on those affected machines by following the steps in this Article and ensuring that all Sophos domains and ports are already open.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • We have 5,500 endpoints to deploy Intercept X on. All of them coming from another endpoint protection vendor. They haven't had Sophos installed before.

    Is there a way to deploy the agent with up to date certs already in the package? I'm not liking the idea of having to do this 5,500 times either manually or trying to come up with some kind of script.

    -Mike

  • Hi MJ, 

    Thank you for sharing the info. I would like to ask what method of deployment you use on deploying the endpoint to your environment.
    Is it via SCCM or Via GPO? Do you have any proxy on your environment? In order to further analyze and Isolate the issue that you're currently facing. I would also like to ask if you could collect SDU logs for at least 2-3 systems and create a case ID then share it with me via DM. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello MJ,

    We raised the concern to our internal team and below was the advice. 

    - confirm version of Sophos plug in (1.0.0.134 is the latest) Though we expectign that you are on that version since you just starting out/recently but it is important to confirm.
    - Check version of Automate used - there is a known automate issue specific to version 2021.10 that can interfere with script scheduling (sophos plug in runs scripts to get updated data). If you are on 2021.10 - You need to upgrade Automate first.
    - Check if systems in question show 'online' within Automate itself (they should, but its important to confirm that first). eg. if the automate system sees the endpoint(s) as offline, then the sophos plugin will not be able to get an update on its status (note this is the 'automate' online, and not the 'central' online.

    - Once confirmed systems are 'online' in automate re trigger the 'sophos auto register script'
    Go to: Automation -> Monitors -> Internal Monitors
    In Internal Monitors search for “Sophos - Auto-Register”
    Now right click on “Sophos - Auto-Register” and click on “Run Now”
    Wait 30 minutes to see if any changes in their status

    - If that does not change their status in our plug in - find one system that is still online to use an example and
    From the Computers tab of Sophos Plug in - select that system and select button 'deploy' Sophos again to it (sophos is already installed, so it will try to map it with the endpoint if it is not)

    - If that works, then you can choose to do that on the other ones, or we can provide separate steps to delete and re-add sophos scripts to see if this will resolve all of them

    If none of those options work above, or you wish to go the route of further investigation, let us know and we'll re-raise this to our internal team.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hello MJ,

    We raised the concern to our internal team and below was the advice. 

    - confirm version of Sophos plug in (1.0.0.134 is the latest) Though we expectign that you are on that version since you just starting out/recently but it is important to confirm.
    - Check version of Automate used - there is a known automate issue specific to version 2021.10 that can interfere with script scheduling (sophos plug in runs scripts to get updated data). If you are on 2021.10 - You need to upgrade Automate first.
    - Check if systems in question show 'online' within Automate itself (they should, but its important to confirm that first). eg. if the automate system sees the endpoint(s) as offline, then the sophos plugin will not be able to get an update on its status (note this is the 'automate' online, and not the 'central' online.

    - Once confirmed systems are 'online' in automate re trigger the 'sophos auto register script'
    Go to: Automation -> Monitors -> Internal Monitors
    In Internal Monitors search for “Sophos - Auto-Register”
    Now right click on “Sophos - Auto-Register” and click on “Run Now”
    Wait 30 minutes to see if any changes in their status

    - If that does not change their status in our plug in - find one system that is still online to use an example and
    From the Computers tab of Sophos Plug in - select that system and select button 'deploy' Sophos again to it (sophos is already installed, so it will try to map it with the endpoint if it is not)

    - If that works, then you can choose to do that on the other ones, or we can provide separate steps to delete and re-add sophos scripts to see if this will resolve all of them

    If none of those options work above, or you wish to go the route of further investigation, let us know and we'll re-raise this to our internal team.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data