Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 9895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error de Instalación

Carlos Madrid

Alguien más a tenido este problema instalando Sophos Intercept X y como lo ha solucionado? 
E intentando realizar la instalación desde la cuenta Administrador de equipo, Administrador de Dominio, descargue nuevamente el paquete de instalación desde la consola pero no e tenido buenos resultados, el equipo no tiene restricciones de conexión a Internet. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Carlos,

    Thanks for reaching out to the Sophos Community Forum. 

    Could you check the contents of the CloudInstall.log in the location "C:\ProgramData\Sophos\CloudInstaller\Logs" ?
    I also recommend checking for an "avremove.log" file in the location "C:\Windows\Temp".

    If you suspect the issue is related to the network, you may want to try using a Mobile Hot Spot to connect the affected device to, so that the local network is taken out of the picture. 

    Let me know what you find.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Hola Qoosh,

    Gracias por tu respuesta, el archivo esta acá: /cfs-file/__key/communityserver-discussions-components-files/302/SophosCloudInstaller_5F00_20220317_5F00_151404.log

    El archivo avremove.log no lo encuentro en la ubicación mencionada, de hecho lo busque en otro equipo que ya cuenta con el antivirus pero no se encuentra.

    La parte del acceso móvil lo probare por la tarde a pesar de que no tengo sospecha que sea un problema con la red.

  • 0 in reply to Carlos Madrid

    The main error I'm able to see repeated in the logs is as follows. 

    2022-03-17T15:29:15.4132396Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-03-17T15:29:15.4132396Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-03-17T15:29:15.4132396Z INFO : Subject certificate failed validation against root CA: SophosCA2

    Could you try using the following article to install the necessary certificate, then retry the installation? 
    - Locate the Central Endpoint SSL certificate

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Gracias Qoosh por tu apoyo, la solución era un poco más práctica. 

    Segui los pasos de este enlace y logre solventar, la instalación se realizo correctamente. 

    Saludos. 

  • 0 in reply to Carlos Madrid

    From the original log, the issue was the inability to get the initial policy.

    The 900 seconds (15 minutes) can be seen between the first "Attempt to retrieve policy" and the last "Attempt to retrieve policy" 15 minutes later before erroring.

    From the log, we can see the initial ability to get the endpoint ID, so communication was working to AWS.  It could be a temporary problem and that just re-running the installer would have been enough. Changing the name of the computer as detailed in the article will just ensure that the computer gets a new endpoint id.

    Maybe another computer with the same endpoint ID, if you are using images, where computers somehow have the same ep id, pulled the updating policy for this client before it had the chance? Seen unlikely.  The new ID may have helped but it could have just been a temporary glitch.

    2022-03-17T15:14:21.3658080Z INFO : Retrieved endpoint id: 80ac05b6-2da1-2489-1aac-b576f1278056
...
2022-03-17T15:14:22.5688629Z INFO : Attempt to retrieve policy.
2022-03-17T15:14:22.5688629Z INFO : Sending HTTP 'GET' request to: sophos/management/ep/install/commands/applications/APPSPROXY;ALC/endpoint/80ac05b6-2da1-2489-1aac-b576f1278056
2022-03-17T15:14:22.5688629Z INFO : Request content size: 0
2022-03-17T15:14:22.5688629Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2022-03-17T15:14:22.5688629Z INFO : Subject certificate failed validation against root CA: SophosCA1
2022-03-17T15:14:22.5688629Z INFO : Subject certificate failed validation against root CA: SophosCA2
2022-03-17T15:14:22.5844868Z INFO : Certificate check succeeded
2022-03-17T15:14:22.5844868Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2022-03-17T15:14:22.6469645Z INFO : Response status code: 200
2022-03-17T15:14:22.6469645Z INFO : Response data size: 140
2022-03-17T15:14:22.6469645Z INFO : No policy assignment command; wait for policy to render
...
15 mins
...
2022-03-17T15:29:41.0143462Z INFO : No policy assignment command; wait for policy to render
2022-03-17T15:29:46.0314178Z ERROR : RegisterCommand::onRun standard exception: Failed to retrieve policy within 900 seconds
2022-03-17T15:29:46.0314178Z INFO : Command 'Register' completed with failure with reboot code '0' and error message 'No se ha podido registrar con Sophos Central'.
2022-03-17T15:29:46.0314178Z ERROR : Installation failed.

Reply
  • 0 in reply to Carlos Madrid

    From the original log, the issue was the inability to get the initial policy.

    The 900 seconds (15 minutes) can be seen between the first "Attempt to retrieve policy" and the last "Attempt to retrieve policy" 15 minutes later before erroring.

    From the log, we can see the initial ability to get the endpoint ID, so communication was working to AWS.  It could be a temporary problem and that just re-running the installer would have been enough. Changing the name of the computer as detailed in the article will just ensure that the computer gets a new endpoint id.

    Maybe another computer with the same endpoint ID, if you are using images, where computers somehow have the same ep id, pulled the updating policy for this client before it had the chance? Seen unlikely.  The new ID may have helped but it could have just been a temporary glitch.

    2022-03-17T15:14:21.3658080Z INFO : Retrieved endpoint id: 80ac05b6-2da1-2489-1aac-b576f1278056
...
2022-03-17T15:14:22.5688629Z INFO : Attempt to retrieve policy.
2022-03-17T15:14:22.5688629Z INFO : Sending HTTP 'GET' request to: sophos/management/ep/install/commands/applications/APPSPROXY;ALC/endpoint/80ac05b6-2da1-2489-1aac-b576f1278056
2022-03-17T15:14:22.5688629Z INFO : Request content size: 0
2022-03-17T15:14:22.5688629Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2022-03-17T15:14:22.5688629Z INFO : Subject certificate failed validation against root CA: SophosCA1
2022-03-17T15:14:22.5688629Z INFO : Subject certificate failed validation against root CA: SophosCA2
2022-03-17T15:14:22.5844868Z INFO : Certificate check succeeded
2022-03-17T15:14:22.5844868Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2022-03-17T15:14:22.6469645Z INFO : Response status code: 200
2022-03-17T15:14:22.6469645Z INFO : Response data size: 140
2022-03-17T15:14:22.6469645Z INFO : No policy assignment command; wait for policy to render
...
15 mins
...
2022-03-17T15:29:41.0143462Z INFO : No policy assignment command; wait for policy to render
2022-03-17T15:29:46.0314178Z ERROR : RegisterCommand::onRun standard exception: Failed to retrieve policy within 900 seconds
2022-03-17T15:29:46.0314178Z INFO : Command 'Register' completed with failure with reboot code '0' and error message 'No se ha podido registrar con Sophos Central'.
2022-03-17T15:29:46.0314178Z ERROR : Installation failed.

Children
No Data
Unfiltered HTML