This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Installation failed

I get an error when I try to install Sophos Intercept X EAP in a win server 2022.

/cfs-file/__key/communityserver-discussions-components-files/302/SophosCloudInstaller_5F00_20220809_5F00_090558.log

Can anyone help me please to troubleshoot the problem?



This thread was automatically locked due to age.
Parents
  • Hi l0rdraiden,

    Thanks for reaching out to the Sophos Community Forum. 

    If this is the initial installation you're trying, do you know if white-listing has already been done on the surrounding network environment? 
    - Domains and ports to allow

    You can also try accessing the update site manually through a web-browser to verify if it should be accessible on the affected device. 
    http://dci.sophosupd.net

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Ports 80 and 443 are open, there is no web proxy so all the urls are allowed

    I can reach from the server

    http://dci.sophosupd.net


    Sophos dci Site

    Connection Successful


    Is a clean installation of windows server 2022 datacenter edition

    I think the error is here but I don't know what DCI is.

    2022-08-09T18:59:32.7846700Z WARNING : SUL error: [E54187] Couldn't find DCI for user. URL was: dci.sophosupd.net/update
    2022-08-09T18:59:32.7846700Z ERROR : DownloadCommand::onRun() failed with std::exception: MetaDataScope::MetaDataScope failed with error code 5
    2022-08-09T18:59:32.7846700Z INFO : Command 'Download' completed with failure with reboot code '0' and error message 'Could not download software'.
    2022-08-09T18:59:32.7846700Z ERROR : Installation failed.

    I found this post that might be related

    Issue : Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.com. - Discussions - Intercept X Endpoint - Sophos Community

    But I don't know what credentials are we talking about, my sophos central credentials are working and I downloaded the installer from there

  • If this is a fresh installation of Windows Server, I suggest checking if your server recognizes the certificate the installer is signed with. This may be contributing to the issues you're experiencing. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Ok, I found this article

    https://support.sophos.com/support/s/article/KB-000043879?language=en_US

    I have followed it but I still get this errors, I installed the certificate that comes with the installer

    2022-08-11T09:04:00.7505209Z INFO : Subscription: Base
    2022-08-11T09:04:00.7505209Z INFO : SUL info: [V46381] SU::Handle::readRemoteMetadata + SU::Handle::readRemoteMetadata()
    2022-08-11T09:04:00.7505209Z INFO : SUL info: [V75884] SU::Metadata::readRemoteMetadata SU::Metadata::readRemoteMetadata()
    2022-08-11T09:04:00.7505209Z INFO : SUL info: [I40394] Downloading customer file from sophos:1:1
    2022-08-11T09:04:00.7505209Z INFO : SUL info: [V81533] SU::createCachedPackageSource about to create cached package source for sophos:1:1, url=sophos
    2022-08-11T09:04:00.7661766Z INFO : SUL info: [V81533] SU::createCachedPackageSource creating root package source for location: sophos:1:dci.sophosupd.com/update, path: 1/2c/12cbdbf1c383a79c5327aa85b3a53b73.dat
    2022-08-11T09:04:01.0365671Z WARNING : SUL error: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/update
    2022-08-11T09:04:01.0365671Z INFO : SUL info: [I19127] No proxy was used.
    2022-08-11T09:04:01.0365671Z INFO : SUL info: [I40394] Downloading customer file from sophos:2:1
    2022-08-11T09:04:01.0365671Z INFO : SUL info: [V81533] SU::createCachedPackageSource about to create cached package source for sophos:2:1, url=sophos
    2022-08-11T09:04:01.0365671Z INFO : SUL info: [V81533] SU::createCachedPackageSource creating root package source for location: sophos:1:dci.sophosupd.net/update, path: 1/2c/12cbdbf1c383a79c5327aa85b3a53b73.dat
    2022-08-11T09:04:01.3072954Z WARNING : SUL error: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/update
    2022-08-11T09:04:01.3072954Z INFO : SUL info: [I19127] No proxy was used.
    2022-08-11T09:04:01.3072954Z INFO : SUL info: [I40394] Downloading customer file from sophos:3:1
    2022-08-11T09:04:01.3072954Z INFO : SUL info: [V81533] SU::createCachedPackageSource about to create cached package source for sophos:3:1, url=sophos
    2022-08-11T09:04:01.3072954Z WARNING : SUL error: [E75373] Ran out of sophos aliases for this update source
    2022-08-11T09:04:01.3072954Z WARNING : SUL error: [E72139] Couldn't find DCI for user. URL was: dci.sophosupd.net/update
    2022-08-11T09:04:01.3072954Z INFO : SUL info: [I72139] No proxy was used.
    2022-08-11T09:04:01.3072954Z WARNING : SUL error: [E54187] Couldn't find DCI for user. URL was: dci.sophosupd.net/update
    2022-08-11T09:04:01.3072954Z ERROR : DownloadCommand::onRun() failed with std::exception: MetaDataScope::MetaDataScope failed with error code 5
    2022-08-11T09:04:01.3072954Z INFO : Command 'Download' completed with failure with reboot code '0' and error message 'Could not download software'.
    2022-08-11T09:04:01.3072954Z ERROR : Installation failed.
    2022-08-11T09:04:01.3072954Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/events/endpoint/62cc95a5-02ff-54b8-eb6b-0a88e0217885
    2022-08-11T09:04:01.3072954Z INFO : Did not discover an URL for a PAC file
    2022-08-11T09:04:01.3072954Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2022-08-11T09:04:01.3072954Z INFO : Set security protocol: 00000800
    2022-08-11T09:04:01.3072954Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-08-11T09:04:01.3072954Z INFO : Sending request for connection confirmation through potential proxy
    2022-08-11T09:04:01.3072954Z INFO : Request content size: 0
    2022-08-11T09:04:01.3229838Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-08-11T09:04:01.3229838Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-08-11T09:04:01.3229838Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2022-08-11T09:04:01.3229838Z INFO : Certificate check succeeded
    2022-08-11T09:04:01.3229838Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
    2022-08-11T09:04:01.3550024Z INFO : Response status code: 200
    2022-08-11T09:04:01.3550024Z INFO : Response data size: 168
    2022-08-11T09:04:01.3550024Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
    2022-08-11T09:04:01.3550024Z INFO : Request content size: 1009
    2022-08-11T09:04:01.3550024Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-08-11T09:04:01.3550024Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-08-11T09:04:01.3550024Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2022-08-11T09:04:01.3550024Z INFO : Certificate check succeeded
    2022-08-11T09:04:01.3550024Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
    2022-08-11T09:04:01.4189473Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-08-11T09:04:01.4189473Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-08-11T09:04:01.4189473Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2022-08-11T09:04:01.4272822Z INFO : Certificate check succeeded
    2022-08-11T09:04:01.4272822Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
    2022-08-11T09:04:01.4272822Z INFO : Response status code: 200
    2022-08-11T09:04:01.4272822Z INFO : Response data size: 0

  • Were the following steps successful when accessing the digicert website? 

    1. Open an internet browser session.
    2. Access this website.
    3. If you see the following response, the root certificate is trusted and the installation/upgrade should complete on the next update:....

    I suspect you will need to install the root certificate, which is the parent in the certification chain and allows the installer to be verified. This is the "DigiCert Trusted Root G4" certificate. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I have downloaded this cert and installed this cert and the problem persist, any other idea?

    cacerts.digicert.com/DigiCertTrustedRootG4.crt

Reply Children