This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Relay and Cache Server could not update because wrong proxy

Hello @all,

our win 2016 Server with installed relay and cache server are using a wrong proxy configuration:

 Trying update service URL sus.sophosupd.com/.../dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.xx.xx.94:443

On Central, I have changed the proxy and disable that, but our server are still using the wrong proxy.

Where can we change that?

Many thanks in advance!

TBC



This thread was automatically locked due to age.
Parents
  • Hi ,

    Thank you for reaching out to the Community. If you haven't already, kindly check the SophosUpdate.log for errors, and let us know what you find.

    You mentioned that you've changed the proxy on Central, changing the proxy settings will not be dynamically updated by the Sophos Message Relay component. To update the changes, you'll need to restart the Sophos Message Relay Service.

    You might also find additional details in this article - https://support.sophos.com/support/s/article/KB-000035498?language=en_US



    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Many thanks for replay.

    After restart message relay, the Proxy is empty but still no updates possible:

    2022-09-21T12:02:25.433Z [65372:65252] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 5 of 5)
    2022-09-21T12:02:25.557Z [65372:65252] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-21T12:02:25.566Z [65372:65252] W Error refreshing service config: will sync using stale SUS config: No reachable update service locations
    2022-09-21T12:02:25.566Z [65372:65252] E No reachable update service locations
    2022-09-21T12:02:25.566Z [65372:65252] I Syncing suites [sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat]
    2022-09-21T12:02:25.566Z [65372:65252] I Release groups [C]
    2022-09-21T12:02:25.571Z [65372:65252] I Analyzing whether to update from Sophos CDN or update cache
    2022-09-21T12:02:25.616Z [65372:65252] I Successfully connected to cache: https://b2.dom.com:8191/v3/suite
    2022-09-21T12:02:25.616Z [65372:65252] I Analysis complete - Using update cache: b2.dom.com:8191
    2022-09-21T12:02:25.616Z [65372:65252] I Syncing from: https://b2.dom.com:8191/v3
    2022-09-21T12:02:26.413Z [65372:65252] I Refreshing supplement sdds3.CEPNGSRVFLAGS.dat
    2022-09-21T12:02:26.498Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.CEPNGSRVFLAGS.dat: 200 (5940 bytes)
    2022-09-21T12:02:26.571Z [65372:65252] I Refreshing supplement sdds3.NTP_OVERRIDES.dat
    2022-09-21T12:02:26.661Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.NTP_OVERRIDES.dat: 200 (4029 bytes)
    2022-09-21T12:02:26.707Z [65372:65252] I Refreshing supplement sdds3.EPIPS_data.dat
    2022-09-21T12:02:26.788Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.EPIPS_data.dat: 200 (4123 bytes)
    2022-09-21T12:02:26.857Z [65372:65252] I Refreshing supplement sdds3.FIMFEED.dat
    2022-09-21T12:02:26.944Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.FIMFEED.dat: 200 (4012 bytes)
    2022-09-21T12:02:27.013Z [65372:65252] I Refreshing supplement sdds3.SLDFEED.dat
    2022-09-21T12:02:27.098Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.SLDFEED.dat: 200 (4009 bytes)
    2022-09-21T12:02:27.167Z [65372:65252] I Refreshing supplement sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat
    2022-09-21T12:02:27.255Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat: 200 (4040 bytes)
    2022-09-21T12:02:27.324Z [65372:65252] I Refreshing supplement sdds3.DOC_MODEL2_64.dat
    2022-09-21T12:02:27.412Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.DOC_MODEL2_64.dat: 200 (4319 bytes)
    2022-09-21T12:02:27.481Z [65372:65252] I Refreshing supplement sdds3.ML_MODEL2_64.dat
    2022-09-21T12:02:27.569Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.ML_MODEL2_64.dat: 200 (4681 bytes)
    2022-09-21T12:02:27.640Z [65372:65252] I Refreshing supplement sdds3.LocalRepData.dat
    2022-09-21T12:02:27.729Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.LocalRepData.dat: 200 (4022 bytes)
    2022-09-21T12:02:27.788Z [65372:65252] I Refreshing supplement sdds3.REPAIRKIT.dat
    2022-09-21T12:02:27.862Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.REPAIRKIT.dat: 200 (4644 bytes)
    2022-09-21T12:02:27.903Z [65372:65252] I Refreshing supplement sdds3.TELEMSUP.dat
    2022-09-21T12:02:27.949Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.TELEMSUP.dat: 200 (4014 bytes)
    2022-09-21T12:02:28.020Z [65372:65252] I Refreshing supplement sdds3.behave.dat
    2022-09-21T12:02:28.110Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.behave.dat: 200 (4021 bytes)
    2022-09-21T12:02:28.155Z [65372:65252] I Refreshing supplement sdds3.APPFEED.dat
    2022-09-21T12:02:28.202Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.APPFEED.dat: 200 (4014 bytes)
    2022-09-21T12:02:28.262Z [65372:65252] I Refreshing supplement sdds3.DataSetA.dat
    2022-09-21T12:02:28.333Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.DataSetA.dat: 200 (4255 bytes)
    2022-09-21T12:02:28.378Z [65372:65252] I Refreshing supplement sdds3.CIXSRVFLAGS.dat
    2022-09-21T12:02:28.434Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.CIXSRVFLAGS.dat: 200 (5138 bytes)
    2022-09-21T12:02:28.502Z [65372:65252] I Refreshing supplement sdds3.hmpa_data.dat
    2022-09-21T12:02:28.582Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.hmpa_data.dat: 200 (4011 bytes)
    2022-09-21T12:02:31.086Z [65372:65252] I Sync statistics: received 71656 bytes, sent 5381 bytes
    2022-09-21T12:02:31.086Z [65372:65252] I Supplements: 16, used 69272 bytes
    2022-09-21T12:02:33.668Z [65372:65252] I WindowsCloudServerAV: downloaded suite: sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, version: 1.3.95, display version: 10.8.11.4
    2022-09-21T12:02:33.668Z [65372:65252] I WindowsCloudServerHitmanProAlert: downloaded suite: sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, version: 2021.3.1.15, display version: 2021.3.1.15
    2022-09-21T12:02:33.668Z [65372:65252] I WindowsCloudServer: downloaded suite: sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat, version: 2022.2.1.9.0, display version: 2022.2.1.9
    2022-09-21T12:02:33.669Z [65372:65252] I Removing orphan products.
    2022-09-21T12:02:33.671Z [65372:65252] I No orphan products detected.
    2022-09-21T12:02:33.682Z [65372:65252] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-21T12:02:33.718Z [65372:65252] I Extracting packages.
    2022-09-21T12:02:42.586Z [65372:65252] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-21T12:02:42.637Z [65372:65252] I Installing products.
    2022-09-21T12:02:44.137Z [65372:65252] I Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A (SSE64) 3.85.1.12
    2022-09-21T12:02:44.802Z [65372:65252] I Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 (SED64) 3.1.1.270
    2022-09-21T12:02:45.632Z [65372:65252] I Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 (SAUXG) 6.13.1014
    2022-09-21T12:02:45.719Z [65372:65252] I Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE (UNINSTALLER64) 1.14.9.9
    2022-09-21T12:02:46.013Z [65372:65252] I Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 (HMPA64) 3.8.4.37
    2022-09-21T12:02:46.657Z [65372:65252] I Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 (MCS) 4.17.30
    2022-09-21T12:02:46.758Z [65372:65252] I Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD (SHS) 2.9.152
    2022-09-21T12:02:46.890Z [65372:65252] I Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC (SFS64) 1.9.24.1
    2022-09-21T12:02:47.466Z [65372:65252] I Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 (UI64) 2.6.83.0
    2022-09-21T12:02:47.577Z [65372:65252] I Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E (AMSI64) 1.9.244
    2022-09-21T12:02:47.789Z [65372:65252] I Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A (SME64) 1.8.13.2
    2022-09-21T12:02:48.757Z [65372:65252] I Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F (ESH64) 3.2.339.0
    2022-09-21T12:02:48.935Z [65372:65252] I Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 (EFW64) 2.1.43
    2022-09-21T12:02:49.050Z [65372:65252] I Skipped installation of component FE92B17F-0632-4AB1-B423-4093D3968454 (SLD) 7.1.2.1
    2022-09-21T12:02:49.237Z [65372:65252] I Skipped installation of component FileIntegrityMonitoring (FIM) 1.0.1.11.1
    2022-09-21T12:02:49.919Z [65372:65252] I Skipped installation of component MessageRelay (MR) 1.6.0.28
    2022-09-21T12:02:50.807Z [65372:65252] I Skipped installation of component NTP64 (NTP64) 1.16.2923
    2022-09-21T12:02:50.925Z [65372:65252] I Skipped installation of component SDU64 (SDU64) 6.13.1014
    2022-09-21T12:02:51.094Z [65372:65252] I Skipped installation of component UpdateCache (UC) 1.9.0.143
    2022-09-21T12:02:51.102Z [65372:65252] I Sending telemetry every 86400s
    2022-09-21T12:02:51.102Z [65372:65252] I Telemetry last ran at 2022-09-20 16:41:04Z; offset time 2022-09-20 17:43:17Z (offset 3733s)
    2022-09-21T12:02:51.102Z [65372:65252] I Telemetry schedule has not elapsed.
    2022-09-21T12:02:51.113Z [65372:65252] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-21T12:02:51.145Z [65372:65252] A SophosUpdate has completed (exit 2).
    

    On Sophos Tools there are no issue with "Known Issues" and "Network Test"

    Is there anything else what I can check?

    Many thanks

    TheBob

  • Is the connection successful when browsing the following websites through the web browser on the affected device? 
    https://dci.sophosupd.com/index.html
    https://d1.sophosupd.com/index.html

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children
  • Yes Qoosh it is!

    Sophos dci Site - hosted on Akamai

    Connection Successful

    Sophos d1 Site - hosted on Akamai

    Connection Successful

    Many thanks!

  • Thanks for following up. On the FAQ page I see the following is mentioned. 

    Changing your System or Automatic proxy settings will not be dynamically updated by the Sophos Message Relay component.

    To update the changes, restart the Sophos Message Relay Service.

    Could you try restarting the Sophos Message Relay Service to see if this changes? From the test results, it looks like your system proxy settings are working correctly.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thank you Qoosh for helping!

    I have now restarted the service again and run update without any luck:

    Also wondering is that the timestamp in the Log is wrong / but the time on OS are correct.

    And there are still wrong entry for proxy:

    2022-09-23T07:36:03.254Z [63980:65352] A =========================
    2022-09-23T07:36:03.254Z [63980:65352] A SophosUpdate is starting.
    2022-09-23T07:36:03.254Z [63980:65352] A AutoUpdate version      : 6.13.1014
    2022-09-23T07:36:03.256Z [63980:65352] A SophosUpdate version    : 6.13.1014
    2022-09-23T07:36:03.256Z [63980:65352] A =========================
    2022-09-23T07:36:03.256Z [63980:65352] I Platform ID: WIN_10_SVR_X64 1607 14393.5356
    2022-09-23T07:36:03.256Z [63980:65352] I Platform upgraded: 0
    2022-09-23T07:36:03.256Z [63980:65352] I Subscription: WindowsCloudServer RECOMMENDED 1
    2022-09-23T07:36:03.256Z [63980:65352] I Subscription: WindowsCloudServerAV RECOMMENDED 1
    2022-09-23T07:36:03.256Z [63980:65352] I Subscription: WindowsCloudServerHitmanProAlert RECOMMENDED 1
    2022-09-23T07:36:03.256Z [63980:65352] I Subscriptions changed: 0
    2022-09-23T07:36:03.256Z [63980:65352] I Features: APPCNTRL AV CLEAN CORE DLP DVCCNTRL EFW FIM HBT LOCKDOWN MR MTD NTP SAV SDU UC WEBCNTRL XPD
    2022-09-23T07:36:03.256Z [63980:65352] I Features changed: 0
    2022-09-23T07:36:03.257Z [63980:65352] I SAV installation not detected
    2022-09-23T07:36:03.258Z [63980:65352] A Command line: "C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe" -ScheduledUpdate -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate\"
    2022-09-23T07:36:03.277Z [63980:65352] I Loaded state from C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:36:04.597Z [63980:65352] I Performing standard update
    2022-09-23T07:36:04.597Z [63980:65352] I Limiting bandwidth to 256 Kbps
    2022-09-23T07:36:05.044Z [63980:65352] I Refreshing Sophos Update Service configuration from https://sus.sophosupd.com (cache expired)
    2022-09-23T07:36:05.044Z [63980:65352] I Tenant ID: d9ca8510-e8e6-4062-a912-f44cb0d15f71
    2022-09-23T07:36:05.044Z [63980:65352] I Device ID: dae1076b-8473-4c45-8c3a-076246744ca6
    2022-09-23T07:36:05.044Z [63980:65352] I Manually configured proxy: 87.19.17.4:443
    2022-09-23T07:36:05.479Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443
    2022-09-23T07:36:15.529Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:36:15.780Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 2 of 5)
    2022-09-23T07:36:25.827Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:36:26.828Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 3 of 5)
    2022-09-23T07:36:36.932Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:36:41.932Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 4 of 5)
    2022-09-23T07:36:52.031Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:37:22.033Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 5 of 5)
    2022-09-23T07:37:32.129Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:37:32.129Z [63980:65352] I Found system proxy list "https=fw-trzisp-02.db-trz.com:8880".
    2022-09-23T07:37:32.142Z [63980: 6868] I WinHttp discovered proxies not found
    2022-09-23T07:37:32.142Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw-trzisp-02.db-trz.com:8880
    2022-09-23T07:37:53.163Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:37:53.414Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 2 of 5)
    2022-09-23T07:38:14.426Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:38:15.426Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 3 of 5)
    2022-09-23T07:38:36.541Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:38:41.542Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 4 of 5)
    2022-09-23T07:39:02.655Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:39:32.657Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 5 of 5)
    2022-09-23T07:39:53.669Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:39:53.669Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:39:53.898Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:39:54.257Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 2 of 5)
    2022-09-23T07:39:54.390Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:39:55.397Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 3 of 5)
    2022-09-23T07:39:55.522Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:40:00.731Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 4 of 5)
    2022-09-23T07:40:00.857Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:40:30.967Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 5 of 5)
    2022-09-23T07:40:31.100Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:40:31.107Z [63980:65352] W Error refreshing service config: will sync using stale SUS config: No reachable update service locations
    2022-09-23T07:40:31.107Z [63980:65352] E No reachable update service locations
    2022-09-23T07:40:31.107Z [63980:65352] I Syncing suites [sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat]
    2022-09-23T07:40:31.107Z [63980:65352] I Release groups [C]
    2022-09-23T07:40:31.113Z [63980:65352] I Analyzing whether to update from Sophos CDN or update cache
    2022-09-23T07:40:31.152Z [63980:65352] I Successfully connected to cache: https://bc2.dom.com:8191/v3/suite
    2022-09-23T07:40:31.152Z [63980:65352] I Analysis complete - Using update cache: bc2.dom.com:8191
    2022-09-23T07:40:31.152Z [63980:65352] I Syncing from: https://bc2.dom.com:8191/v3
    2022-09-23T07:40:32.192Z [63980:65352] I Refreshing supplement sdds3.CEPNGSRVFLAGS.dat
    2022-09-23T07:40:32.266Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CEPNGSRVFLAGS.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:34.280Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CEPNGSRVFLAGS.dat: 200 (5940 bytes)
    2022-09-23T07:40:34.349Z [63980:65352] I Refreshing supplement sdds3.NTP_OVERRIDES.dat
    2022-09-23T07:40:34.424Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.NTP_OVERRIDES.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:36.437Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.NTP_OVERRIDES.dat: 200 (4160 bytes)
    2022-09-23T07:40:36.507Z [63980:65352] I Refreshing supplement sdds3.EPIPS_data.dat
    2022-09-23T07:40:36.582Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.EPIPS_data.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:38.597Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.EPIPS_data.dat: 200 (4120 bytes)
    2022-09-23T07:40:38.665Z [63980:65352] I Refreshing supplement sdds3.FIMFEED.dat
    2022-09-23T07:40:38.742Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.FIMFEED.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:40.755Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.FIMFEED.dat: 200 (4012 bytes)
    2022-09-23T07:40:40.822Z [63980:65352] I Refreshing supplement sdds3.SLDFEED.dat
    2022-09-23T07:40:40.897Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.SLDFEED.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:42.912Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.SLDFEED.dat: 200 (4009 bytes)
    2022-09-23T07:40:42.979Z [63980:65352] I Refreshing supplement sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat
    2022-09-23T07:40:43.054Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:45.175Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat: 200 (4040 bytes)
    2022-09-23T07:40:45.243Z [63980:65352] I Refreshing supplement sdds3.DOC_MODEL2_64.dat
    2022-09-23T07:40:45.419Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DOC_MODEL2_64.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:47.533Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DOC_MODEL2_64.dat: 200 (4319 bytes)
    2022-09-23T07:40:47.600Z [63980:65352] I Refreshing supplement sdds3.ML_MODEL2_64.dat
    2022-09-23T07:40:47.676Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.ML_MODEL2_64.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:49.690Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.ML_MODEL2_64.dat: 200 (4681 bytes)
    2022-09-23T07:40:49.759Z [63980:65352] I Refreshing supplement sdds3.LocalRepData.dat
    2022-09-23T07:40:49.835Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.LocalRepData.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:51.849Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.LocalRepData.dat: 200 (4028 bytes)
    2022-09-23T07:40:51.917Z [63980:65352] I Refreshing supplement sdds3.REPAIRKIT.dat
    2022-09-23T07:40:51.996Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.REPAIRKIT.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:54.110Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.REPAIRKIT.dat: 200 (4644 bytes)
    2022-09-23T07:40:54.178Z [63980:65352] I Refreshing supplement sdds3.TELEMSUP.dat
    2022-09-23T07:40:54.253Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.TELEMSUP.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:56.266Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.TELEMSUP.dat: 200 (4014 bytes)
    2022-09-23T07:40:56.333Z [63980:65352] I Refreshing supplement sdds3.behave.dat
    2022-09-23T07:40:56.407Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.behave.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:58.420Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.behave.dat: 200 (4022 bytes)
    2022-09-23T07:40:58.487Z [63980:65352] I Refreshing supplement sdds3.APPFEED.dat
    2022-09-23T07:40:58.663Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.APPFEED.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:00.677Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.APPFEED.dat: 200 (4014 bytes)
    2022-09-23T07:41:00.745Z [63980:65352] I Refreshing supplement sdds3.DataSetA.dat
    2022-09-23T07:41:00.819Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DataSetA.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:02.832Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DataSetA.dat: 200 (4262 bytes)
    2022-09-23T07:41:02.899Z [63980:65352] I Refreshing supplement sdds3.CIXSRVFLAGS.dat
    2022-09-23T07:41:02.976Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CIXSRVFLAGS.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:04.990Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CIXSRVFLAGS.dat: 200 (5138 bytes)
    2022-09-23T07:41:05.058Z [63980:65352] I Refreshing supplement sdds3.hmpa_data.dat
    2022-09-23T07:41:05.133Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.hmpa_data.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:07.146Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.hmpa_data.dat: 200 (4008 bytes)
    2022-09-23T07:41:10.312Z [63980:65352] I Sync statistics: received 74243 bytes, sent 10762 bytes
    2022-09-23T07:41:10.312Z [63980:65352] I Supplements: 16, used 69411 bytes
    2022-09-23T07:41:13.288Z [63980:65352] I WindowsCloudServerAV: downloaded suite: sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, version: 1.3.95, display version: 10.8.11.4
    2022-09-23T07:41:13.288Z [63980:65352] I WindowsCloudServerHitmanProAlert: downloaded suite: sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, version: 2021.3.1.15, display version: 2021.3.1.15
    2022-09-23T07:41:13.288Z [63980:65352] I WindowsCloudServer: downloaded suite: sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat, version: 2022.2.1.9.0, display version: 2022.2.1.9
    2022-09-23T07:41:13.288Z [63980:65352] I Removing orphan products.
    2022-09-23T07:41:13.290Z [63980:65352] I No orphan products detected.
    2022-09-23T07:41:13.297Z [63980:65352] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:41:13.431Z [63980:65352] I Extracting packages.
    2022-09-23T07:41:24.303Z [63980:65352] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:41:24.341Z [63980:65352] I Installing products.
    2022-09-23T07:41:25.852Z [63980:65352] I Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A (SSE64) 3.85.1.12
    2022-09-23T07:41:26.438Z [63980:65352] I Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 (SED64) 3.1.1.270
    2022-09-23T07:41:26.910Z [63980:65352] I Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 (SAUXG) 6.13.1014
    2022-09-23T07:41:26.984Z [63980:65352] I Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE (UNINSTALLER64) 1.14.9.9
    2022-09-23T07:41:27.358Z [63980:65352] I Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 (HMPA64) 3.8.4.37
    2022-09-23T07:41:28.130Z [63980:65352] I Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 (MCS) 4.17.30
    2022-09-23T07:41:28.324Z [63980:65352] I Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD (SHS) 2.9.152
    2022-09-23T07:41:28.445Z [63980:65352] I Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC (SFS64) 1.9.24.1
    2022-09-23T07:41:29.204Z [63980:65352] I Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 (UI64) 2.6.83.0
    2022-09-23T07:41:29.310Z [63980:65352] I Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E (AMSI64) 1.9.244
    2022-09-23T07:41:29.510Z [63980:65352] I Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A (SME64) 1.8.13.2
    2022-09-23T07:41:30.819Z [63980:65352] I Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F (ESH64) 3.2.339.0
    2022-09-23T07:41:30.890Z [63980:65352] I Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 (EFW64) 2.1.43
    2022-09-23T07:41:30.999Z [63980:65352] I Skipped installation of component FE92B17F-0632-4AB1-B423-4093D3968454 (SLD) 7.1.2.1
    2022-09-23T07:41:31.174Z [63980:65352] I Skipped installation of component FileIntegrityMonitoring (FIM) 1.0.1.11.1
    2022-09-23T07:41:32.512Z [63980:65352] I Skipped installation of component MessageRelay (MR) 1.6.0.28
    2022-09-23T07:41:33.369Z [63980:65352] I Skipped installation of component NTP64 (NTP64) 1.16.2923
    2022-09-23T07:41:33.479Z [63980:65352] I Skipped installation of component SDU64 (SDU64) 6.13.1014
    2022-09-23T07:41:33.639Z [63980:65352] I Skipped installation of component UpdateCache (UC) 1.9.0.143
    2022-09-23T07:41:33.653Z [63980:65352] I Sending telemetry every 86400s
    2022-09-23T07:41:33.653Z [63980:65352] I Telemetry last ran at 2022-09-22 19:41:18Z; offset time 2022-09-22 20:22:52Z (offset 2494s)
    2022-09-23T07:41:33.654Z [63980:65352] I Telemetry schedule has not elapsed.
    2022-09-23T07:41:33.665Z [63980:65352] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:41:33.697Z [63980:65352] A SophosUpdate has completed (exit 2).

    I don't know where he gets the wrong proxy information.

    Many thanks for helping

  • No problem at all. All of the Sophos Logs you see where the timestamp ends in "Z" will be in the UTC format.

    If the service restart did not work, and you've verified the proxy settings in Sophos Central are correct, I suggest trying to remove and re-add the Message Relay and Update Cache component on the affected device. This can be done from the "Manage Update Caches and Message Relays" page.

    You will want to wait some time after you remove the feature until Sophos Central shows that it has been fully removed. You can then re-add it back. If the issue remains, I suggest opening a support case with our team so they can take a closer look.

    You can find steps on how to open a case via the Support Portal in the link below. 
    - Create a Technical support case

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thank you very much,

    I have now uninstalled the endpoint and try now to install endpoint again.

    Now the problem is that mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com is not available and the certificate could not be validate:

    2022-09-26T11:58:20.5520768Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-26T11:58:20.5520768Z INFO : Sending request for connection confirmation through potential proxy
    2022-09-26T11:58:20.5520768Z INFO : Request content size: 0
    2022-09-26T11:58:20.6302090Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-09-26T11:58:20.6302090Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-09-26T11:58:20.6302090Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2022-09-26T11:58:20.6458758Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA3
    2022-09-26T11:58:20.6458758Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA4
    2022-09-26T11:58:20.6458758Z ERROR : Failed to validate server cert; terminating HTTP connection.
    2022-09-26T11:58:20.6458758Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12017
    2022-09-26T11:58:20.6458758Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed: certificate check failure
    2022-09-26T11:58:20.6458758Z ERROR : HTTP error: Failed to connect with any proxy: certificate check failure
    2022-09-26T11:58:20.6458758Z ERROR : System Property Check: ValidDeploymentInfo - FAILED
    2022-09-26T11:58:20.7083758Z INFO : Running System Property Check: InstallationInProgress ...
    2022-09-26T11:58:20.7083758Z INFO : System Property Check: InstallationInProgress - PASSED
    2022-09-26T11:58:20.7708310Z INFO : Running System Property Check: SafeGuardEncryption ...
    2022-09-26T11:58:20.7708310Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
    2022-09-26T11:58:20.7708310Z INFO : Product is not installed
    2022-09-26T11:58:20.7708310Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
    2022-09-26T11:58:20.7708310Z INFO : System Property Check: SafeGuardEncryption - PASSED

    How can we solve that.

  • Could you try the following commands through an Admin command prompt? Your device may be missing a root certificate needed to verify the connection to Sophos. I also suggest checking if the updating of root certificates is disabled on your device. 
    - Automatic Root Certificates Update is turned off, which could lead to installation and communication failures

    mkdir C:\digicerttemp

    cd C:\digicerttemp

    certutil.exe -urlcache -f cacerts.digicert.com/DigiCertTrustedRootG4.crt C:\digicerttemp\DigiCertTrustedRootG4.crt

    certutil.exe -addstore root C:\digicerttemp\DigiCertTrustedRootG4.crt

    cd \

    rmdir digicerttemp /S /Q

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    I am now a little further along and virus scanner along with cache and relay are installed.
    The cause was indeed a certificate, which was wrong and a proxy must be entered:
    netsh winhttp set proxy proxy-server="http=proxy server address:proxy port;https=proxy server address:proxy port"
    Even if the system itself does not need an entry in the browser.

    Relay shows all systems with Sophos Endpoint, but none of the systems get updates from the cache and relay server.

    The systems in question do not have any internet connection and have to get the updates from the central cache/relay server.
    Even a new installation of an endpoint client shows that the cache/relay server is not addressed.

    Do you have any ideas here?
    Thanks in advance

  • Here are some more information about the installation:

    starting setup with: SophosSetup.exe --messagerelays=bc2.dom.com:8190

    Logfile:

    2022-09-27T11:02:12.3002920Z INFO : Running C:\\Temp\\SophosSetup-793469817\\Setup.exe
    2022-09-27T11:02:12.3002920Z INFO : Stage 1 command-line options:
    2022-09-27T11:02:12.3002920Z INFO : ---
    2022-09-27T11:02:12.3002920Z INFO : Quiet mode on: 0
    2022-09-27T11:02:12.3002920Z INFO : Automatic Proxy detection disabled: 0
    2022-09-27T11:02:12.3002920Z INFO : No feedback mode on: 0
    2022-09-27T11:02:12.3002920Z INFO : Dump feedback enabled: 0
    2022-09-27T11:02:12.3002920Z INFO : Bypass competitor removal: 0
    2022-09-27T11:02:12.3002920Z INFO : Using CRT catalog file path: --
    2022-09-27T11:02:12.3159184Z INFO : Only register endpoint with Central: 0
    2022-09-27T11:02:12.3159184Z INFO : Log messages between endpoint and Central: 0
    2022-09-27T11:02:12.3159184Z INFO : Log command-line passed to executables: 0
    2022-09-27T11:02:12.3159184Z INFO : Using custom server that hosts the installer stage2 filename: --
    2022-09-27T11:02:12.3159184Z INFO : Using cloud group: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding computer name: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding computer description: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding domain name: --
    2022-09-27T11:02:12.3159184Z INFO : Language will be set to: --
    2022-09-27T11:02:12.3159184Z INFO : Using message relays: bc2.dom.com.com:8190
    2022-09-27T11:02:12.3159184Z INFO : Proxy address: --
    2022-09-27T11:02:12.3159184Z INFO : Proxy user name: --
    2022-09-27T11:02:12.3159184Z INFO : Using custom customer token: --
    2022-09-27T11:02:12.3159184Z INFO : Using specified products: --
    2022-09-27T11:02:12.3159184Z INFO : Using certificates from the program data folder: 0
    2022-09-27T11:02:12.3159184Z INFO : Setting non-persistent image: 0
    2022-09-27T11:02:12.3159184Z INFO : Setting gold image: 0
    2022-09-27T11:02:12.3159184Z INFO : MCS registration timeout for golden image: --
    2022-09-27T11:02:12.3159184Z INFO : Using custom customer ID: --
    2022-09-27T11:02:12.3159184Z INFO : Using specified user ID: --
    2022-09-27T11:02:12.3159184Z INFO : Using local install source: --
    2022-09-27T11:02:12.3159184Z INFO : Invoked as part of SEC migration: 0
    2022-09-27T11:02:12.3159184Z INFO : ---
    2022-09-27T11:02:12.3159184Z INFO : Detected architecture: 2
    2022-09-27T11:02:12.3159184Z INFO : Using x86 program files for stage 2
    2022-09-27T11:02:12.3159184Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-27T11:02:12.3783737Z INFO : About to delete: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-27T11:02:12.3783737Z INFO : Folder not present, nothing to delete
    2022-09-27T11:02:12.3783737Z INFO : Running on x64, requesting x86 Stage2
    2022-09-27T11:02:12.3783737Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7
    2022-09-27T11:02:12.3783737Z INFO : Did not discover an URL for a PAC file
    2022-09-27T11:02:12.3783737Z INFO : Attempting to connect using proxy 'bc2.dom.com:8190' of type 'Message Relay'.
    2022-09-27T11:02:12.3783737Z INFO : Set security protocol: 00000800
    2022-09-27T11:02:12.3783737Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-27T11:02:12.3783737Z INFO : Request content size: 30
    2022-09-27T11:02:12.4252771Z INFO : Sending request
    2022-09-27T11:02:12.4252771Z INFO : Request sent
    2022-09-27T11:02:12.4252771Z INFO : Sending request
    2022-09-27T11:02:12.4252771Z INFO : Request sent
    2022-09-27T11:02:12.4252771Z INFO : Response status code: 200
    2022-09-27T11:02:12.4252771Z INFO : Response data size: 3326
    2022-09-27T11:02:12.4252771Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
    2022-09-27T11:02:12.4408756Z INFO : Parsing message received for Stage 2 filename: '<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { height: 100%; font-family: Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff; box-sizing: border-box; padding: 2px .5em; appearance: none; border-radius: 0; } input:focus { border-color: #646464; box-shadow: 0 0 1px 0 #a2a2a2; outline: 0; } button { padding: .5em 1em; border: 1px solid; border-radius: 3px; min-width: 6em; font-weight: 400; font-size: .8em; cursor: pointer; } button.primary { color: #fff; background-color: rgb(47, 113, 178); border-color: rgb(34, 103, 173); } .message-container { height: 500px; width: 600px; padding: 0; margin: 10px; } .logo { background: url(/XX/YY/ZZ/CI/EECENCMEPGHGPG) no-repeat left center; height: 267px; object-fit: contain; } table { background-color: #fff; border-spacing: 0; margin: 1em; } table > tbody > tr > td:first-of-type:not([colspan]) { white-space: nowrap; color: rgba(0,0,0,.5); } table > tbody > tr > td:first-of-type { vertical-align: top; } table > tbody > tr > td { padding: .3em .3em; } .field { display: table-row; } .field > :first-child { display: table-cell; width: 20%; } .field.single > :first-child { display: inline; } .field > :not(:first-child) { width: auto; max-width: 100%; display: inline-flex; align-items: baseline; virtical-align: top; box-sizing: border-box; margin: .3em; } .field > :not(:first-child) > input { width: 230px; } .form-footer { display: inline-flex; justify-content: flex-start; } .form-footer > * { margin: 1em; } .text-scrollable { overflow: auto; height: 150px; border: 1px solid rgb(200, 200, 200); padding: 5px; font-size: 1em; } .text-centered { text-align: center; } .text-container { margin: 1em 1.5em; } .flex-container { display: flex; } .flex-container.column { flex-direction: column; } </style> <title> Firewall Authentication </title> </head> <body> <div class="message-container"> <div class="logo"> </div> <h1> Testlabor Internet Proxy <br> Zugang nur für autorisierte Benutzer </h1> <form action="/XX/YY/ZZ/AUTH" method="post"> <input type="hidden" name="4Tredir" value="https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7"> <input type="hidden" name="magic" value="655038159"> <input type="hidden" name="4Tmthd" value="1"> <p> Please enter your username and password to continue. </p> <div class="field"> <label for="ft_un"> TL-User: </label> <div> <input name="username" id="ft_un" type="text" autocorrect="off" autocapitalize="off"> </div> </div> <div class="field"> <label for="ft_pd"> TL-PWD: </label> <div> <input name="password" id="ft_pd" type="password" autocomplete="off"> </div> </div> <div class="form-footer"> <button class="primary" type="submit"> Login </button> </div> </form> </div> </body></html>\r\n'
    2022-09-27T11:02:12.4408756Z INFO : Cleaning up extracted files
    2022-09-27T11:02:12.4408756Z ERROR : Error downloading/running stage 2: Error parsing json file for Stage 2 filename: Unknown token: enJson content was :<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { height: 100%; font-family: Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff; box-sizing: border-box; padding: 2px .5em; appearance: none; border-radius: 0; } input:focus { border-color: #646464; box-shadow: 0 0 1px 0 #a2a2a2; outline: 0; } button { padding: .5em 1em; border: 1px solid; border-radius: 3px; min-width: 6em; font-weight: 400; font-size: .8em; cursor: pointer; } button.primary { color: #fff; background-color: rgb(47, 113, 178); border-color: rgb(34, 103, 173); } .message-container { height: 500px; width: 600px; padding: 0; margin: 10px; } .logo { background: url(/XX/YY/ZZ/CI/EECENCMEPGHGPG) no-repeat left center; height: 267px; object-fit: contain; } table { background-color: #fff; border-spacing: 0; margin: 1em; } table > tbody > tr > td:first-of-type:not([colspan]) { white-space: nowrap; color: rgba(0,0,0,.5); } table > tbody > tr > td:first-of-type { vertical-align: top; } table > tbody > tr > td { padding: .3em .3em; } .field { display: table-row; } .field > :first-child { display: table-cell; width: 20%; } .field.single > :first-child { display: inline; } .field > :not(:first-child) { width: auto; max-width: 100%; display: inline-flex; align-items: baseline; virtical-align: top; box-sizing: border-box; margin: .3em; } .field > :not(:first-child) > input { width: 230px; } .form-footer { display: inline-flex; justify-content: flex-start; } .form-footer > * { margin: 1em; } .text-scrollable { overflow: auto; height: 150px; border: 1px solid rgb(200, 200, 200); padding: 5px; font-size: 1em; } .text-centered { text-align: center; } .text-container { margin: 1em 1.5em; } .flex-container { display: flex; } .flex-container.column { flex-direction: column; } </style> <title> Firewall Authentication </title> </head> <body> <div class="message-container"> <div class="logo"> </div> <h1> Testlabor Internet Proxy <br> Zugang nur für autorisierte Benutzer </h1> <form action="/XX/YY/ZZ/AUTH" method="post"> <input type="hidden" name="4Tredir" value="https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7"> <input type="hidden" name="magic" value="655038159"> <input type="hidden" name="4Tmthd" value="1"> <p> Please enter your username and password to continue. </p> <div class="field"> <label for="ft_un"> TL-User: </label> <div> <input name="username" id="ft_un" type="text" autocorrect="off" autocapitalize="off"> </div> </div> <div class="field"> <label for="ft_pd"> TL-PWD: </label> <div> <input name="password" id="ft_pd" type="password" autocomplete="off"> </div> </div> <div class="form-footer"> <button class="primary" type="submit"> Login </button> </div> </form> </div> </body></html>\r\n
    

    hope that one helps.

    many thanks

  • Hello TBC, TheBob or whatever your name,

    the proxy's response is a web-form and says Zugang nur für autorisierte Benutzer.

    Christian

  • Thanks for pointing this out, Christian! 

    , Do you know if there are any other proxies between the endpoint and the Message Relay server? You may want to try the Proxy username and Proxy password options if this is the case.

    The Message Relay server should not require endpoints to authenticate to connect. The installer package you are using will include the necessary information to authenticate through. Try downloading a new installer package to see if this returns different results.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids