This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Relay and Cache Server could not update because wrong proxy

Hello @all,

our win 2016 Server with installed relay and cache server are using a wrong proxy configuration:

 Trying update service URL sus.sophosupd.com/.../dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.xx.xx.94:443

On Central, I have changed the proxy and disable that, but our server are still using the wrong proxy.

Where can we change that?

Many thanks in advance!

TBC



This thread was automatically locked due to age.
Parents
  • Hi ,

    Thank you for reaching out to the Community. If you haven't already, kindly check the SophosUpdate.log for errors, and let us know what you find.

    You mentioned that you've changed the proxy on Central, changing the proxy settings will not be dynamically updated by the Sophos Message Relay component. To update the changes, you'll need to restart the Sophos Message Relay Service.

    You might also find additional details in this article - https://support.sophos.com/support/s/article/KB-000035498?language=en_US


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Many thanks for replay.

    After restart message relay, the Proxy is empty but still no updates possible:

    2022-09-21T12:02:25.433Z [65372:65252] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 5 of 5)
    2022-09-21T12:02:25.557Z [65372:65252] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-21T12:02:25.566Z [65372:65252] W Error refreshing service config: will sync using stale SUS config: No reachable update service locations
    2022-09-21T12:02:25.566Z [65372:65252] E No reachable update service locations
    2022-09-21T12:02:25.566Z [65372:65252] I Syncing suites [sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat]
    2022-09-21T12:02:25.566Z [65372:65252] I Release groups [C]
    2022-09-21T12:02:25.571Z [65372:65252] I Analyzing whether to update from Sophos CDN or update cache
    2022-09-21T12:02:25.616Z [65372:65252] I Successfully connected to cache: https://b2.dom.com:8191/v3/suite
    2022-09-21T12:02:25.616Z [65372:65252] I Analysis complete - Using update cache: b2.dom.com:8191
    2022-09-21T12:02:25.616Z [65372:65252] I Syncing from: https://b2.dom.com:8191/v3
    2022-09-21T12:02:26.413Z [65372:65252] I Refreshing supplement sdds3.CEPNGSRVFLAGS.dat
    2022-09-21T12:02:26.498Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.CEPNGSRVFLAGS.dat: 200 (5940 bytes)
    2022-09-21T12:02:26.571Z [65372:65252] I Refreshing supplement sdds3.NTP_OVERRIDES.dat
    2022-09-21T12:02:26.661Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.NTP_OVERRIDES.dat: 200 (4029 bytes)
    2022-09-21T12:02:26.707Z [65372:65252] I Refreshing supplement sdds3.EPIPS_data.dat
    2022-09-21T12:02:26.788Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.EPIPS_data.dat: 200 (4123 bytes)
    2022-09-21T12:02:26.857Z [65372:65252] I Refreshing supplement sdds3.FIMFEED.dat
    2022-09-21T12:02:26.944Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.FIMFEED.dat: 200 (4012 bytes)
    2022-09-21T12:02:27.013Z [65372:65252] I Refreshing supplement sdds3.SLDFEED.dat
    2022-09-21T12:02:27.098Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.SLDFEED.dat: 200 (4009 bytes)
    2022-09-21T12:02:27.167Z [65372:65252] I Refreshing supplement sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat
    2022-09-21T12:02:27.255Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat: 200 (4040 bytes)
    2022-09-21T12:02:27.324Z [65372:65252] I Refreshing supplement sdds3.DOC_MODEL2_64.dat
    2022-09-21T12:02:27.412Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.DOC_MODEL2_64.dat: 200 (4319 bytes)
    2022-09-21T12:02:27.481Z [65372:65252] I Refreshing supplement sdds3.ML_MODEL2_64.dat
    2022-09-21T12:02:27.569Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.ML_MODEL2_64.dat: 200 (4681 bytes)
    2022-09-21T12:02:27.640Z [65372:65252] I Refreshing supplement sdds3.LocalRepData.dat
    2022-09-21T12:02:27.729Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.LocalRepData.dat: 200 (4022 bytes)
    2022-09-21T12:02:27.788Z [65372:65252] I Refreshing supplement sdds3.REPAIRKIT.dat
    2022-09-21T12:02:27.862Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.REPAIRKIT.dat: 200 (4644 bytes)
    2022-09-21T12:02:27.903Z [65372:65252] I Refreshing supplement sdds3.TELEMSUP.dat
    2022-09-21T12:02:27.949Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.TELEMSUP.dat: 200 (4014 bytes)
    2022-09-21T12:02:28.020Z [65372:65252] I Refreshing supplement sdds3.behave.dat
    2022-09-21T12:02:28.110Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.behave.dat: 200 (4021 bytes)
    2022-09-21T12:02:28.155Z [65372:65252] I Refreshing supplement sdds3.APPFEED.dat
    2022-09-21T12:02:28.202Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.APPFEED.dat: 200 (4014 bytes)
    2022-09-21T12:02:28.262Z [65372:65252] I Refreshing supplement sdds3.DataSetA.dat
    2022-09-21T12:02:28.333Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.DataSetA.dat: 200 (4255 bytes)
    2022-09-21T12:02:28.378Z [65372:65252] I Refreshing supplement sdds3.CIXSRVFLAGS.dat
    2022-09-21T12:02:28.434Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.CIXSRVFLAGS.dat: 200 (5138 bytes)
    2022-09-21T12:02:28.502Z [65372:65252] I Refreshing supplement sdds3.hmpa_data.dat
    2022-09-21T12:02:28.582Z [65372:65252] I GET https://b2.dom.com:8191/v3/supplement/sdds3.hmpa_data.dat: 200 (4011 bytes)
    2022-09-21T12:02:31.086Z [65372:65252] I Sync statistics: received 71656 bytes, sent 5381 bytes
    2022-09-21T12:02:31.086Z [65372:65252] I Supplements: 16, used 69272 bytes
    2022-09-21T12:02:33.668Z [65372:65252] I WindowsCloudServerAV: downloaded suite: sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, version: 1.3.95, display version: 10.8.11.4
    2022-09-21T12:02:33.668Z [65372:65252] I WindowsCloudServerHitmanProAlert: downloaded suite: sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, version: 2021.3.1.15, display version: 2021.3.1.15
    2022-09-21T12:02:33.668Z [65372:65252] I WindowsCloudServer: downloaded suite: sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat, version: 2022.2.1.9.0, display version: 2022.2.1.9
    2022-09-21T12:02:33.669Z [65372:65252] I Removing orphan products.
    2022-09-21T12:02:33.671Z [65372:65252] I No orphan products detected.
    2022-09-21T12:02:33.682Z [65372:65252] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-21T12:02:33.718Z [65372:65252] I Extracting packages.
    2022-09-21T12:02:42.586Z [65372:65252] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-21T12:02:42.637Z [65372:65252] I Installing products.
    2022-09-21T12:02:44.137Z [65372:65252] I Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A (SSE64) 3.85.1.12
    2022-09-21T12:02:44.802Z [65372:65252] I Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 (SED64) 3.1.1.270
    2022-09-21T12:02:45.632Z [65372:65252] I Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 (SAUXG) 6.13.1014
    2022-09-21T12:02:45.719Z [65372:65252] I Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE (UNINSTALLER64) 1.14.9.9
    2022-09-21T12:02:46.013Z [65372:65252] I Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 (HMPA64) 3.8.4.37
    2022-09-21T12:02:46.657Z [65372:65252] I Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 (MCS) 4.17.30
    2022-09-21T12:02:46.758Z [65372:65252] I Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD (SHS) 2.9.152
    2022-09-21T12:02:46.890Z [65372:65252] I Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC (SFS64) 1.9.24.1
    2022-09-21T12:02:47.466Z [65372:65252] I Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 (UI64) 2.6.83.0
    2022-09-21T12:02:47.577Z [65372:65252] I Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E (AMSI64) 1.9.244
    2022-09-21T12:02:47.789Z [65372:65252] I Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A (SME64) 1.8.13.2
    2022-09-21T12:02:48.757Z [65372:65252] I Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F (ESH64) 3.2.339.0
    2022-09-21T12:02:48.935Z [65372:65252] I Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 (EFW64) 2.1.43
    2022-09-21T12:02:49.050Z [65372:65252] I Skipped installation of component FE92B17F-0632-4AB1-B423-4093D3968454 (SLD) 7.1.2.1
    2022-09-21T12:02:49.237Z [65372:65252] I Skipped installation of component FileIntegrityMonitoring (FIM) 1.0.1.11.1
    2022-09-21T12:02:49.919Z [65372:65252] I Skipped installation of component MessageRelay (MR) 1.6.0.28
    2022-09-21T12:02:50.807Z [65372:65252] I Skipped installation of component NTP64 (NTP64) 1.16.2923
    2022-09-21T12:02:50.925Z [65372:65252] I Skipped installation of component SDU64 (SDU64) 6.13.1014
    2022-09-21T12:02:51.094Z [65372:65252] I Skipped installation of component UpdateCache (UC) 1.9.0.143
    2022-09-21T12:02:51.102Z [65372:65252] I Sending telemetry every 86400s
    2022-09-21T12:02:51.102Z [65372:65252] I Telemetry last ran at 2022-09-20 16:41:04Z; offset time 2022-09-20 17:43:17Z (offset 3733s)
    2022-09-21T12:02:51.102Z [65372:65252] I Telemetry schedule has not elapsed.
    2022-09-21T12:02:51.113Z [65372:65252] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-21T12:02:51.145Z [65372:65252] A SophosUpdate has completed (exit 2).
    

    On Sophos Tools there are no issue with "Known Issues" and "Network Test"

    Is there anything else what I can check?

    Many thanks

    TheBob

  • Is the connection successful when browsing the following websites through the web browser on the affected device? 
    https://dci.sophosupd.com/index.html
    https://d1.sophosupd.com/index.html

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Yes Qoosh it is!

    Sophos dci Site - hosted on Akamai

    Connection Successful

    Sophos d1 Site - hosted on Akamai

    Connection Successful

    Many thanks!

  • Thanks for following up. On the FAQ page I see the following is mentioned. 

    Changing your System or Automatic proxy settings will not be dynamically updated by the Sophos Message Relay component.

    To update the changes, restart the Sophos Message Relay Service.

    Could you try restarting the Sophos Message Relay Service to see if this changes? From the test results, it looks like your system proxy settings are working correctly.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thank you Qoosh for helping!

    I have now restarted the service again and run update without any luck:

    Also wondering is that the timestamp in the Log is wrong / but the time on OS are correct.

    And there are still wrong entry for proxy:

    2022-09-23T07:36:03.254Z [63980:65352] A =========================
    2022-09-23T07:36:03.254Z [63980:65352] A SophosUpdate is starting.
    2022-09-23T07:36:03.254Z [63980:65352] A AutoUpdate version      : 6.13.1014
    2022-09-23T07:36:03.256Z [63980:65352] A SophosUpdate version    : 6.13.1014
    2022-09-23T07:36:03.256Z [63980:65352] A =========================
    2022-09-23T07:36:03.256Z [63980:65352] I Platform ID: WIN_10_SVR_X64 1607 14393.5356
    2022-09-23T07:36:03.256Z [63980:65352] I Platform upgraded: 0
    2022-09-23T07:36:03.256Z [63980:65352] I Subscription: WindowsCloudServer RECOMMENDED 1
    2022-09-23T07:36:03.256Z [63980:65352] I Subscription: WindowsCloudServerAV RECOMMENDED 1
    2022-09-23T07:36:03.256Z [63980:65352] I Subscription: WindowsCloudServerHitmanProAlert RECOMMENDED 1
    2022-09-23T07:36:03.256Z [63980:65352] I Subscriptions changed: 0
    2022-09-23T07:36:03.256Z [63980:65352] I Features: APPCNTRL AV CLEAN CORE DLP DVCCNTRL EFW FIM HBT LOCKDOWN MR MTD NTP SAV SDU UC WEBCNTRL XPD
    2022-09-23T07:36:03.256Z [63980:65352] I Features changed: 0
    2022-09-23T07:36:03.257Z [63980:65352] I SAV installation not detected
    2022-09-23T07:36:03.258Z [63980:65352] A Command line: "C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe" -ScheduledUpdate -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate\"
    2022-09-23T07:36:03.277Z [63980:65352] I Loaded state from C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:36:04.597Z [63980:65352] I Performing standard update
    2022-09-23T07:36:04.597Z [63980:65352] I Limiting bandwidth to 256 Kbps
    2022-09-23T07:36:05.044Z [63980:65352] I Refreshing Sophos Update Service configuration from https://sus.sophosupd.com (cache expired)
    2022-09-23T07:36:05.044Z [63980:65352] I Tenant ID: d9ca8510-e8e6-4062-a912-f44cb0d15f71
    2022-09-23T07:36:05.044Z [63980:65352] I Device ID: dae1076b-8473-4c45-8c3a-076246744ca6
    2022-09-23T07:36:05.044Z [63980:65352] I Manually configured proxy: 87.19.17.4:443
    2022-09-23T07:36:05.479Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443
    2022-09-23T07:36:15.529Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:36:15.780Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 2 of 5)
    2022-09-23T07:36:25.827Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:36:26.828Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 3 of 5)
    2022-09-23T07:36:36.932Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:36:41.932Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 4 of 5)
    2022-09-23T07:36:52.031Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:37:22.033Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443 (try 5 of 5)
    2022-09-23T07:37:32.129Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: 87.19.17.4:443: WinHttpReceiveResponse failed: Die Serververbindung wurde aufgrund eines Fehlers beendet. (12030)
    2022-09-23T07:37:32.129Z [63980:65352] I Found system proxy list "https=fw-trzisp-02.db-trz.com:8880".
    2022-09-23T07:37:32.142Z [63980: 6868] I WinHttp discovered proxies not found
    2022-09-23T07:37:32.142Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw-trzisp-02.db-trz.com:8880
    2022-09-23T07:37:53.163Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:37:53.414Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 2 of 5)
    2022-09-23T07:38:14.426Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:38:15.426Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 3 of 5)
    2022-09-23T07:38:36.541Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:38:41.542Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 4 of 5)
    2022-09-23T07:39:02.655Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:39:32.657Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880 (try 5 of 5)
    2022-09-23T07:39:53.669Z [63980:65352] W Error from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: https=fw1.dom.com:8880: WinHttpSendRequest failed: Das Zeitlimit für den Vorgang wurde erreicht. (12002)
    2022-09-23T07:39:53.669Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:39:53.898Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:39:54.257Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 2 of 5)
    2022-09-23T07:39:54.390Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:39:55.397Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 3 of 5)
    2022-09-23T07:39:55.522Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:40:00.731Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 4 of 5)
    2022-09-23T07:40:00.857Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:40:30.967Z [63980:65352] I Trying update service url https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy> (try 5 of 5)
    2022-09-23T07:40:31.100Z [63980:65352] I 403 from https://sus.sophosupd.com/v3/d9ca8510-e8e6-4062-a912-f44cb0d15f71/dae1076b-8473-4c45-8c3a-076246744ca6 with proxy: <direct; no proxy>
    2022-09-23T07:40:31.107Z [63980:65352] W Error refreshing service config: will sync using stale SUS config: No reachable update service locations
    2022-09-23T07:40:31.107Z [63980:65352] E No reachable update service locations
    2022-09-23T07:40:31.107Z [63980:65352] I Syncing suites [sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat]
    2022-09-23T07:40:31.107Z [63980:65352] I Release groups [C]
    2022-09-23T07:40:31.113Z [63980:65352] I Analyzing whether to update from Sophos CDN or update cache
    2022-09-23T07:40:31.152Z [63980:65352] I Successfully connected to cache: https://bc2.dom.com:8191/v3/suite
    2022-09-23T07:40:31.152Z [63980:65352] I Analysis complete - Using update cache: bc2.dom.com:8191
    2022-09-23T07:40:31.152Z [63980:65352] I Syncing from: https://bc2.dom.com:8191/v3
    2022-09-23T07:40:32.192Z [63980:65352] I Refreshing supplement sdds3.CEPNGSRVFLAGS.dat
    2022-09-23T07:40:32.266Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CEPNGSRVFLAGS.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:34.280Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CEPNGSRVFLAGS.dat: 200 (5940 bytes)
    2022-09-23T07:40:34.349Z [63980:65352] I Refreshing supplement sdds3.NTP_OVERRIDES.dat
    2022-09-23T07:40:34.424Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.NTP_OVERRIDES.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:36.437Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.NTP_OVERRIDES.dat: 200 (4160 bytes)
    2022-09-23T07:40:36.507Z [63980:65352] I Refreshing supplement sdds3.EPIPS_data.dat
    2022-09-23T07:40:36.582Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.EPIPS_data.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:38.597Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.EPIPS_data.dat: 200 (4120 bytes)
    2022-09-23T07:40:38.665Z [63980:65352] I Refreshing supplement sdds3.FIMFEED.dat
    2022-09-23T07:40:38.742Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.FIMFEED.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:40.755Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.FIMFEED.dat: 200 (4012 bytes)
    2022-09-23T07:40:40.822Z [63980:65352] I Refreshing supplement sdds3.SLDFEED.dat
    2022-09-23T07:40:40.897Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.SLDFEED.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:42.912Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.SLDFEED.dat: 200 (4009 bytes)
    2022-09-23T07:40:42.979Z [63980:65352] I Refreshing supplement sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat
    2022-09-23T07:40:43.054Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:45.175Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.D3147E4B-BECB-4CE5-A2B4-DD098CD8AEFE.dat: 200 (4040 bytes)
    2022-09-23T07:40:45.243Z [63980:65352] I Refreshing supplement sdds3.DOC_MODEL2_64.dat
    2022-09-23T07:40:45.419Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DOC_MODEL2_64.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:47.533Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DOC_MODEL2_64.dat: 200 (4319 bytes)
    2022-09-23T07:40:47.600Z [63980:65352] I Refreshing supplement sdds3.ML_MODEL2_64.dat
    2022-09-23T07:40:47.676Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.ML_MODEL2_64.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:49.690Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.ML_MODEL2_64.dat: 200 (4681 bytes)
    2022-09-23T07:40:49.759Z [63980:65352] I Refreshing supplement sdds3.LocalRepData.dat
    2022-09-23T07:40:49.835Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.LocalRepData.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:51.849Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.LocalRepData.dat: 200 (4028 bytes)
    2022-09-23T07:40:51.917Z [63980:65352] I Refreshing supplement sdds3.REPAIRKIT.dat
    2022-09-23T07:40:51.996Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.REPAIRKIT.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:54.110Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.REPAIRKIT.dat: 200 (4644 bytes)
    2022-09-23T07:40:54.178Z [63980:65352] I Refreshing supplement sdds3.TELEMSUP.dat
    2022-09-23T07:40:54.253Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.TELEMSUP.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:56.266Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.TELEMSUP.dat: 200 (4014 bytes)
    2022-09-23T07:40:56.333Z [63980:65352] I Refreshing supplement sdds3.behave.dat
    2022-09-23T07:40:56.407Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.behave.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:40:58.420Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.behave.dat: 200 (4022 bytes)
    2022-09-23T07:40:58.487Z [63980:65352] I Refreshing supplement sdds3.APPFEED.dat
    2022-09-23T07:40:58.663Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.APPFEED.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:00.677Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.APPFEED.dat: 200 (4014 bytes)
    2022-09-23T07:41:00.745Z [63980:65352] I Refreshing supplement sdds3.DataSetA.dat
    2022-09-23T07:41:00.819Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DataSetA.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:02.832Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.DataSetA.dat: 200 (4262 bytes)
    2022-09-23T07:41:02.899Z [63980:65352] I Refreshing supplement sdds3.CIXSRVFLAGS.dat
    2022-09-23T07:41:02.976Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CIXSRVFLAGS.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:04.990Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.CIXSRVFLAGS.dat: 200 (5138 bytes)
    2022-09-23T07:41:05.058Z [63980:65352] I Refreshing supplement sdds3.hmpa_data.dat
    2022-09-23T07:41:05.133Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.hmpa_data.dat: 202 (not yet available in Update Cache)
    2022-09-23T07:41:07.146Z [63980:65352] I GET https://bc2.dom.com:8191/v3/supplement/sdds3.hmpa_data.dat: 200 (4008 bytes)
    2022-09-23T07:41:10.312Z [63980:65352] I Sync statistics: received 74243 bytes, sent 10762 bytes
    2022-09-23T07:41:10.312Z [63980:65352] I Supplements: 16, used 69411 bytes
    2022-09-23T07:41:13.288Z [63980:65352] I WindowsCloudServerAV: downloaded suite: sdds3.WindowsCloudServerAV_1.3.95.273bb7fbb9.dat, version: 1.3.95, display version: 10.8.11.4
    2022-09-23T07:41:13.288Z [63980:65352] I WindowsCloudServerHitmanProAlert: downloaded suite: sdds3.WindowsCloudServerHitmanProAlert_2021.3.1.15.9469d096d5.dat, version: 2021.3.1.15, display version: 2021.3.1.15
    2022-09-23T07:41:13.288Z [63980:65352] I WindowsCloudServer: downloaded suite: sdds3.WindowsCloudServer_2022.2.1.9.0.f5f5175516.dat, version: 2022.2.1.9.0, display version: 2022.2.1.9
    2022-09-23T07:41:13.288Z [63980:65352] I Removing orphan products.
    2022-09-23T07:41:13.290Z [63980:65352] I No orphan products detected.
    2022-09-23T07:41:13.297Z [63980:65352] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:41:13.431Z [63980:65352] I Extracting packages.
    2022-09-23T07:41:24.303Z [63980:65352] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:41:24.341Z [63980:65352] I Installing products.
    2022-09-23T07:41:25.852Z [63980:65352] I Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A (SSE64) 3.85.1.12
    2022-09-23T07:41:26.438Z [63980:65352] I Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 (SED64) 3.1.1.270
    2022-09-23T07:41:26.910Z [63980:65352] I Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 (SAUXG) 6.13.1014
    2022-09-23T07:41:26.984Z [63980:65352] I Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE (UNINSTALLER64) 1.14.9.9
    2022-09-23T07:41:27.358Z [63980:65352] I Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 (HMPA64) 3.8.4.37
    2022-09-23T07:41:28.130Z [63980:65352] I Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 (MCS) 4.17.30
    2022-09-23T07:41:28.324Z [63980:65352] I Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD (SHS) 2.9.152
    2022-09-23T07:41:28.445Z [63980:65352] I Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC (SFS64) 1.9.24.1
    2022-09-23T07:41:29.204Z [63980:65352] I Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 (UI64) 2.6.83.0
    2022-09-23T07:41:29.310Z [63980:65352] I Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E (AMSI64) 1.9.244
    2022-09-23T07:41:29.510Z [63980:65352] I Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A (SME64) 1.8.13.2
    2022-09-23T07:41:30.819Z [63980:65352] I Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F (ESH64) 3.2.339.0
    2022-09-23T07:41:30.890Z [63980:65352] I Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 (EFW64) 2.1.43
    2022-09-23T07:41:30.999Z [63980:65352] I Skipped installation of component FE92B17F-0632-4AB1-B423-4093D3968454 (SLD) 7.1.2.1
    2022-09-23T07:41:31.174Z [63980:65352] I Skipped installation of component FileIntegrityMonitoring (FIM) 1.0.1.11.1
    2022-09-23T07:41:32.512Z [63980:65352] I Skipped installation of component MessageRelay (MR) 1.6.0.28
    2022-09-23T07:41:33.369Z [63980:65352] I Skipped installation of component NTP64 (NTP64) 1.16.2923
    2022-09-23T07:41:33.479Z [63980:65352] I Skipped installation of component SDU64 (SDU64) 6.13.1014
    2022-09-23T07:41:33.639Z [63980:65352] I Skipped installation of component UpdateCache (UC) 1.9.0.143
    2022-09-23T07:41:33.653Z [63980:65352] I Sending telemetry every 86400s
    2022-09-23T07:41:33.653Z [63980:65352] I Telemetry last ran at 2022-09-22 19:41:18Z; offset time 2022-09-22 20:22:52Z (offset 2494s)
    2022-09-23T07:41:33.654Z [63980:65352] I Telemetry schedule has not elapsed.
    2022-09-23T07:41:33.665Z [63980:65352] I Saving state to C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2022-09-23T07:41:33.697Z [63980:65352] A SophosUpdate has completed (exit 2).

    I don't know where he gets the wrong proxy information.

    Many thanks for helping

  • No problem at all. All of the Sophos Logs you see where the timestamp ends in "Z" will be in the UTC format.

    If the service restart did not work, and you've verified the proxy settings in Sophos Central are correct, I suggest trying to remove and re-add the Message Relay and Update Cache component on the affected device. This can be done from the "Manage Update Caches and Message Relays" page.

    You will want to wait some time after you remove the feature until Sophos Central shows that it has been fully removed. You can then re-add it back. If the issue remains, I suggest opening a support case with our team so they can take a closer look.

    You can find steps on how to open a case via the Support Portal in the link below. 
    - Create a Technical support case

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thank you very much,

    I have now uninstalled the endpoint and try now to install endpoint again.

    Now the problem is that mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com is not available and the certificate could not be validate:

    2022-09-26T11:58:20.5520768Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-26T11:58:20.5520768Z INFO : Sending request for connection confirmation through potential proxy
    2022-09-26T11:58:20.5520768Z INFO : Request content size: 0
    2022-09-26T11:58:20.6302090Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-09-26T11:58:20.6302090Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-09-26T11:58:20.6302090Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2022-09-26T11:58:20.6458758Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA3
    2022-09-26T11:58:20.6458758Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA4
    2022-09-26T11:58:20.6458758Z ERROR : Failed to validate server cert; terminating HTTP connection.
    2022-09-26T11:58:20.6458758Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12017
    2022-09-26T11:58:20.6458758Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed: certificate check failure
    2022-09-26T11:58:20.6458758Z ERROR : HTTP error: Failed to connect with any proxy: certificate check failure
    2022-09-26T11:58:20.6458758Z ERROR : System Property Check: ValidDeploymentInfo - FAILED
    2022-09-26T11:58:20.7083758Z INFO : Running System Property Check: InstallationInProgress ...
    2022-09-26T11:58:20.7083758Z INFO : System Property Check: InstallationInProgress - PASSED
    2022-09-26T11:58:20.7708310Z INFO : Running System Property Check: SafeGuardEncryption ...
    2022-09-26T11:58:20.7708310Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
    2022-09-26T11:58:20.7708310Z INFO : Product is not installed
    2022-09-26T11:58:20.7708310Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
    2022-09-26T11:58:20.7708310Z INFO : System Property Check: SafeGuardEncryption - PASSED

    How can we solve that.

  • Could you try the following commands through an Admin command prompt? Your device may be missing a root certificate needed to verify the connection to Sophos. I also suggest checking if the updating of root certificates is disabled on your device. 
    - Automatic Root Certificates Update is turned off, which could lead to installation and communication failures

    mkdir C:\digicerttemp

    cd C:\digicerttemp

    certutil.exe -urlcache -f cacerts.digicert.com/DigiCertTrustedRootG4.crt C:\digicerttemp\DigiCertTrustedRootG4.crt

    certutil.exe -addstore root C:\digicerttemp\DigiCertTrustedRootG4.crt

    cd \

    rmdir digicerttemp /S /Q

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    I am now a little further along and virus scanner along with cache and relay are installed.
    The cause was indeed a certificate, which was wrong and a proxy must be entered:
    netsh winhttp set proxy proxy-server="http=proxy server address:proxy port;https=proxy server address:proxy port"
    Even if the system itself does not need an entry in the browser.

    Relay shows all systems with Sophos Endpoint, but none of the systems get updates from the cache and relay server.

    The systems in question do not have any internet connection and have to get the updates from the central cache/relay server.
    Even a new installation of an endpoint client shows that the cache/relay server is not addressed.

    Do you have any ideas here?
    Thanks in advance

  • Here are some more information about the installation:

    starting setup with: SophosSetup.exe --messagerelays=bc2.dom.com:8190

    Logfile:

    2022-09-27T11:02:12.3002920Z INFO : Running C:\\Temp\\SophosSetup-793469817\\Setup.exe
    2022-09-27T11:02:12.3002920Z INFO : Stage 1 command-line options:
    2022-09-27T11:02:12.3002920Z INFO : ---
    2022-09-27T11:02:12.3002920Z INFO : Quiet mode on: 0
    2022-09-27T11:02:12.3002920Z INFO : Automatic Proxy detection disabled: 0
    2022-09-27T11:02:12.3002920Z INFO : No feedback mode on: 0
    2022-09-27T11:02:12.3002920Z INFO : Dump feedback enabled: 0
    2022-09-27T11:02:12.3002920Z INFO : Bypass competitor removal: 0
    2022-09-27T11:02:12.3002920Z INFO : Using CRT catalog file path: --
    2022-09-27T11:02:12.3159184Z INFO : Only register endpoint with Central: 0
    2022-09-27T11:02:12.3159184Z INFO : Log messages between endpoint and Central: 0
    2022-09-27T11:02:12.3159184Z INFO : Log command-line passed to executables: 0
    2022-09-27T11:02:12.3159184Z INFO : Using custom server that hosts the installer stage2 filename: --
    2022-09-27T11:02:12.3159184Z INFO : Using cloud group: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding computer name: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding computer description: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding domain name: --
    2022-09-27T11:02:12.3159184Z INFO : Language will be set to: --
    2022-09-27T11:02:12.3159184Z INFO : Using message relays: bc2.dom.com.com:8190
    2022-09-27T11:02:12.3159184Z INFO : Proxy address: --
    2022-09-27T11:02:12.3159184Z INFO : Proxy user name: --
    2022-09-27T11:02:12.3159184Z INFO : Using custom customer token: --
    2022-09-27T11:02:12.3159184Z INFO : Using specified products: --
    2022-09-27T11:02:12.3159184Z INFO : Using certificates from the program data folder: 0
    2022-09-27T11:02:12.3159184Z INFO : Setting non-persistent image: 0
    2022-09-27T11:02:12.3159184Z INFO : Setting gold image: 0
    2022-09-27T11:02:12.3159184Z INFO : MCS registration timeout for golden image: --
    2022-09-27T11:02:12.3159184Z INFO : Using custom customer ID: --
    2022-09-27T11:02:12.3159184Z INFO : Using specified user ID: --
    2022-09-27T11:02:12.3159184Z INFO : Using local install source: --
    2022-09-27T11:02:12.3159184Z INFO : Invoked as part of SEC migration: 0
    2022-09-27T11:02:12.3159184Z INFO : ---
    2022-09-27T11:02:12.3159184Z INFO : Detected architecture: 2
    2022-09-27T11:02:12.3159184Z INFO : Using x86 program files for stage 2
    2022-09-27T11:02:12.3159184Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-27T11:02:12.3783737Z INFO : About to delete: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-27T11:02:12.3783737Z INFO : Folder not present, nothing to delete
    2022-09-27T11:02:12.3783737Z INFO : Running on x64, requesting x86 Stage2
    2022-09-27T11:02:12.3783737Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7
    2022-09-27T11:02:12.3783737Z INFO : Did not discover an URL for a PAC file
    2022-09-27T11:02:12.3783737Z INFO : Attempting to connect using proxy 'bc2.dom.com:8190' of type 'Message Relay'.
    2022-09-27T11:02:12.3783737Z INFO : Set security protocol: 00000800
    2022-09-27T11:02:12.3783737Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-27T11:02:12.3783737Z INFO : Request content size: 30
    2022-09-27T11:02:12.4252771Z INFO : Sending request
    2022-09-27T11:02:12.4252771Z INFO : Request sent
    2022-09-27T11:02:12.4252771Z INFO : Sending request
    2022-09-27T11:02:12.4252771Z INFO : Request sent
    2022-09-27T11:02:12.4252771Z INFO : Response status code: 200
    2022-09-27T11:02:12.4252771Z INFO : Response data size: 3326
    2022-09-27T11:02:12.4252771Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
    2022-09-27T11:02:12.4408756Z INFO : Parsing message received for Stage 2 filename: '<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { height: 100%; font-family: Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff; box-sizing: border-box; padding: 2px .5em; appearance: none; border-radius: 0; } input:focus { border-color: #646464; box-shadow: 0 0 1px 0 #a2a2a2; outline: 0; } button { padding: .5em 1em; border: 1px solid; border-radius: 3px; min-width: 6em; font-weight: 400; font-size: .8em; cursor: pointer; } button.primary { color: #fff; background-color: rgb(47, 113, 178); border-color: rgb(34, 103, 173); } .message-container { height: 500px; width: 600px; padding: 0; margin: 10px; } .logo { background: url(/XX/YY/ZZ/CI/EECENCMEPGHGPG) no-repeat left center; height: 267px; object-fit: contain; } table { background-color: #fff; border-spacing: 0; margin: 1em; } table > tbody > tr > td:first-of-type:not([colspan]) { white-space: nowrap; color: rgba(0,0,0,.5); } table > tbody > tr > td:first-of-type { vertical-align: top; } table > tbody > tr > td { padding: .3em .3em; } .field { display: table-row; } .field > :first-child { display: table-cell; width: 20%; } .field.single > :first-child { display: inline; } .field > :not(:first-child) { width: auto; max-width: 100%; display: inline-flex; align-items: baseline; virtical-align: top; box-sizing: border-box; margin: .3em; } .field > :not(:first-child) > input { width: 230px; } .form-footer { display: inline-flex; justify-content: flex-start; } .form-footer > * { margin: 1em; } .text-scrollable { overflow: auto; height: 150px; border: 1px solid rgb(200, 200, 200); padding: 5px; font-size: 1em; } .text-centered { text-align: center; } .text-container { margin: 1em 1.5em; } .flex-container { display: flex; } .flex-container.column { flex-direction: column; } </style> <title> Firewall Authentication </title> </head> <body> <div class="message-container"> <div class="logo"> </div> <h1> Testlabor Internet Proxy <br> Zugang nur für autorisierte Benutzer </h1> <form action="/XX/YY/ZZ/AUTH" method="post"> <input type="hidden" name="4Tredir" value="https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7"> <input type="hidden" name="magic" value="655038159"> <input type="hidden" name="4Tmthd" value="1"> <p> Please enter your username and password to continue. </p> <div class="field"> <label for="ft_un"> TL-User: </label> <div> <input name="username" id="ft_un" type="text" autocorrect="off" autocapitalize="off"> </div> </div> <div class="field"> <label for="ft_pd"> TL-PWD: </label> <div> <input name="password" id="ft_pd" type="password" autocomplete="off"> </div> </div> <div class="form-footer"> <button class="primary" type="submit"> Login </button> </div> </form> </div> </body></html>\r\n'
    2022-09-27T11:02:12.4408756Z INFO : Cleaning up extracted files
    2022-09-27T11:02:12.4408756Z ERROR : Error downloading/running stage 2: Error parsing json file for Stage 2 filename: Unknown token: enJson content was :<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { height: 100%; font-family: Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff; box-sizing: border-box; padding: 2px .5em; appearance: none; border-radius: 0; } input:focus { border-color: #646464; box-shadow: 0 0 1px 0 #a2a2a2; outline: 0; } button { padding: .5em 1em; border: 1px solid; border-radius: 3px; min-width: 6em; font-weight: 400; font-size: .8em; cursor: pointer; } button.primary { color: #fff; background-color: rgb(47, 113, 178); border-color: rgb(34, 103, 173); } .message-container { height: 500px; width: 600px; padding: 0; margin: 10px; } .logo { background: url(/XX/YY/ZZ/CI/EECENCMEPGHGPG) no-repeat left center; height: 267px; object-fit: contain; } table { background-color: #fff; border-spacing: 0; margin: 1em; } table > tbody > tr > td:first-of-type:not([colspan]) { white-space: nowrap; color: rgba(0,0,0,.5); } table > tbody > tr > td:first-of-type { vertical-align: top; } table > tbody > tr > td { padding: .3em .3em; } .field { display: table-row; } .field > :first-child { display: table-cell; width: 20%; } .field.single > :first-child { display: inline; } .field > :not(:first-child) { width: auto; max-width: 100%; display: inline-flex; align-items: baseline; virtical-align: top; box-sizing: border-box; margin: .3em; } .field > :not(:first-child) > input { width: 230px; } .form-footer { display: inline-flex; justify-content: flex-start; } .form-footer > * { margin: 1em; } .text-scrollable { overflow: auto; height: 150px; border: 1px solid rgb(200, 200, 200); padding: 5px; font-size: 1em; } .text-centered { text-align: center; } .text-container { margin: 1em 1.5em; } .flex-container { display: flex; } .flex-container.column { flex-direction: column; } </style> <title> Firewall Authentication </title> </head> <body> <div class="message-container"> <div class="logo"> </div> <h1> Testlabor Internet Proxy <br> Zugang nur für autorisierte Benutzer </h1> <form action="/XX/YY/ZZ/AUTH" method="post"> <input type="hidden" name="4Tredir" value="https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7"> <input type="hidden" name="magic" value="655038159"> <input type="hidden" name="4Tmthd" value="1"> <p> Please enter your username and password to continue. </p> <div class="field"> <label for="ft_un"> TL-User: </label> <div> <input name="username" id="ft_un" type="text" autocorrect="off" autocapitalize="off"> </div> </div> <div class="field"> <label for="ft_pd"> TL-PWD: </label> <div> <input name="password" id="ft_pd" type="password" autocomplete="off"> </div> </div> <div class="form-footer"> <button class="primary" type="submit"> Login </button> </div> </form> </div> </body></html>\r\n
    

    hope that one helps.

    many thanks

Reply
  • Here are some more information about the installation:

    starting setup with: SophosSetup.exe --messagerelays=bc2.dom.com:8190

    Logfile:

    2022-09-27T11:02:12.3002920Z INFO : Running C:\\Temp\\SophosSetup-793469817\\Setup.exe
    2022-09-27T11:02:12.3002920Z INFO : Stage 1 command-line options:
    2022-09-27T11:02:12.3002920Z INFO : ---
    2022-09-27T11:02:12.3002920Z INFO : Quiet mode on: 0
    2022-09-27T11:02:12.3002920Z INFO : Automatic Proxy detection disabled: 0
    2022-09-27T11:02:12.3002920Z INFO : No feedback mode on: 0
    2022-09-27T11:02:12.3002920Z INFO : Dump feedback enabled: 0
    2022-09-27T11:02:12.3002920Z INFO : Bypass competitor removal: 0
    2022-09-27T11:02:12.3002920Z INFO : Using CRT catalog file path: --
    2022-09-27T11:02:12.3159184Z INFO : Only register endpoint with Central: 0
    2022-09-27T11:02:12.3159184Z INFO : Log messages between endpoint and Central: 0
    2022-09-27T11:02:12.3159184Z INFO : Log command-line passed to executables: 0
    2022-09-27T11:02:12.3159184Z INFO : Using custom server that hosts the installer stage2 filename: --
    2022-09-27T11:02:12.3159184Z INFO : Using cloud group: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding computer name: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding computer description: --
    2022-09-27T11:02:12.3159184Z INFO : Overriding domain name: --
    2022-09-27T11:02:12.3159184Z INFO : Language will be set to: --
    2022-09-27T11:02:12.3159184Z INFO : Using message relays: bc2.dom.com.com:8190
    2022-09-27T11:02:12.3159184Z INFO : Proxy address: --
    2022-09-27T11:02:12.3159184Z INFO : Proxy user name: --
    2022-09-27T11:02:12.3159184Z INFO : Using custom customer token: --
    2022-09-27T11:02:12.3159184Z INFO : Using specified products: --
    2022-09-27T11:02:12.3159184Z INFO : Using certificates from the program data folder: 0
    2022-09-27T11:02:12.3159184Z INFO : Setting non-persistent image: 0
    2022-09-27T11:02:12.3159184Z INFO : Setting gold image: 0
    2022-09-27T11:02:12.3159184Z INFO : MCS registration timeout for golden image: --
    2022-09-27T11:02:12.3159184Z INFO : Using custom customer ID: --
    2022-09-27T11:02:12.3159184Z INFO : Using specified user ID: --
    2022-09-27T11:02:12.3159184Z INFO : Using local install source: --
    2022-09-27T11:02:12.3159184Z INFO : Invoked as part of SEC migration: 0
    2022-09-27T11:02:12.3159184Z INFO : ---
    2022-09-27T11:02:12.3159184Z INFO : Detected architecture: 2
    2022-09-27T11:02:12.3159184Z INFO : Using x86 program files for stage 2
    2022-09-27T11:02:12.3159184Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-27T11:02:12.3783737Z INFO : About to delete: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-27T11:02:12.3783737Z INFO : Folder not present, nothing to delete
    2022-09-27T11:02:12.3783737Z INFO : Running on x64, requesting x86 Stage2
    2022-09-27T11:02:12.3783737Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7
    2022-09-27T11:02:12.3783737Z INFO : Did not discover an URL for a PAC file
    2022-09-27T11:02:12.3783737Z INFO : Attempting to connect using proxy 'bc2.dom.com:8190' of type 'Message Relay'.
    2022-09-27T11:02:12.3783737Z INFO : Set security protocol: 00000800
    2022-09-27T11:02:12.3783737Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-27T11:02:12.3783737Z INFO : Request content size: 30
    2022-09-27T11:02:12.4252771Z INFO : Sending request
    2022-09-27T11:02:12.4252771Z INFO : Request sent
    2022-09-27T11:02:12.4252771Z INFO : Sending request
    2022-09-27T11:02:12.4252771Z INFO : Request sent
    2022-09-27T11:02:12.4252771Z INFO : Response status code: 200
    2022-09-27T11:02:12.4252771Z INFO : Response data size: 3326
    2022-09-27T11:02:12.4252771Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 200
    2022-09-27T11:02:12.4408756Z INFO : Parsing message received for Stage 2 filename: '<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { height: 100%; font-family: Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff; box-sizing: border-box; padding: 2px .5em; appearance: none; border-radius: 0; } input:focus { border-color: #646464; box-shadow: 0 0 1px 0 #a2a2a2; outline: 0; } button { padding: .5em 1em; border: 1px solid; border-radius: 3px; min-width: 6em; font-weight: 400; font-size: .8em; cursor: pointer; } button.primary { color: #fff; background-color: rgb(47, 113, 178); border-color: rgb(34, 103, 173); } .message-container { height: 500px; width: 600px; padding: 0; margin: 10px; } .logo { background: url(/XX/YY/ZZ/CI/EECENCMEPGHGPG) no-repeat left center; height: 267px; object-fit: contain; } table { background-color: #fff; border-spacing: 0; margin: 1em; } table > tbody > tr > td:first-of-type:not([colspan]) { white-space: nowrap; color: rgba(0,0,0,.5); } table > tbody > tr > td:first-of-type { vertical-align: top; } table > tbody > tr > td { padding: .3em .3em; } .field { display: table-row; } .field > :first-child { display: table-cell; width: 20%; } .field.single > :first-child { display: inline; } .field > :not(:first-child) { width: auto; max-width: 100%; display: inline-flex; align-items: baseline; virtical-align: top; box-sizing: border-box; margin: .3em; } .field > :not(:first-child) > input { width: 230px; } .form-footer { display: inline-flex; justify-content: flex-start; } .form-footer > * { margin: 1em; } .text-scrollable { overflow: auto; height: 150px; border: 1px solid rgb(200, 200, 200); padding: 5px; font-size: 1em; } .text-centered { text-align: center; } .text-container { margin: 1em 1.5em; } .flex-container { display: flex; } .flex-container.column { flex-direction: column; } </style> <title> Firewall Authentication </title> </head> <body> <div class="message-container"> <div class="logo"> </div> <h1> Testlabor Internet Proxy <br> Zugang nur für autorisierte Benutzer </h1> <form action="/XX/YY/ZZ/AUTH" method="post"> <input type="hidden" name="4Tredir" value="https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7"> <input type="hidden" name="magic" value="655038159"> <input type="hidden" name="4Tmthd" value="1"> <p> Please enter your username and password to continue. </p> <div class="field"> <label for="ft_un"> TL-User: </label> <div> <input name="username" id="ft_un" type="text" autocorrect="off" autocapitalize="off"> </div> </div> <div class="field"> <label for="ft_pd"> TL-PWD: </label> <div> <input name="password" id="ft_pd" type="password" autocomplete="off"> </div> </div> <div class="form-footer"> <button class="primary" type="submit"> Login </button> </div> </form> </div> </body></html>\r\n'
    2022-09-27T11:02:12.4408756Z INFO : Cleaning up extracted files
    2022-09-27T11:02:12.4408756Z ERROR : Error downloading/running stage 2: Error parsing json file for Stage 2 filename: Unknown token: enJson content was :<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { height: 100%; font-family: Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff; box-sizing: border-box; padding: 2px .5em; appearance: none; border-radius: 0; } input:focus { border-color: #646464; box-shadow: 0 0 1px 0 #a2a2a2; outline: 0; } button { padding: .5em 1em; border: 1px solid; border-radius: 3px; min-width: 6em; font-weight: 400; font-size: .8em; cursor: pointer; } button.primary { color: #fff; background-color: rgb(47, 113, 178); border-color: rgb(34, 103, 173); } .message-container { height: 500px; width: 600px; padding: 0; margin: 10px; } .logo { background: url(/XX/YY/ZZ/CI/EECENCMEPGHGPG) no-repeat left center; height: 267px; object-fit: contain; } table { background-color: #fff; border-spacing: 0; margin: 1em; } table > tbody > tr > td:first-of-type:not([colspan]) { white-space: nowrap; color: rgba(0,0,0,.5); } table > tbody > tr > td:first-of-type { vertical-align: top; } table > tbody > tr > td { padding: .3em .3em; } .field { display: table-row; } .field > :first-child { display: table-cell; width: 20%; } .field.single > :first-child { display: inline; } .field > :not(:first-child) { width: auto; max-width: 100%; display: inline-flex; align-items: baseline; virtical-align: top; box-sizing: border-box; margin: .3em; } .field > :not(:first-child) > input { width: 230px; } .form-footer { display: inline-flex; justify-content: flex-start; } .form-footer > * { margin: 1em; } .text-scrollable { overflow: auto; height: 150px; border: 1px solid rgb(200, 200, 200); padding: 5px; font-size: 1em; } .text-centered { text-align: center; } .text-container { margin: 1em 1.5em; } .flex-container { display: flex; } .flex-container.column { flex-direction: column; } </style> <title> Firewall Authentication </title> </head> <body> <div class="message-container"> <div class="logo"> </div> <h1> Testlabor Internet Proxy <br> Zugang nur für autorisierte Benutzer </h1> <form action="/XX/YY/ZZ/AUTH" method="post"> <input type="hidden" name="4Tredir" value="https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7"> <input type="hidden" name="magic" value="655038159"> <input type="hidden" name="4Tmthd" value="1"> <p> Please enter your username and password to continue. </p> <div class="field"> <label for="ft_un"> TL-User: </label> <div> <input name="username" id="ft_un" type="text" autocorrect="off" autocapitalize="off"> </div> </div> <div class="field"> <label for="ft_pd"> TL-PWD: </label> <div> <input name="password" id="ft_pd" type="password" autocomplete="off"> </div> </div> <div class="form-footer"> <button class="primary" type="submit"> Login </button> </div> </form> </div> </body></html>\r\n
    

    hope that one helps.

    many thanks

Children
  • Hello TBC, TheBob or whatever your name,

    the proxy's response is a web-form and says Zugang nur für autorisierte Benutzer.

    Christian

  • Thanks for pointing this out, Christian! 

    , Do you know if there are any other proxies between the endpoint and the Message Relay server? You may want to try the Proxy username and Proxy password options if this is the case.

    The Message Relay server should not require endpoints to authenticate to connect. The installer package you are using will include the necessary information to authenticate through. Try downloading a new installer package to see if this returns different results.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Qoosh,
    hallo Christian,

    we have for Client a proxy with authentication and for update Server a proxy without any authentication.

    The proxy using SSL Inspection

    On a server where Endpoint and Cache Relay are running, there is also WSUS running. On that one we don't need on Browser any proxy setting.

    On client with proxy and with authentication, I try to install the endpoint client, but without luck.

    First try was on client side without winhttp proxy:

    2022-09-28T07:50:45.0525504Z INFO : Running C:\\Temp\\SophosSetup-1187020342\\Setup.exe
    2022-09-28T07:50:45.0525504Z INFO : Stage 1 command-line options:
    2022-09-28T07:50:45.0525504Z INFO : ---
    2022-09-28T07:50:45.0525504Z INFO : Quiet mode on: 0
    2022-09-28T07:50:45.0525504Z INFO : Automatic Proxy detection disabled: 0
    2022-09-28T07:50:45.0525504Z INFO : No feedback mode on: 0
    2022-09-28T07:50:45.0525504Z INFO : Dump feedback enabled: 0
    2022-09-28T07:50:45.0525504Z INFO : Bypass competitor removal: 0
    2022-09-28T07:50:45.0525504Z INFO : Using CRT catalog file path: --
    2022-09-28T07:50:45.0525504Z INFO : Only register endpoint with Central: 0
    2022-09-28T07:50:45.0525504Z INFO : Log messages between endpoint and Central: 0
    2022-09-28T07:50:45.0525504Z INFO : Log command-line passed to executables: 0
    2022-09-28T07:50:45.0525504Z INFO : Using custom server that hosts the installer stage2 filename: --
    2022-09-28T07:50:45.0525504Z INFO : Using cloud group: --
    2022-09-28T07:50:45.0525504Z INFO : Overriding computer name: --
    2022-09-28T07:50:45.0525504Z INFO : Overriding computer description: --
    2022-09-28T07:50:45.0525504Z INFO : Overriding domain name: --
    2022-09-28T07:50:45.0525504Z INFO : Language will be set to: --
    2022-09-28T07:50:45.0525504Z INFO : Using message relays: 192.168.18.246
    2022-09-28T07:50:45.0525504Z INFO : Proxy address: --
    2022-09-28T07:50:45.0525504Z INFO : Proxy user name: --
    2022-09-28T07:50:45.0525504Z INFO : Using custom customer token: --
    2022-09-28T07:50:45.0525504Z INFO : Using specified products: --
    2022-09-28T07:50:45.0525504Z INFO : Using certificates from the program data folder: 0
    2022-09-28T07:50:45.0525504Z INFO : Setting non-persistent image: 0
    2022-09-28T07:50:45.0525504Z INFO : Setting gold image: 0
    2022-09-28T07:50:45.0525504Z INFO : MCS registration timeout for golden image: --
    2022-09-28T07:50:45.0525504Z INFO : Using custom customer ID: --
    2022-09-28T07:50:45.0525504Z INFO : Using specified user ID: --
    2022-09-28T07:50:45.0525504Z INFO : Using local install source: --
    2022-09-28T07:50:45.0525504Z INFO : Invoked as part of SEC migration: 0
    2022-09-28T07:50:45.0525504Z INFO : ---
    2022-09-28T07:50:45.0525504Z INFO : Detected architecture: 2
    2022-09-28T07:50:45.0525504Z INFO : Using x86 program files for stage 2
    2022-09-28T07:50:45.0525504Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-28T07:50:45.1150452Z INFO : About to delete: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-09-28T07:50:45.1150452Z INFO : Folder not present, nothing to delete
    2022-09-28T07:50:45.1150452Z INFO : Running on x64, requesting x86 Stage2
    2022-09-28T07:50:45.1150452Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/3de3ff2f-f178-4315-a672-0cc085c64dc7
    2022-09-28T07:50:45.1150452Z INFO : Did not discover an URL for a PAC file
    2022-09-28T07:50:45.1150452Z INFO : Attempting to connect using proxy '192.168.18.246' of type 'Message Relay'.
    2022-09-28T07:50:45.1150452Z INFO : Set security protocol: 00000800
    2022-09-28T07:50:45.1150452Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-28T07:50:45.1150452Z INFO : Request content size: 30
    2022-09-28T07:50:45.1306675Z INFO : Response status code: 400
    2022-09-28T07:50:45.1306675Z INFO : Response data size: 0
    2022-09-28T07:50:45.1306675Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 400
    2022-09-28T07:50:45.1306675Z INFO : Failed to connect using proxy '192.168.18.246' with error: Bad response from new connection: status code=400
    2022-09-28T07:50:45.1306675Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2022-09-28T07:50:45.1306675Z INFO : Set security protocol: 00000800
    2022-09-28T07:50:45.1306675Z INFO : Opening connection to api-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-28T07:50:45.1306675Z INFO : Request content size: 30
    2022-09-28T07:50:47.5529971Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.5842743Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.5842743Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.5842743Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6155578Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6155578Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6328865Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6621720Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6621720Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6933999Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.6933999Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.7089189Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.7402427Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.7558861Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.7714654Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.7871679Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8027460Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8027460Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8340523Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8340523Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8652150Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8809194Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.8809194Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.9121177Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.9121177Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.9493646Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.9493646Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.9588855Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:47.9901128Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0057845Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0214680Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0340521Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0528349Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0528349Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0841157Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.0998207Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.1154027Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.1154027Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.1342234Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.1624478Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.1624478Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.1936777Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.2091891Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.2405371Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.2562388Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.2874881Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.3187656Z INFO : FindMainWindow: pid=0
    2022-09-28T07:50:48.5343534Z INFO : FindMainWindow: pid=0
    2022-09-28T07:51:48.3047747Z ERROR : WinHttpSendRequest failed with error 12002
    2022-09-28T07:51:48.3047747Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
    2022-09-28T07:51:48.3047747Z INFO : Cleaning up extracted files
    2022-09-28T07:51:48.3047747Z ERROR : Error downloading/running stage 2: Failed to get stage-2 info: Failed to connect with any proxy
    

    second try was with winhttp proxy

    2022-09-28T05:50:59.6064583Z INFO : Friendly OS Name: WIN10
    2022-09-28T05:50:59.6064583Z INFO : Is server?: 0
    2022-09-28T05:50:59.6221029Z INFO : Sending HTTP 'POST' request to: sophos/management/ep/install/deployment-info/3
    2022-09-28T05:50:59.6221029Z INFO : Did not discover an URL for a PAC file
    2022-09-28T05:50:59.6221029Z INFO : Discovered the system proxy http=proxy.dom.com:8888;https=proxy.dom.com:8888;ftp=port
    2022-09-28T05:50:59.6221029Z INFO : Attempting to connect using proxy '192.168.18.246' of type 'Message Relay'.
    2022-09-28T05:50:59.6221029Z INFO : Set security protocol: 00000800
    2022-09-28T05:50:59.6221029Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-28T05:50:59.6221029Z INFO : Sending request for connection confirmation through potential proxy
    2022-09-28T05:50:59.6221029Z INFO : Request content size: 0
    2022-09-28T05:50:59.6376258Z INFO : Response status code: 400
    2022-09-28T05:50:59.6376258Z INFO : Response data size: 0
    2022-09-28T05:50:59.6376258Z INFO : trySendRequestThroughPotentialProxy returning response with status code: 400
    2022-09-28T05:50:59.6376258Z INFO : Failed to connect using proxy '192.168.18.246'
    2022-09-28T05:50:59.6376258Z INFO : Attempting to connect using proxy 'http=proxy.dom.com:8888;https=proxy.dom.com:8888;ftp=port' of type 'System'.
    2022-09-28T05:50:59.6376258Z INFO : Set security protocol: 00000800
    2022-09-28T05:50:59.6376258Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-28T05:50:59.6376258Z INFO : Sending request for connection confirmation through potential proxy
    2022-09-28T05:50:59.6376258Z INFO : Request content size: 0
    2022-09-28T05:50:59.7469978Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
    2022-09-28T05:50:59.7625111Z INFO : Subject certificate failed validation against root CA: SophosCA1
    2022-09-28T05:50:59.7625111Z INFO : Subject certificate failed validation against root CA: SophosCA2
    2022-09-28T05:50:59.7625111Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA3
    2022-09-28T05:50:59.7625111Z INFO : Subject certificate failed validation against root CA: Sophos SHA256 MCS Root CA4
    2022-09-28T05:50:59.7625111Z ERROR : Failed to validate server cert; terminating HTTP connection.
    2022-09-28T05:50:59.7625111Z ERROR : WinHttpSendRequest failed with certificate check failure and error 12017
    2022-09-28T05:50:59.7625111Z INFO : Failed to connect using proxy 'http=proxy.dom.com:8888;https=proxy.dom.com:8888;ftp=port' with error: WinHttpSendRequest failed: certificate check failure
    2022-09-28T05:50:59.7625111Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2022-09-28T05:50:59.7625111Z INFO : Set security protocol: 00000800
    2022-09-28T05:50:59.7625111Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
    2022-09-28T05:50:59.7625111Z INFO : Sending request for connection confirmation through potential proxy
    2022-09-28T05:50:59.7625111Z INFO : Request content size: 0
    2022-09-28T05:53:06.0902082Z ERROR : WinHttpSendRequest failed with error 12002
    2022-09-28T05:53:06.0902082Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
    2022-09-28T05:53:06.0902082Z ERROR : HTTP error: Failed to connect with any proxy: certificate check failure
    2022-09-28T05:53:06.0902082Z ERROR : System Property Check: ValidDeploymentInfo - FAILED
    2022-09-28T05:53:06.1527057Z INFO : Running System Property Check: InstallationInProgress ...
    2022-09-28T05:53:06.1527057Z INFO : System Property Check: InstallationInProgress - PASSED
    2022-09-28T05:53:06.2158938Z INFO : Running System Property Check: SafeGuardEncryption ...
    2022-09-28T05:53:06.2158938Z INFO : Entered installedProductCode, upgradeCode={BA2F47D3-1C17-40E7-8DE7-1CD733442B6C}
    2022-09-28T05:53:06.2158938Z INFO : Product is not installed
    2022-09-28T05:53:06.2158938Z INFO : licensesContainFeature(DEVICE_ENCRYPTION): false
    2022-09-28T05:53:06.2158938Z INFO : System Property Check: SafeGuardEncryption - PASSED
    

    For me, it makes no sens to use a winhttp proxy on any device, and why I need a proxy for devices without any internet connections?

    Also, why is the certificate from mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com invalid?

    Hope you can help. Many thanks

  • Hello TBC,

    not sure if I understand your setup correctly. I'll try to answer and explain a few things and maybe we can make some progress.

    What you see in the second try is:
    • a connection attempt to mcs2.... through the alleged relay 192.168.18.246. Question is, why is this just an IP and not (as in the log you previously posted) bc2.dom.com.com:8190? Connection is likely to a default port (80 or 443) and whatever listens there returns (not surprisingly) a 400 Bad Request• next attempt is with the system proxy proxy.dom.com:8888. You get the same error as on the 26th, then the cause was a missing root certificate - thought you have installed it so this error should no longer occur
    • last attempt is a direct connection which fails (as expected) with a timeout (12002)

    Your first try was without a proxy and naturally you simply get a timeout.

    Going back to your post on 23rd:
    wondering is that the timestamp in the Log is wrong - times in the log are UTC, assuming you're in Germany (from the Zugang message) or Italy (from the proxy address) a two hour offset is expected
    run update without any luck -  this server first tries the Manually configured proxy: 87.19.17.4:443. This fails with 12030 (The connection with the server has been reset or terminated, or an incompatible SSL protocol was encountered). Then it tries with the system proxy "https=fw-trzisp-02.db-trz.com:8880" and gets a timeout. Eventually it's Using update cache: bc2.dom.com:8191 and, as far as I can see, succeeds. Seems that bc2.dom.com is another cache, isn't it?

    it makes no sense to use a winhttp proxy on any device, and why I need a proxy for devices without any internet connections?
    The WinHTTP proxy is a fallback (as is the attempt to connect directly). And as far as Sophos is concerned you don't need an explicit (configured in  Central) or system (configured on the endpoint) proxy. All you need is a reachable server that acts a Update Cache and Message Relay. AFAIK this server could in turn use a UC/MR except for the UC and MR components.   

    Christian

  • Hello Christian,
    thank you for your comments.
    That sometimes the IP and sometimes the FQDN is in it, is due to the call with the corresponding parameter --messagerelay=.
    I have now found the error thanks to your explanations. The Installation took place without proxy with the Call: *.exe --messagerelays=IP/FQDN, somehow I have always overlooked that this should be so: *.exe --messagerelays=IP/FQDN:8190.

    Now it seems to work.
    I have deleted all proxy settings and had forgotten to enter the URL for Central: Zuzulassende Domänen und Ports

    Now everything seems to go so slowly, I watch again because a server still refuses :-)

    Many thanks to you both Christian and Qoosh!