Install issues on Linux

This software is governed by the terms and conditions of a licence agreement with Sophos Limited

Performing pre-installation checks to verify whether SPL can be installed on this machine
INFO: Verifying connections to Sophos Central
WARN: Server cannot connect to Sophos Central directly
ERROR: SPL installation will fail as a connection to Sophos Central could not be established
INFO: Verifying connections to Sophos Update Service (SUS) server
WARN: Server cannot connect to the SUS server (https://sus.sophosupd.com) directly
ERROR: SPL installation will fail as a connection to the SUS server could not be established
INFO: Verifying connections to the CDN server
ERROR: SPL installation will fail as a connection to a CDN server could not be established
SPL cannot be installed on this system, the pre-installation checks found some critical issues. Please review the logs and address the issues before attempting to reinstall



Updated thread title
[edited by: Qoosh at 4:56 PM (GMT -8) on 23 Feb 2024]
  • Hi Jersson,

    Thanks for reaching out to the Sophos Community Forum. 

    Based on the logs you've shared, the system cannot reach Sophos' servers for updating or communication. 

    I suggest checking if the domains listed on the following page are accessible on the network the affected device is connected to. Alternatively, is it possible to connect to an unrestricted network to test with?
    - Domains and ports to allow

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Was this resolved - I'm having the same issue on multiple Ubuntu installs. Can't get past pre-install checks where it fails here with the same error as above and at the same point. There are NO blocks in place to any Sophos ports/addresses and this used to work fine. I've also tried this on three different networks (work, tethered from my mobile and at home on my own fibre). I have logged a call, but it would seem that this issue might not be a local one but a hosted one? Thanks all

  • Hi Michael,

    Could you try installing curl onto one of the Ubuntu devices in question? Looking into some previous cases, I found one instance where the installation could proceed normally once curl was installed. 

    If you can confirm this, I can work with our team to update the prerequisites we have documented so this is made clear going forward. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi   - Thanks for your reply. I had already twigged this might be the issue too - I'd installed Curl as part of the diagnosis of the failed install. Strangley mine was still reporting to fail - but had in fact installed. My fellow team members have tested on some more machines this morning and I'm pleased to report... 

    CURL not pre-installed - Sophos now failing with latest script. Black heart

    CURL installed (v7.81.0) - Sophos installed. Green heart

    I think some more confirmation/testing might be needed - but it's very much looking like Curl is now a requirement as you suggested!

  • I had curl installed already and still having the exact same error trying to install it.
    Any idea what else could cause it?

  • Hi Sebastian,

    Depending on how your OS has been compiled, there may be additional dependencies which are missing. I'd suggest trying the following command. 

    Turn debug mode on, launch the installer using the verbose shell option, combine stderr and stdout into the stdout stream, and write the output to install.log:

    sudo export DEBUG_THIN_INSTALLER=1; bash -x ./SophosSetup.sh 2>&1 | tee install.log

    Once you have the install.log, please send this to me via private message and I'd be happy to take a closer look. You're also welcome to post the logs here by using "Insert > Code" followed by pasting the logs (this makes logs easier to parse).

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I would also check in Central if it IS showing as installed. Mine failed to install (or at least showed it had not installed/failed) but DID appear in Central and appears to work as expected. 

  • Thank you both.

    The Sophos was installed on this server initially and then we had to remove it - we've followed the instructions provided by Sophos.

    It is now when we are trying to install it again on the server that we see the same error as in the original post.
    Attached the output of the installation attempt with the debug enabled.

    Any help will be much appreciated.

    + umask 077
    + echo 'This software is governed by the terms and conditions of a licence agreement with Sophos Limited'
    This software is governed by the terms and conditions of a licence agreement with Sophos Limited
    + VERSION=1.3.2.14
    + PRODUCT_NAME='Sophos Protection for Linux'
    + INSTALL_FILE=./SophosSetup.sh
    + EXITCODE_SUCCESS=0
    + EXITCODE_NOT_LINUX=1
    + EXITCODE_NOT_ROOT=2
    + EXITCODE_NO_CENTRAL=3
    + EXITCODE_NOT_ENOUGH_MEM=4
    + EXITCODE_NOT_ENOUGH_SPACE=5
    + EXITCODE_FAILED_REGISTER=6
    + EXITCODE_ALREADY_INSTALLED=7
    + EXITCODE_SAV_INSTALLED=8
    + EXITCODE_NOT_64_BIT=9
    + EXITCODE_DOWNLOAD_FAILED=10
    + EXITCODE_FAILED_TO_UNPACK=11
    + EXITCODE_CANNOT_MAKE_TEMP=12
    + EXITCODE_VERIFY_INSTALLER_FAILED=13
    + EXITCODE_SYMLINKS_FAILED=14
    + EXITCODE_CHMOD_FAILED=15
    + EXITCODE_NOEXEC_TMP=16
    + EXITCODE_DELETE_INSTALLER_ARCHIVE_FAILED=17
    + EXITCODE_BASE_INSTALL_FAILED=18
    + EXITCODE_BAD_INSTALL_PATH=19
    + EXITCODE_INSTALLED_BUT_NO_PATH=20
    + EXIT_FAIL_WRONG_LIBC_VERSION=21
    + EXIT_FAIL_COULD_NOT_FIND_LIBC_VERSION=22
    + EXITCODE_UNEXPECTED_ARGUMENT=23
    + EXITCODE_BAD_GROUP_NAME=24
    + EXITCODE_GROUP_NAME_EXCEEDS_MAX_SIZE=25
    + EXITCODE_DUPLICATE_ARGUMENTS_GIVEN=26
    + EXITCODE_BAD_PRODUCT_SELECTED=27
    + EXITCODE_INVALID_CUSTOM_ID_GIVEN=28
    + EXITCODE_NO_SYSTEMD=29
    + EXITCODE_MISSING_PACKAGE=30
    + EXITCODE_INVALID_CA_PATHS=31
    + EXITCODE_INVALID_MR_UC_GIVEN=32
    + EXITCODE_COMPATIBILITY_CHECKS_FAILED=33
    + EXITCODE_MALFORMED_THININSTALLER=34
    + EXITCODE_REGISTRATION_FAILED=51
    + EXITCODE_AUTHENTICATION_FAILED=52
    + EXITCODE_ALC_POLICY_TRANSLATION_FAILED=53
    + PROXY_CREDENTIALS=
    + MAX_GROUP_NAME_SIZE=1024
    + VALID_PRODUCTS=("antivirus" "mdr" "xdr")
    + REQUEST_NO_PRODUCTS=none
    + BUILD_LIBC_VERSION=2.17
    + DAT_FILES=("supplement/sdds3.ScheduledQueryPack.dat" "supplement/sdds3.ML_MODEL3_LINUX_X86_64.dat" "supplement/sdds3.DataSetA.dat" "supplement/sdds3.LocalRepData.dat" "supplement/sdds3.RuntimeDetectionRules.dat" "supplement/sdds3.SSPLFLAGS.dat")
    + VALID_CENTRAL_CONNECTION=0
    + VALID_SUS_CONNECTION=0
    + VALID_CDN_CONNECTION=0
    + [[ -z '' ]]
    + TMPDIR=/tmp
    + export TMPDIR
    + unset ALLOW_OVERRIDE_MCS_CA
    + CREATED_INSTALL_DIRECTORY=0
    + declare -a INSTALL_OPTIONS_ARGS
    + check_for_duplicate_arguments
    + declare -a checked_arguments
    + FORCE_UNINSTALL_SAV=0
    + FORCE_INSTALL=0
    + UNEXPECTED_ARGUMENT=0
    + HELP_FLAG=0
    + VERSION_FLAG=0
    + [[ 0 == 1 ]]
    + [[ 0 == 1 ]]
    + [[ 0 == 1 ]]
    + [[ '' != 1 ]]
    + pre_install_checks
    + echo -e '\nPerforming pre-installation checks to verify whether SPL can be installed on this machine'
    
    Performing pre-installation checks to verify whether SPL can be installed on this machine
    ++ id -u
    + [[ 0 -ne 0 ]]
    + verify_system_requirements
    ++ uname -a
    + [[ Linux cegaUatV2 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux =~ Linux ]]
    ++ uname -m
    + [[ x86_64 = \x\8\6\_\6\4 ]]
    + BIN=bin
    ++ ps -p 1 -o comm=
    + [[ systemd == \s\y\s\t\e\m\d ]]
    + verify_installed_packages
    + required_packages=("bash" "systemctl" "grep" "getent" "groupadd" "useradd" "usermod")
    + for package in "${required_packages[@]}"
    ++ which bash
    + [[ -z /usr/bin/bash ]]
    + for package in "${required_packages[@]}"
    ++ which systemctl
    + [[ -z /usr/bin/systemctl ]]
    + for package in "${required_packages[@]}"
    ++ which grep
    + [[ -z /usr/bin/grep ]]
    + for package in "${required_packages[@]}"
    ++ which getent
    + [[ -z /usr/bin/getent ]]
    + for package in "${required_packages[@]}"
    ++ which groupadd
    + [[ -z /usr/sbin/groupadd ]]
    + for package in "${required_packages[@]}"
    ++ which useradd
    + [[ -z /usr/sbin/useradd ]]
    + for package in "${required_packages[@]}"
    ++ which usermod
    + [[ -z /usr/sbin/usermod ]]
    + av_packages=("setcap")
    + for package in "${av_packages[@]}"
    ++ which setcap
    + [[ -z /usr/sbin/setcap ]]
    + verify_compatible_glibc_version
    ++ ldd --version
    ++ rev
    ++ grep 'ldd (.*)'
    ++ cut -d ' ' -f 1
    ++ rev
    + system_libc_version=2.35
    ++ printf '%s\n' 2.17 2.35
    ++ sort -V
    ++ head -n 1
    + lowest_version=2.17
    + [[ 2.17 != \2\.\1\7 ]]
    ++ which getcap
    + [[ -z /usr/sbin/getcap ]]
    ++ which setcap
    + [[ -z /usr/sbin/setcap ]]
    ++ grep FANOTIFY
    +++ uname -r
    ++ cat /boot/config-5.15.0-94-generic
    + fanotify_config='CONFIG_FANOTIFY=y
    CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y'
    + [[ CONFIG_FANOTIFY=y
    CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y =~ CONFIG_FANOTIFY=y ]]
    + [[ CONFIG_FANOTIFY=y
    CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y =~ CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y ]]
    + check_free_storage 2048
    + local space=2048
    + local sophos_install=/opt/sophos-spl
    + [[ /opt/sophos-spl = /* ]]
    + local install_path=/opt
    + [[ ! -d /opt ]]
    ++ df -kP /opt
    ++ awk '{print $4}'
    ++ sed -e 1d
    + local free=62543996
    ++ df -kP /opt
    ++ awk '{print $6}'
    ++ sed -e 1d
    + local mountpoint=/
    + local free_mb
    + free_mb=61078
    + [[ 61078 -gt 2048 ]]
    + return 0
    + check_total_mem 930000
    + local neededMemKiloBytes=930000
    ++ grep MemTotal /proc/meminfo
    ++ awk '{print $2}'
    + local totalMemKiloBytes=4005880
    + '[' 4005880 -gt 930000 ']'
    + return 0
    + check_ca_certs
    + [[ -f /etc/ssl/certs/ca-certificates.crt ]]
    + log_debug 'Installation will use system CA path '\''/etc/ssl/certs/ca-certificates.crt'\'''
    + [[ -n 1 ]]
    + echo 'DEBUG: Installation will use system CA path '\''/etc/ssl/certs/ca-certificates.crt'\'''
    DEBUG: Installation will use system CA path '/etc/ssl/certs/ca-certificates.crt'
    ++ sed -n -e '/^URL=/ s/.*\= *//p' ./SophosSetup.sh
    + CENTRAL_URL=https://mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com/sophos/management/ep
    + [[ '' != \n\o\n\e ]]
    + [[ -n '' ]]
    ++ sed -n -e '/^MESSAGE_RELAYS=[^$]/ s/.*\= *//p' ./SophosSetup.sh
    + message_relays=
    + IFS=';'
    + read -ra message_relay_array
    + [[ '' != \n\o\n\e ]]
    + [[ -n '' ]]
    ++ sed -n -e '/^UPDATE_CACHES=[^$]/ s/.*\= *//p' ./SophosSetup.sh
    + update_caches=
    + IFS=';'
    + read -ra update_cache_array
    ++ sed -n -e '/^SDDS3_SUS_URL=/ s/.*\= *//p' ./SophosSetup.sh
    + EXTRACTED_SUS_URL=sus.sophosupd.com
    + [[ sus.sophosupd.com != '' ]]
    + [[ sus.sophosupd.com != https://* ]]
    + EXTRACTED_SUS_URL=https://sus.sophosupd.com
    ++ sed -n -e '/^SDDS3_CONTENT_URLS=[^$]/ s/.*\= *//p' ./SophosSetup.sh
    + cdn_urls='sdds3.sophosupd.com;sdds3.sophosupd.net'
    + IFS=';'
    + read -ra cdn_urls_array
    + for cdn_url in "${cdn_urls_array[@]}"
    + [[ sdds3.sophosupd.com != https://* ]]
    + cdn_url=https://sdds3.sophosupd.com
    + EXTRACTED_CDN_URLS+=("${cdn_url%%,*}")
    + for cdn_url in "${cdn_urls_array[@]}"
    + [[ sdds3.sophosupd.net != https://* ]]
    + cdn_url=https://sdds3.sophosupd.net
    + EXTRACTED_CDN_URLS+=("${cdn_url%%,*}")
    + verify_network_connections '' '' 'https://sdds3.sophosupd.com https://sdds3.sophosupd.net' https://sus.sophosupd.com
    + IFS=' '
    + read -ra MESSAGE_RELAYS
    + IFS=' '
    + read -ra UPDATE_CACHES
    + IFS=' '
    + read -ra cdn_urls_arg
    + sus_url_arg=https://sus.sophosupd.com
    + [[ 0 != 0 ]]
    + local curl_output
    + [[ -n '' ]]
    + [[ -n '' ]]
    + [[ -n '' ]]
    + log_info 'Verifying connections to Sophos Central'
    + echo 'INFO: Verifying connections to Sophos Central'
    INFO: Verifying connections to Sophos Central
    + verify_connection_to_central
    + local proxy=
    + local curl_output
    + [[ -z '' ]]
    ++ curl --tlsv1.2 --noproxy '*' -k -is https://mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com/sophos/management/ep -m 60 -v
    + curl_output='*   Trying 52.17.208.8:443...
    * Connected to mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com (52.17.208.8) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * TLSv1.0 (OUT), TLS header, Certificate Status (22):
    } [5 bytes data]
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [122 bytes data]
    * TLSv1.2 (IN), TLS header, Finished (20):
    { [5 bytes data]
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    { [10 bytes data]
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    { [2741 bytes data]
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, CERT verify (15):
    { [264 bytes data]
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, Finished (20):
    { [36 bytes data]
    * TLSv1.2 (OUT), TLS header, Finished (20):
    } [5 bytes data]
    * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    } [1 bytes data]
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    } [5 bytes data]
    * TLSv1.3 (OUT), TLS handshake, Finished (20):
    } [36 bytes data]
    * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *  subject: CN=mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com; ST=Oxfordshire; C=GB; O=Sophos Ltd.; OU=SaaS
    *  start date: Dec 20 11:53:14 2023 GMT
    *  expire date: Feb  1 11:53:14 2025 GMT
    *  issuer: CN=Sophos SHA256 MCS Root CA3; emailAddress=sophosca@sophos.com; ST=Oxfordshire; C=UK; O=Sophos Ltd
    *  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
    * TLSv1.2 (OUT), TLS header, Supplemental data (23):
    } [5 bytes data]
    > GET /sophos/management/ep HTTP/1.1
    > Host: mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com
    > User-Agent: curl/7.81.0
    > Accept: */*
    > 
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
    * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [124 bytes data]
    * TLSv1.2 (IN), TLS header, Supplemental data (23):
    { [5 bytes data]
    * Mark bundle as not supporting multiuse
    < HTTP/1.1 200 
    < Date: Wed, 21 Feb 2024 09:08:50 GMT
    < Content-Type: application/xml;charset=ISO-8859-1
    < Content-Length: 168
    < Connection: keep-alive
    < Content-Language: en-US
    < Server: -
    < 
    { [168 bytes data]
    * Connection #0 to host mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com left intact
    HTTP/1.1 200 
    Date: Wed, 21 Feb 2024 09:08:50 GMT
    Content-Type: application/xml;charset=ISO-8859-1
    Content-Length: 168
    Connection: keep-alive
    Content-Language: en-US
    Server: -
    
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ns:server schemaVersion="1.0" preferredProtocolVersion="1.0" xmlns:ns="http://www.sophos.com/xml/mcs/server"/>'
    + curl_exitcode=0
    + [[ 0 == 0 ]]
    + VALID_CENTRAL_CONNECTION=1
    + log_info 'Server can connect to Sophos Central directly'
    + echo 'INFO: Server can connect to Sophos Central directly'
    INFO: Server can connect to Sophos Central directly
    + [[ -n '' ]]
    + [[ 1 == 0 ]]
    + log_info 'Verifying connections to Sophos Update Service (SUS) server'
    + echo 'INFO: Verifying connections to Sophos Update Service (SUS) server'
    INFO: Verifying connections to Sophos Update Service (SUS) server
    + [[ -n '' ]]
    + [[ -n https://sus.sophosupd.com ]]
    + SUS_URL=https://sus.sophosupd.com
    + log_debug 'Using SUS URL from Central'
    + [[ -n 1 ]]
    + echo 'DEBUG: Using SUS URL from Central'
    DEBUG: Using SUS URL from Central
    + verify_connection_to_sus
    + local proxy=
    + local curl_output
    + [[ -z '' ]]
    ++ curl --tlsv1.2 --noproxy '*' -is https://sus.sophosupd.com -m 60 -v
    + curl_output='*   Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0'
    + curl_exitcode=77
    + [[ 77 == 0 ]]
    + log_warn 'Server cannot connect to the SUS server (https://sus.sophosupd.com) directly'
    + COMPATIBILITY_WARNING_FOUND=1
    + echo 'WARN: Server cannot connect to the SUS server (https://sus.sophosupd.com) directly'
    WARN: Server cannot connect to the SUS server (https://sus.sophosupd.com) directly
    + curl_debug '*   Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0'
    + local curl_output
    + curl_output='*   Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0'
    + log_debug 'See curl output for more detail:'
    + [[ -n 1 ]]
    + echo 'DEBUG: See curl output for more detail:'
    DEBUG: See curl output for more detail:
    + log_debug '*   Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0'
    + [[ -n 1 ]]
    + echo 'DEBUG: *   Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0'
    DEBUG: *   Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0
    + [[ -n '' ]]
    + [[ 0 == 0 ]]
    + log_error 'SPL installation will fail as a connection to the SUS server could not be established'
    + COMPATIBILITY_ERROR_FOUND=1
    + echo 'ERROR: SPL installation will fail as a connection to the SUS server could not be established'
    ERROR: SPL installation will fail as a connection to the SUS server could not be established
    + log_info 'Verifying connections to the CDN server'
    + echo 'INFO: Verifying connections to the CDN server'
    INFO: Verifying connections to the CDN server
    + [[ -n '' ]]
    + [[ 2 != 0 ]]
    + CDN_URLS=("${cdn_urls_arg[@]}")
    + log_debug 'Using CDN URLs from Central'
    + [[ -n 1 ]]
    + echo 'DEBUG: Using CDN URLs from Central'
    DEBUG: Using CDN URLs from Central
    + CDN_URL=
    + for url in "${CDN_URLS[@]}"
    + curl --tlsv1.2 --noproxy '*' -is https://sdds3.sophosupd.com -m 60
    + log_debug 'Server cannot connect to CDN address (https://sdds3.sophosupd.com) directly'
    + [[ -n 1 ]]
    + echo 'DEBUG: Server cannot connect to CDN address (https://sdds3.sophosupd.com) directly'
    DEBUG: Server cannot connect to CDN address (https://sdds3.sophosupd.com) directly
    + for url in "${CDN_URLS[@]}"
    + curl --tlsv1.2 --noproxy '*' -is https://sdds3.sophosupd.net -m 60
    + log_debug 'Server cannot connect to CDN address (https://sdds3.sophosupd.net) directly'
    + [[ -n 1 ]]
    + echo 'DEBUG: Server cannot connect to CDN address (https://sdds3.sophosupd.net) directly'
    DEBUG: Server cannot connect to CDN address (https://sdds3.sophosupd.net) directly
    + [[ -z '' ]]
    + [[ -z '' ]]
    + [[ '' == 1 ]]
    + log_error 'SPL installation will fail as a connection to a CDN server could not be established'
    + COMPATIBILITY_ERROR_FOUND=1
    + echo 'ERROR: SPL installation will fail as a connection to a CDN server could not be established'
    ERROR: SPL installation will fail as a connection to a CDN server could not be established
    + [[ -n '' ]]
    + [[ 0 == 0 ]]
    + [[ '' == 0 ]]
    + [[ -n 1 ]]
    + failure 33 'SPL cannot be installed on this system, the pre-installation checks found some critical issues. Please review the logs and address the issues before attempting to reinstall'
    + code=33
    + removeinstall=1
    + [[ -n '' ]]
    + [[ 0 == 0 ]]
    + removeinstall=0
    + echo 'SPL cannot be installed on this system, the pre-installation checks found some critical issues. Please review the logs and address the issues before attempting to reinstall'
    SPL cannot be installed on this system, the pre-installation checks found some critical issues. Please review the logs and address the issues before attempting to reinstall
    + [[ -s /logs/base/suldownloader.log ]]
    + [[ 0 -eq 1 ]]
    + cleanup_and_exit 33
    + code=33
    + [[ 33 -eq 0 ]]
    + exit 33
    

  • I can see a few different errors related to reaching our updating servers. 

    + VALID_CENTRAL_CONNECTION=1
    + log_info 'Server can connect to Sophos Central directly'
    + echo 'INFO: Server can connect to Sophos Central directly'
    INFO: Server can connect to Sophos Central directly

    'WARN: Server cannot connect to the SUS server (https://sus.sophosupd.com) directly'

    'Server cannot connect to CDN address (https://sdds3.sophosupd.com) directly'


    Can you confirm that the domains and ports mentioned in the following kba are whitelisted on the network? 
    - Domains and ports to allow

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi  

    Adding more info to the log findings.

    ++ curl --tlsv1.2 --noproxy '*' -is https://sus.sophosupd.com -m 60 -v
    + curl_output='* Trying 52.49.54.101:443...
    * Connected to sus.sophosupd.com (52.49.54.101) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * error setting certificate file: /home/forge/.ssl/cacert.pem
    * Closing connection 0'
    + curl_exitcode=77
    + [[ 77 == 0 ]]
    + failure 33 'SPL cannot be installed on this system, the pre-installation checks found some critical issues. Please review the logs and address the issues before attempting to reinstall'
    + code=33

    Based on the information provided in the logs, it appears that the issue is indeed related to permissions. The connection to the sus server is succeeding, but there's a failure when attempting to set the certificate file at the specified location /home/forge/.ssl/cacert.pem. The error code 33 suggests a permissions issue.

    To resolve this issue, ensure that the user executing the installer has the necessary permissions (read, write, and execute) for the certificate location.

    After adjusting the permissions, retry the installation. Thank You. 

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer