Thread Info
  • State Not Answered
  • Replies 4 replies
  • Subscribers 15 subscribers
  • Views 239 views
  • Users 0 members are here
Options
Suggested

Cannot install Intercept X: "Failed to download the installer"

alan weir

I've purchased Intercept X with XDR. and after I insert the license key into Sophos Central and download the installer tool, I try to install it, and am greeted with an error window telling me I cannot install:

And this is the logfile:

2025-01-10T02:20:47.2057441Z INFO : Running C:\\Users\\User\\AppData\\Local\\Temp\\SophosSetup-40861348\\Setup.exe
2025-01-10T02:20:47.2057441Z INFO : Stage 1 command-line options:
2025-01-10T02:20:47.2057441Z INFO : ---
2025-01-10T02:20:47.2057441Z INFO : Quiet mode on: 0
2025-01-10T02:20:47.2057441Z INFO : Bypass ownership check: 0
2025-01-10T02:20:47.2057441Z INFO : Bypass ACS check: 0
2025-01-10T02:20:47.2057441Z INFO : Automatic Proxy detection disabled: 0
2025-01-10T02:20:47.2057441Z INFO : No feedback mode on: 0
2025-01-10T02:20:47.2057441Z INFO : Dump feedback enabled: 0
2025-01-10T02:20:47.2057441Z INFO : Bypass competitor removal: 0
2025-01-10T02:20:47.2057441Z INFO : Using CRT catalog file path: --
2025-01-10T02:20:47.2067439Z INFO : Re-register installed endpoint with Central: 0
2025-01-10T02:20:47.2067439Z INFO : Log messages between endpoint and Central: 0
2025-01-10T02:20:47.2067439Z INFO : Log command-line passed to executables: 0
2025-01-10T02:20:47.2067439Z INFO : Using custom server that hosts the installer stage2 filename: --
2025-01-10T02:20:47.2067439Z INFO : Using cloud group: --
2025-01-10T02:20:47.2067439Z INFO : Overriding computer name: --
2025-01-10T02:20:47.2067439Z INFO : Overriding computer description: --
2025-01-10T02:20:47.2067439Z INFO : Overriding domain name: --
2025-01-10T02:20:47.2067439Z INFO : Language will be set to: --
2025-01-10T02:20:47.2067439Z INFO : Using message relays: --
2025-01-10T02:20:47.2077428Z INFO : Proxy address: --
2025-01-10T02:20:47.2077428Z INFO : Proxy user name: --
2025-01-10T02:20:47.2077428Z INFO : Using custom customer token: --
2025-01-10T02:20:47.2077428Z INFO : Using specified products: --
2025-01-10T02:20:47.2077428Z INFO : Using certificates from the program data folder: 0
2025-01-10T02:20:47.2077428Z INFO : Setting non-persistent image: 0
2025-01-10T02:20:47.2077428Z INFO : Setting gold image: 0
2025-01-10T02:20:47.2077428Z INFO : MCS registration timeout for golden image: --
2025-01-10T02:20:47.2077428Z INFO : Setting notification mode: 0
2025-01-10T02:20:47.2077428Z INFO : Using custom customer ID: --
2025-01-10T02:20:47.2077428Z INFO : Using specified user ID: --
2025-01-10T02:20:47.2077428Z INFO : Using local install source: --
2025-01-10T02:20:47.2077428Z INFO : ---
2025-01-10T02:20:47.2087434Z INFO : Detected architecture: 2
2025-01-10T02:20:47.2087434Z INFO : Using x86 program files for stage 2
2025-01-10T02:20:47.2087434Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
2025-01-10T02:20:47.2377421Z INFO : About to delete: C:\\Program Files (x86)\\Sophos\\CloudInstaller
2025-01-10T02:20:47.2377421Z INFO : Folder not present, nothing to delete
2025-01-10T02:20:47.2377421Z INFO : Running on x64, requesting x86 Stage2
2025-01-10T02:20:47.2377421Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/d44b3d5a-896c-4d14-9737-880e5a09ebba
2025-01-10T02:20:47.2407432Z INFO : Did not discover an URL for a PAC file
2025-01-10T02:20:47.2417437Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2025-01-10T02:20:47.2417437Z INFO : Set security protocol: 00000800
2025-01-10T02:20:47.2417437Z INFO : Opening connection to api-cloudstation-us-east-2.prod.hydra.sophos.com
2025-01-10T02:20:47.2417437Z INFO : Request content size: 31
2025-01-10T02:20:47.3097430Z ERROR : WinHttpSendRequest failed with error 12029
2025-01-10T02:20:47.3097430Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
2025-01-10T02:20:47.3097430Z INFO : Cleaning up extracted files
2025-01-10T02:20:47.3097430Z ERROR : Error downloading/running stage 2: Failed to get stage-2 info: Failed to connect with any proxy
2025-01-10T02:21:06.9307418Z INFO : FindMainWindow: pid=0


My system: Windows 11 Pro 23H2

Parents
  • 0

    The WinHTTP Library is getting error ERROR_WINHTTP_CANNOT_CONNECT (12029) trying to connect to the server.

    If you run Wireshark or some sort of tool to view process TCP connection, I assume it will be a syn sent but that's about it.

    You can use the Microsoft-Windows-WebIO trace provider to see what's going on from the application layer using WinHTTP:

    For example, if I just run SophosSetup.exe and check the log I see:

    2025-01-11T19:40:42.8320910Z INFO : Running on x64, requesting x86 Stage2
    2025-01-11T19:40:42.8330929Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/2342bfc6-38a8-424f-af6b-xxxxxxxxxxxxx
    2025-01-11T19:40:42.8396391Z INFO : Did not discover an URL for a PAC file
    2025-01-11T19:40:42.8416606Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2025-01-11T19:40:42.8426424Z INFO : Set security protocol: 00000800
    2025-01-11T19:40:42.8436401Z INFO : Opening connection to dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com

    Looking at the Microsoft-Windows-WebIO trace provider info I see, the request at this time:

    00000237 Microsoft-Windows-WebIO 20496 18040 6 0 01\11\2025-19:40:42:857 0x5EFBFE8: WebCreateHttpRequest completed successfully. (Session 0x5F06EE8[0xFE00000720000001]) (Method POST) (URI dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/.../2342bfc6-38a8-424f-af6b-xxxxxxxxxx) (Version 0x1.0x1) -> (Request Handle 0xFF00000630000001)

    So this is the address that is being connected to. Hope it helps

  • 0 in reply to Sophos User930

    I eventually got the installer to work. I was using the AdGuard app which I think was filtering my localhost / LAN connections, acting as a "proxy". Once I removed the app, the Setup installer could grab the Endpoint software from the internet.

Reply Children
No Data
Unfiltered HTML