This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question on Sophos Cloud Endpoint

We are currently rolling out the Sophos Cloud Endpoint across the business.

Most installs are going ok but some are randomly finishing the install, when it's done, it shows as "Sophos Auto-update is not configured" 

As it's the cloud installer, we don't need to configure the update point. It works as normal for most users but a few are getting this.

It can sort itself by uninstalling and reinstalling which is a bit of a pain, sometimes that may not work either.

Any ideas on what may be happening here?

Cheers

C



This thread was automatically locked due to age.
  • Hi,

    The cloud installer just contains the endpoint components Management Communication System (MCS) and Sophos AutoUpdate (SAU).  

    MCS installs and then SAU.  MCS registers with the Cloud, i.e. the client gets an identity, after which, the client gets the updating policy which gives SAU the credentials it needs to download the other components, which includes SAV, etc..

    If I remember correctly the installer has a timeout. The bootstrap log (%temp%\Sophos Extract Log_[timestamp].txt) can confirm this.  

    In this time it is expected that the client registers with the cloud, gets a policy and downloads and installs the software.  If the timeout is reached, the client software continues to register/download/install, etc.. but there is a message to let you know things are continuing and you can close the installer.

    I would check, the Cloud installer bootstrap log, the MCS client log and the AutoUpdate log to determine what stages it's at and where the time is lost on these installs.

    You should see in the MCS client log: 

    INFO  EndpointIdentity::Register The endpoint identity manager is about to register with the server.

    followed by...

    INFO  EndpointIdentity::PersistIdentity The endpoint registered successfully with the server. The identity is "[guid]".

    At this point the client has been given a unique id by the cloud.  The timestamp of the file:
    C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt
    ...
    will be the same.

    I would next check the Sophos Update trace log (C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log).  There is a line which details the username: This will give you a timestamp when the client has a updating username which has come down through MCS.

    INFO  SDDSDownloader::SyncInternal Username: [updatingusername]

    "C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg" will also have been updated to store the updating credentials.

    From there you should in the SophosUpdate.log, the files being dowloaded and the install phase of each package.

    Regards,

    Jak