I'm in the middle of migrating all of our endpoints to Sophos Cloud using the Migration Tool with 1000+ machines left to migrate. Yesterday around 1pm EST I was kicked out of the tool and now it will no longer allow me to log in. What changed in yesterday's update to the website that is preventing login? I cannot get into the migration tool, or into the sophos cloud website. The server running SEC is 2003 R2 SP2 and we cannot seem to hit the website from any server running that flavor of OS now.
HI RoSt ,
It seems there was a issue with the authentication on Sophos Central and we apologize for such inconvenience, I would advice you raise a Service request and please private message me the SR ID.
Thanks and Regards
Aditya Patel | Network and Security Engineer.
Regards,
Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
We have had this issue as well since about the same time. I have raised a support ticket, ID is #6567412
HI CharlesRayer ,
The service request was raised today .Allow the engineer to contact you . We shall monitor this case.
Thanks and Regards
Aditya Patel
Regards,
Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
After running Wireshark and looking at the logs I found the issue. When Sophos updated their cloud site they disabled support for TLS 1.0 which is the only version 2003 R2 and XP support with IE8 installed. They said they are supporting XP through Dec, and 2003 R2 until Feb, so I guess someone dropped the ball. Until they fix it on their end there isn't much you can do.
Our on premise license expired today, so rather then wait for them I'm going to stand up a new 2008 R2 VM, migrate the db and certificates to that, and install SEC. Once that is done I should be able to resume the migration.
All this work will probably take less time then them getting around to enabling TLS 1.0 again.
Another solution... which is what we are doing now instead of dealing with the hassle of moving SEC to a new server, is to go into IE and adjust the proxy to point to a proxy server that can handle the TLS ciphers for the 2003 server. My network guy installed Fiddler Proxy on a 2008 R2 server and as soon as I adjusted the settings in IE and added a cert to trust the proxy server I was up and running again. Took about 15-20 minutes.
I tried this but the Migration Tool came up saying that it does not trust the Sophos certificate presented to it...
I did trust it through the browser and checked the cert stores locally
For anyone else that has this issue follow the below to resolve this issue. This only applies to Server 2003 environments at this stage.