Thread Info
  • Locked Locked
  • Replies 296 replies
  • Subscribers 52 subscribers
  • Views 743144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

Bianson

**Update 9** Root cause analysis KBA has been published: see knowledge base article for the latest.

**Update 8** As part of a routine database maintenance task customers may notice a few intermittent install and policy rendering failures. Please retry before contacting support. 7/17/2017 8:00 AM PST

**UPDATE 7** Some customers may notice a few intermittent install failures, please retry before contacting Sophos Support. 7/14/2017 2:00 PM PST

**UPDATE 6** Installations are being processed normally, service is restored. Please re-download installer from Central. 7/14/2017 9:00 AM PST

**UPDATE 5** Installations are now working as of July 13, 2017 19:00 UTC-5. See knowledge base article for the latest.

**UPDATE 4** New installs likely to still fail. http://centralstatus.sophos.com/#!/ has latest update. 

**UPDATE 3** System is now processing backlogs. Please see last updates here.

**UPDATE 2** Issue is ongoing, apologies. Impacts all areas within Central that rely on MCS communication between client and Central. 7/13/2017 8:00 AM PST

**UPDATE** Development has identified root cause and is working on a fix. 

Hello,

We are seeing delays with policy changes and enforcement in Sophos Central (US-West region) as well as installation failures due to inability of new endpoint installations to initially register. Our engineers are working to restore latency. Please note your endpoints remain protected. Updates will be provided on this thread.

KBA: https://community.sophos.com/kb/en-us/126477

Thank you,

Bob



This thread was automatically locked due to age.
Parents

  • Why am I seeing the "One or more Sophos services are missing or not running" error message so often now?  I would really like a reason for this. 

    Is this message accurate? and if so, why are these services 'missing or not running'? I've checked on occasion and services 'appear' to be running.

     

     

     

Reply

  • Why am I seeing the "One or more Sophos services are missing or not running" error message so often now?  I would really like a reason for this. 

    Is this message accurate? and if so, why are these services 'missing or not running'? I've checked on occasion and services 'appear' to be running.

     

     

     

Children
  • in reply to LRB

    I've been dealing with the same alerts for the past three months now. Finally got escalated to the global support team of five people. Short answer, after giving them 5 more SDU logs they can't figure it out but see it has something to do with Tamper Protection. They've passed my problem along to the Dev team two days ago and I've gotten no update.

    I've been sent this KB article three times now about my problem, which it will fix this temporarily. Attaching so you all can facepalm with me on the two options they lay out. (http://sophos.com/kb/121905)

     

    Quote:

    What To Do

    Sophos Anti-Virus version 10.6.3 contains a fix to prevent this issue occurring on subsequent upgrades. However, as this issue can still occur on upgrades to 10.6.2 there are two available options:

    1. Recommended: Using the commands provided below manually correct the issue to enhance protection for your users.  You will be best protected with this option but manual intervention is required.
    2. Accept that web browser protection will be non-functional. Your endpoints will still be protected by all other functions and features of Sophos Anti-Virus - such as on-access and on-demand - except for web browser protection.  We do not recommend this option because you are not best protected.

     

    Thank you Sophos for giving me the options:

    Option A) Continued manual intervention and get over it.

    Option B) Get over it.

  • in reply to Trevor Karppi

    /facepalm

    I've actually seen this KB before - as I was so very lucky to have rolled out on a version before 10.6.3, which meant that the web control service then started failing on various machines, meaning I had to do a reinstall (which did actually fix the problem, so not sure why that wasn't option 1 in the KB). Fun times!

    However, this KB article is specific to the the web control service on agents installed before 10.6.3 only. It literally has nothing to with the current "one service is missing or not running" error, so I have no idea why support would keep sending you this link. (I am no way surprised that they are though). 

     I just want a fix. 

  • in reply to LRB

    Nope it applies to us even though company wide we are on 10.7.3. I can't agree more...

     

    I just want a fix.

  • in reply to LRB

    Lance, if you go into services on your Windows machine, you will probably find that the Sophos Antivirus service has disappeared (90% of this issue) - or that all the Sophos services have been set to disabled , but you can't set them to manual or automatic (you get a denied message) even if you are an admin on the box. You can't uninstall as tamper protection is enabled but you can't update the machines policy to disable tamper protection because it won't connect to the cloud to update the policies, which don't work all the well even when all the services are enabled and not missing

  • in reply to Fergieman

    There is a published article for getting around tamper protection when the machine is offline. Safe mode, couple of registry changes, bam.

     

    But I agree there's definitely pain when the client gets into a bad place and you can neither re-install or uninstall. We gave up working with support and re-imaged.

     

    Also, just took 48 hours for an encryption policy to push to a few machines. We're now reviewing Symantec's end point products. Their end point product may not be great but we've found their support (we use other Symantec products) at least acknowledges when there is a problem. And their Senior Vice President doesn't promise a root cause analysis then never delivers.

  • in reply to Christopher Curwood

    Can't login to Central... anyone else?

  • in reply to Jan Vincent Agay

    Up for me.

    Just a reminder for anyone still subscribed, it's been 3 months since Michael Anderson posted here stating they 'heard us' and will share the root cause analysis with everyone once they know it's been permanently fixed. After 3 times via email telling me it was mere days away from being posted, he is no longer replying to my emails.

    We're evaluating Symantec now.

  • in reply to Sure Win

    Why did this take until October 13th to be released when the issue was in first noted in July?

    in the KB it was said: "We have conducted a detailed review of the incident and have created a plan to improve operations and prevent this kind of issue in the future." Can you detail out to us the plan to improve your operations and how you're going to prevent this kind of issue in the future?

  • in reply to Trevor Karppi

    Hi Trevor,

    It might be more fruitful if you post this question directly to the thread: https://community.sophos.com/products/sophos-central/f/sophos-central/96889/rca-for-sophos-central-incident---late-july-early-august

    This is supervised by the Central Product Manager and can lead to a faster response to your inquiry.

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Unfiltered HTML