This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to replicate from all update sources

Recently deployed Sophos AV for Linux on a few servers.

Installation goes well following the documentation.

I have created the update sources on our Enterprise Console and downloaded the appropriate installation subscriptions.

When it come to updating from the client it fails with the following:

Downloading sophos.domain.com/.../cidsync.upd
155 bytes downloaded in 0.002091 secs (72.392246 KiB/s)
Failed to replicate from sophos.domain.com/.../savlinux
Failed to replicate from all update sources

Primary update source is sophos.domain.com/.../savlinux and is where it was initially installed from.

Any ideas?



This thread was automatically locked due to age.
Parents
  • Hello Kyle Parrish,

    where it was initially installed from
    indeed or did you mount the smb: share? 155 bytes is much too little - could this be just an error page? Please try to open the file with a browser, it looks like the webserver (which one) doesn't present the file.

    Christian

  • Christian,

    Sorry, I just realized it shortened the URLs in my post.

    The update path is a web page and the update files are indeed there, however, it looks like it is appending an additional "savlinux" directory to the end.

    If I attempt to change this it says the config is locked since it is a CID-based installation.

  • Hello Kyle,

    SEC managed - i.e you specify the path in the console or locally set on the endpoint?

    Christian

Reply Children
  • The path was specified in the policy on SEC.

    http://sophos.domain.com/SophosUpdate/

     

    Once installed, sophos-av looks to

    http://sophos.domain.com/SophosUpdate/CIDs/S000/savlinux

  • Hello Kyle,

    this is correct, IIRC it appends /savlinux and retries when it fails to find the expected files in the specified path. Please access the location with a browser and check if the files can be correctly downloaded. As said, it might be the webserver.

    Christian

  • Christian,

    I have verified that the path is accessible and downloadable...

  • I tried removing the "savlinux" portion of the path via savd.cfg and was able to download the "cidsync.upd" file but then failed at:

    root@###:/opt/sophos-av/bin# ./savupdate
    Downloading http://sophos.###.com/sophosupdate/CIDs/S000/savlinux/cidsync.upd.
    428961 bytes downloaded in 0.037217 secs (10.992024 MiB/s)
    Downloading http://sophos.###.com/sophosupdate/CIDs/S000/savlinux/config/index.spec
    155 bytes downloaded in 0.001581 secs (95.729795 KiB/s)
    Failed to replicate from http://sophos.###.com/sophosupdate/CIDs/S000
    Failed to replicate from all update sources

    There is not a "config" folder or "index.spec" under "Savlinux."

    These files are freshly downloaded from Sophos via SEC...

  • Hello Kyle,

    looks ok. Was the error on your OP the only one or were there perhaps preceding messages (not necessarily errors)?
    Your configuration is correct as far as I can tell, whatever the updater doesn't like should be in the lines preceding the ones you've posted.

    Christian

  • Hello Kyle,

    so ... Downloading sophos. is what the Linux I'm using right now also does. But no additional text, no indication something has been downloaded, and then it tries another file that also doesn't exist. Seems it can deal with a 404 - what does your webserver return when you try to open index.spec?

    Christian

  • Here is the IIS log entry when trying to grab the index.spec. Says "200" but the actual file doesn't exist.

    2017-07-13 14:01:28 172.30.3.165 GET /sophosupdate/CIDs/S000/savlinux/config/index.spec - 80 - 172.30.109.14 <UA+u="None"+c="TSGKYLEUBUNTU01"+a="savlinux"+v="9.13.2"/> 200 0 0 0

    Here is a full update debug log:

    Update to include '*' priority 10
    Update to exclude 'sav-*' priority 20
    Update to exclude 'sdf.xml' priority 20
    Update to include 'sav-linux/licence*' priority 30
    Update to include 'sav-linux/manifest.dat' priority 30
    Update to include 'sav-linux/manifest.spec' priority 30
    Update to include 'sav-linux/cidsync.upd' priority 30
    Update to include 'sav-linux/common/*' priority 30
    Update to include 'sav-linux/x86/*' priority 30
    Update to include 'uncdownload/*' priority 20
    Update to exclude 'talpa/*' priority 20
    Update to include 'talpa/talpa-srcpack.tar.gz' priority 30
    Update to include 'talpa/manifest.dat' priority 30
    Update to include 'talpa/cidsync.upd' priority 30
    Update to include 'talpa/copying' priority 30
    Update to include 'talpa/talpa-ubuntu/combined.tgz' priority 30
    Update to include 'talpa/talpa-ubuntu/talpa-binpack-ubuntu-x86_64-4.4.0-83-generic-106ubuntusmpmonjun26175443utc2017.tar.gz' priority 30
    Update to exclude 'sav-linux/x86/32/*' priority 40
    Update to exclude 'uncdownload/32/*' priority 40
    Updating from sophos.themydomain.com/.../S000
    Reading sophos.themydomain.com/.../cidsync.upd
    Downloading sophos.themydomain.com/.../cidsync.upd
    428961 bytes downloaded in 0.061133 secs (6.691798 MiB/s)
    Reading /opt/sophos-av/update/cache/Primary/cidsync.upd
    Reading /opt/sophos-av/update/cache/Primary/savi/sav/vdlmnfst.dat
    Reading /opt/sophos-av/update/cache/Primary/savi/engine/32/enginemnfst.dat
    Reading /opt/sophos-av/update/cache/Primary/savi/engine/64/enginemnfst.dat
    Reading /opt/sophos-av/update/cache/Primary/sav.dat
    Reading /opt/sophos-av/update/cache/Primary/talpa.dat
    No update from sophos.themydomain.com/.../savlinux
    Reading sophos.themydomain.com/.../index.spec
    Downloading sophos.themydomain.com/.../index.spec
    155 bytes downloaded in 0.002160 secs (70.082791 KiB/s)
    Reading /opt/sophos-av/update/cache/Primary/config/index.spec
    Failed to replicate from sophos.themydomain.com/.../S000

    Failed to replicate from all update sources

  • Hello Kyle,

    Says "200"
    yes, that's the problem. IIS should return a 404 status code, instead it returns success. The updater checks the file, determines that its contents are not what it expected and subsequently fails.
    It's related to the Custom Error Pages, can't say what could be mis-configured though.

    Christian

  • Wow, that is exactly what it was!

    Thank you so much for your assistance with this. It is much appreciated!

    Kyle