This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem on installing Sophos central client

Hello,

i'm installing the sophos central antivirus on about 20 Clients.

On some oh these, the installation failed saying "Installation is almost Complete"

But i notice that on these clients there are not some Sophos Services that instead regularly present on the others clients.

For instance, the "sophos Antivirus" service is missing.

 

We tried to reinstall many times, also with a unfiltered internet connection. The result is always the same.

 

Can You help us? 



This thread was automatically locked due to age.
Parents Reply
  • From that I can see that:

    1. You are using the US region to store data.  There was a problem with that very recently, which is highly likely to be related to the issue you are seeing.

    In the current log it started at:

    2017-07-15T08:27:03.630Z [ 2892] INFO GET dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/.../b0656ef9-cf43-047b-7a0e-ed4d61d2931e

    2. The endpoint has registered as it has a machine ID.  This is in the above URL, 6065...

    3. There was an updating policy advertised and obtained (a long time after):

    2017-07-15T23:34:17.796Z [ 2892] INFO GET dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/.../policy/application/ALC/34bd06af2c76b48a0d8fc02a09431dd6f34799bde0438baf85140c15e7c3f22a

    2017-07-15T23:34:18.342Z [ 2892] INFO 200 OK: sent=0 rcvd=7400 elapsed=537ms
    2017-07-15T23:34:18.342Z [ 2892] INFO ALC policy queued -> 20170715233418-0002-policy-ALC.xml
    2017-07-15T23:34:18.358Z [ 2892] INFO DELETE dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/.../commands/endpoint/b0656ef9-cf43-047b-7a0e-ed4d61d2931e/32
    2017-07-15T23:34:18.545Z [ 2892] INFO 200 OK: sent=0 rcvd=0 elapsed=186ms
    2017-07-15T23:34:31.899Z [ 2892] INFO POST dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/.../events/endpoint/b0656ef9-cf43-047b-7a0e-ed4d61d2931e
    2017-07-15T23:34:32.382Z [ 2892] INFO 200 OK: sent=1039 rcvd=0 elapsed=483ms
    2017-07-15T23:34:32.382Z [ 2892] INFO ALC event processed <- 20170715233430-011d-event-ALC.xml
    2017-07-15T23:35:07.155Z [ 2892] INFO GET dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/.../b0656ef9-cf43-047b-7a0e-ed4d61d2931e
    2017-07-15T23:35:07.903Z [ 2892] INFO 200 OK: sent=0 rcvd=140 elapsed=758ms
    2017-07-15T23:35:19.432Z [ 2892] INFO PUT dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443/.../statuses/endpoint/b0656ef9-cf43-047b-7a0e-ed4d61d2931e
    2017-07-15T23:35:19.822Z [ 2892] INFO 200 OK: sent=4940 rcvd=0 elapsed=388ms
    2017-07-15T23:35:19.822Z [ 2892] INFO ALC status processed <- 20170715233419-011c-status-ALC.xml
    ....

    So to me it looks like the client did receive an updating policy.

    It might be worth a look in the SophosUpdate.log file now (\programdata\sophos\autoupdate\logs\). This will show the username has been received as it is logged on each update attempt.  You can then see the update sequence and install sequence of the products.

    It seems like you were affected by the NA region problems but I would think it would auto recover now that it has an updating policy.

    Regards,
    Jak

Children