The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
After deploying a UTM managed endpoint, the Sophos Endpoint Security and Control fails to update.The primary update location details (Open Sophos Endpoint Security and Control, click on 'Configure Updating') shows no configured address or username/password details.
The Sophos AutoUpdate log may show the following:
Sophos AutoUpdate could not continue because no valid locations were defined.
The MCSClient.log shows the following warning:
OutboundDataHandler::SendingDelayExpired An exception was caught while sending data: There is no preferred server.
You may also see messages such as:
INFO HttpServer::HttpEventCallback The HTTP request completed with status 0. INFO CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 0. WARN CommandHandler::HttpCallback 3000: An HTTP transaction was not completed.
You may also see the following error reported in the 'Sophos Endpoint Bootstrap_yyyymmddhhmmss.txt' (located in %temp%):
ERROR,There was an unexpected problem with the installation of Sophos Endpoint Security and Control. Details: The MCS endpoint failed to register with the server Information,------------------Installation program finishing with code 136 ------------------,
First seen in UTM Managed Endpoint (Windows 2000+)
During the installation of the Sophos Endpoint software the Sophos Management Communication System (MCS) will attempt to register with Sophos Live Connect to obtain the update source and credentials required. The symptoms and behavior described above indicate that this registration process has not completed successfully.
As there are multiple possible reasons for the registration failure, the following steps should help to resolve the issue.
First we need to establish which Sophos Live Connect address the endpoint is trying to connect to and whether the computer can access this location. To identify the address check the config.xml located in the following location:
Open the config.xml with notepad and verify the server address listed. The address will look something like: https://mcs1.b68d.broker.sophos.com (You can ignore the part that reads /sophos/management/ep/.)
We need to confirm whether the endpoint can access the address listed in the config.xml by checking following:
telnet mcs1.b68d.broker.sophos.com 443
Ensure no explicit proxy is configured in the system proxy settings as MCS is not compatible with non-transparent proxies. As such UTM managed endpoints will need to use either a transparent proxy or be able to connect to the internet without the use of a proxy. See 'Technical Information' below for further details. MCS uses the system specified proxy (as opposed to the proxy configured in Internet Options or browser settings, as these are user specific). Check the system specified proxy using the method described below to confirm that it gives the expected result.
Check any system specified proxy by running the following from a command prompt:
netsh winhttp show proxy
This command should return a message stating: Direct Access (no proxy server)
Direct Access (no proxy server)
UTM v9.1 will contain a new Managed Endpoint Installer which will support automatic proxy detection and manual proxy settings. Digest and NTLM authentication methods will be supported with the manual proxy settings. Changes for proxy detection are planned for UTM v9.0 Managed Endpoints, which will be available in a future release.
If you are still experiencing issues after following the above contact support for further assistance.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.