The command line utility ConfigCID.exe allows the configuration changes contained in endpoint software XML configuration files to be implemented. It is done by modifying the catalog files in your update location (Central Installation Directory, or CID). The endpoints will then update themselves with their new configuration from the XML configuration files.
Sophos AutoUpdate (the updating component of endpoint software) uses catalog files called cidsync.upd to determine which files it should download from an update location (CID). When the XML configuration files (for example, those created with ExportConfig.exe) are added to the update locations, the catalog files must be updated to ensure that the XML files are used. The Using ExportConfig.exe to create XML configuration files describes how to create and where to place configuration XML files.
Applies to the following Sophos products and versions Sophos Update Manager
C:\Program Files\Sophos\Enterprise Console\SUMInstaller\Update Manager
C:\Program Files (x86)\Sophos\Enterprise Console\SUMInstaller\Update Manager
Note: To run the ConfigCID.exe, you must have a write access to the update location and as a local administrator on the management server.
configcid \\[servername]\SophosUpdate\CIDs\S000\SAVSCFXP\ configcid \\[servername]\SophosUpdate\CIDs\S000\OPMHMPA\
To run the ConfigCID.exe on a non-Sophos Management Service PC:
Note: If the CertAuthStore should change on the server with the Sophos Management Service for whatever reason (A clean re-install of Sophos Enterprise Console or a problematic migration), it must also be updated on the computer running ConfigCID.exe.
Before modifying the update location and the catalog files that it contains, ConfigCID.exe performs some checks to ensure this can be done safely. Then ConfigCID.exe adds, removes, or changes the entries in the catalogue files for the xml files. Networked computers will then download the new configuration on their next scheduled update.
The possible errors that you may encounter are the following:
To solve the error, refer to Failed to open catalog when running ConfigCID.exe.
With the release of Sophos Update Manager version 1.4.2, ConfigCID.exe has been updated with a security enhancement ensuring files. The tool must now be run on the server that has the CertAuthStore key. This will be the server with the Sophos Management Service. This key can be imported to another server if required.
In order to update successfully, you must use version 188.8.131.52 (and later) of ConfigCID.exe. From Sophos Auto Update version 2.9.0 (Shipped with 10.2.4 Endpoint package), files that are changed/added to a CID will require a signing. If a signature is missing the update will fail for that package, refer to Endpoints fail to update after adding XML configuration or custom files to the update location (CID) Authentication failed error 00000067.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.