This article covers the Root Cause Analysis (RCA) for the MSP licensing issues in Sophos UTM Manager (SUM) that occurred on September 30, 2018. The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM Manager (SUM) used for MSP V2 Licensing of Sophos UTM devices
Sophos’ security certificate controlling the license refresh mechanism of SUM MSP expired on June 12, 2018. Sophos renewed the certificate on June 6, 2018 prior to expiration. The new certificate was required to refresh licenses from June 12 onward. Activation of the new certificate required re-authentication of the SUM instance. In cases where re-authentication did not occur, the UTM licenses expired on September 30, 2018. When the UTM licenses expired it was no longer possible for an Admin to log into individual UTM devices to make any changes to UTM configuration, security updates were no longer received and certain features such as VPN were no longer available.
The issue was caused by the lack of re-authentication of the SUM. Sophos did not adequately communicate the need for re-authentication to potentially affected MSPs.
When the issue was identified, a Knowledge Base article and Community post were published describing the steps to resolve the issue by logging into each SUM and re-authenticating using myUTM credentials. Sophos Support sent out an SMS to all partners and customers subscribed to the Sophos Mobile Notification service. In addition, Sophos sent a critical communication email to all MSP partners to make them aware of the issue and how to resolve it.
No. There are several reasons why the same problem will not be experienced by MSP Flex partners using XG:
We understand that you have put trust in us to keep the Sophos products and we take that responsibility seriously. If your system was affected by an expired MSP license, we apologize for the impact to you and your business.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.