This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update failing with multiple errors

Hello,

I am facing serious issue with Sophos support. We have 1000+ machines with different errors are failing updates.

Below the errors are listed. Please advise if someone can help in this.

1.    Failed to install Sophos System Protection: Error code 80070643 [0x00000067]
2.    Failed to install SAVXP: The MSI has failed [0x00000067]
3.    Failed to install SAVXP: A previous version could not be uninstalled [0x00000067]
4.    ERROR: Could not find a source for updated packages [0x00000071]
5.    Updating failed because no update source has been specified [0x0000006e]

Would highly appreciate if you please help on this issue.

Thanks

Regards

Faisal



This thread was automatically locked due to age.
  • Hello Faisal,

    these are quite different errors, basic articles exist which should get you started and/or help you to group different errors and create an individual post for each group. Otherwise a thread can get very convoluted. So, in the future please .... Thanks.

    Anyway, 1.-3. are installation errors, the relevant logs are in %windir%\Temp\, the naming should be obvious. Please see this article for troubleshooting MSI logs. A possible reason for 3. is that the cached installer file (xxxxxx.msi in %windir%\Installer\) has disappeared for some reason. In the Uninstall log you see which version (most likely 10.7.2) should be uninstalled. The solution is to copy the 10.7.2 Sophos Anti-Virus.msi to the installer cache with the sought for name.

    4. is normally temporary, happens when AutoUpdate starts its cycle but the network connection is not yet fully up, should clear after the next update attempt

    5. this is a weird one, especially when the endpoint shows the correct location(s) in the console; some infrastructure (internal Sophos communication) error on the endpoint; reinstalling is perhaps the fastest method to solve it

    Christian

  • Hello Faisal,

    I'm facing a similar issue that started a few days ago. In my case the SophosUpdateMgr account kept locking out for no reason, since the password hasn't been changed and neither it was updated via the Enterprise Console. 

    I've contacted support aswell and they suggested to change the account to a new one, which we did, and begin working on fixing machines individually. Apart from the huge issue this is causing to us we also found ourselves unable to install or update Sophos on our devices, since the installations stops after Auto Update component is installed. On the update status screen it is stuck on Package 3 of 6

    The weird thing is that even this new account was locked out after I updated my Update Policy from the Enterprise Console.

    Did you experience account lockout?

  • Hello Mateusz Kapusta,

    if you've never changed the password for the SophosUpdateMgr account a lockout shouldn't happen (unless a local admin finds out how to unlock the local Configure updating and changes the password there - but why should someone do this). If you ever changed the password it could be an old device coming back to live, especially if RMS on it is too old to establish communication.

    fixing machines individually
    shouldn't be necessary if they are managed. You create the account, amend the updating policies accordingly, endpoints will receive and apply the policy and start using the new account. There's no need to touch any managed endpoint individually.

    it is stuck
    it should eventually fail. But in another recent thread there's a report of updates getting stuck when the latest version is used. Can't say what the cause could be and as I've said there I haven't encountered this issue. BTW - how do you install? Manually on the endpoint, or?

    even this new account was locked out
    perhaps far-fetched but if de-obfuscation gets it wrong (any "special" special characters - accented or otherwise non-basic-ASCII - in the password?) this could happen. The Windows Security Event log should show the endpoint(s) causing it when Account Logon failure auditing is enabled.

    Christian

  • QC said:

    Hello Mateusz Kapusta,

    if you've never changed the password for the SophosUpdateMgr account a lockout shouldn't happen (unless a local admin finds out how to unlock the local Configure updating and changes the password there - but why should someone do this). If you ever changed the password it could be an old device coming back to live, especially if RMS on it is too old to establish communication.

    Hi Christian,

    the password has never been changed as I stated above so this reason can be safely ruled out.

    QC said:

    fixing machines individually
    shouldn't be necessary if they are managed. You create the account, amend the updating policies accordingly, endpoints will receive and apply the policy and start using the new account. There's no need to touch any managed endpoint individually.

    I'll keep this in mind.

    QC said:
    it is stuck
    it should eventually fail. But in another recent thread there's a report of updates getting stuck when the latest version is used. Can't say what the cause could be and as I've said there I haven't encountered this issue. BTW - how do you install? Manually on the endpoint, or?

    This is actually very interesting, it is the same identical issue I ran into during installation on my machines, which I perform via Enterprise Console. Do you think I can delete SAVSCFXP folder, can I force the rebuilding process with a command?

    QC said:

    even this new account was locked out
    perhaps far-fetched but if de-obfuscation gets it wrong (any "special" special characters - accented or otherwise non-basic-ASCII - in the password?) this could happen. The Windows Security Event log should show the endpoint(s) causing it when Account Logon failure auditing is

    I had experienced this with a firewall I had recently, and because of that I used only alphanumerical characters in my password, so I would rule that out.