Update failing with multiple errors

Hello Faisal,

I'm facing a similar issue that started a few days ago. In my case the SophosUpdateMgr account kept locking out for no reason, since the password hasn't been changed and neither it was updated via the Enterprise Console. 

I've contacted support aswell and they suggested to change the account to a new one, which we did, and begin working on fixing machines individually. Apart from the huge issue this is causing to us we also found ourselves unable to install or update Sophos on our devices, since the installations stops after Auto Update component is installed. On the update status screen it is stuck on Package 3 of 6. 

The weird thing is that even this new account was locked out after I updated my Update Policy from the Enterprise Console.

Did you experience account lockout?

Hello Mateusz Kapusta,

if you've never changed the password for the SophosUpdateMgr account a lockout shouldn't happen (unless a local admin finds out how to unlock the local Configure updating and changes the password there - but why should someone do this). If you ever changed the password it could be an old device coming back to live, especially if RMS on it is too old to establish communication.

fixing machines individually
shouldn't be necessary if they are managed. You create the account, amend the updating policies accordingly, endpoints will receive and apply the policy and start using the new account. There's no need to touch any managed endpoint individually.

it is stuck
it should eventually fail. But in another recent thread there's a report of updates getting stuck when the latest version is used. Can't say what the cause could be and as I've said there I haven't encountered this issue. BTW - how do you install? Manually on the endpoint, or?

even this new account was locked out
perhaps far-fetched but if de-obfuscation gets it wrong (any "special" special characters - accented or otherwise non-basic-ASCII - in the password?) this could happen. The Windows Security Event log should show the endpoint(s) causing it when Account Logon failure auditing is enabled.

Christian

QC said:

Hello Mateusz Kapusta,

if you've never changed the password for the SophosUpdateMgr account a lockout shouldn't happen (unless a local admin finds out how to unlock the local Configure updating and changes the password there - but why should someone do this). If you ever changed the password it could be an old device coming back to live, especially if RMS on it is too old to establish communication.

Hi Christian,

the password has never been changed as I stated above so this reason can be safely ruled out.

QC said:

fixing machines individually
shouldn't be necessary if they are managed. You create the account, amend the updating policies accordingly, endpoints will receive and apply the policy and start using the new account. There's no need to touch any managed endpoint individually.

I'll keep this in mind.

QC said:

it is stuck
it should eventually fail. But in another recent thread there's a report of updates getting stuck when the latest version is used. Can't say what the cause could be and as I've said there I haven't encountered this issue. BTW - how do you install? Manually on the endpoint, or?

This is actually very interesting, it is the same identical issue I ran into during installation on my machines, which I perform via Enterprise Console. Do you think I can delete SAVSCFXP folder, can I force the rebuilding process with a command?

QC said:

even this new account was locked out
perhaps far-fetched but if de-obfuscation gets it wrong (any "special" special characters - accented or otherwise non-basic-ASCII - in the password?) this could happen. The Windows Security Event log should show the endpoint(s) causing it when Account Logon failure auditing is

I had experienced this with a firewall I had recently, and because of that I used only alphanumerical characters in my password, so I would rule that out.

QC said:

Hello Mateusz Kapusta,

if you've never changed the password for the SophosUpdateMgr account a lockout shouldn't happen (unless a local admin finds out how to unlock the local Configure updating and changes the password there - but why should someone do this). If you ever changed the password it could be an old device coming back to live, especially if RMS on it is too old to establish communication.

Hi Christian,

the password has never been changed as I stated above so this reason can be safely ruled out.

QC said:

fixing machines individually
shouldn't be necessary if they are managed. You create the account, amend the updating policies accordingly, endpoints will receive and apply the policy and start using the new account. There's no need to touch any managed endpoint individually.

I'll keep this in mind.

QC said:

it is stuck
it should eventually fail. But in another recent thread there's a report of updates getting stuck when the latest version is used. Can't say what the cause could be and as I've said there I haven't encountered this issue. BTW - how do you install? Manually on the endpoint, or?

This is actually very interesting, it is the same identical issue I ran into during installation on my machines, which I perform via Enterprise Console. Do you think I can delete SAVSCFXP folder, can I force the rebuilding process with a command?

QC said:

even this new account was locked out
perhaps far-fetched but if de-obfuscation gets it wrong (any "special" special characters - accented or otherwise non-basic-ASCII - in the password?) this could happen. The Windows Security Event log should show the endpoint(s) causing it when Account Logon failure auditing is

I had experienced this with a firewall I had recently, and because of that I used only alphanumerical characters in my password, so I would rule that out.