This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection won't fully install

I have a sophos UTM installed with some endpoints using EndPoint protection.

I am trying to install the agent on a new computer, but it seems like it is only getting partially through.

I am using the endpoint package from the UTM to install.  The agent registers with the UTM, but it won't update.

Logs....

 

2018-05-04T17:09:16.630Z [ 4808] INFO  SUL-Log [I49502] Found supplement IDE552 LATEST
2018-05-04T17:09:16.630Z [ 4808] INFO  SUL-Log [I49502] Found supplement IDE553 LATEST
2018-05-04T17:09:16.646Z [ 4808] INFO  SUL-Log [I49502] Found supplement IDE553 LATEST
2018-05-04T17:09:16.646Z [ 4808] INFO  SUL-Log [I19463] Syncing product cd2a5386-f08c-42b1-8d98-40240059e361 591
2018-05-04T17:09:16.646Z [ 4808] ERROR SUL-Log [E59264] Cannot locate server for d1.sophosupd.com/.../d34a527493f39af4491b3e909dc697cax000.dat WinHttpQueryHeaders 12150
2018-05-04T17:09:16.646Z [ 4808] ERROR SDDSDownloader::ReportSyncFailure Failed to synchronise
2018-05-04T17:09:16.646Z [ 4808] INFO  UpdateLogic::SyncAndInstall Saving state.
2018-05-04T17:09:16.646Z [ 4808] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2018-05-04T17:09:16.646Z [ 4808] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
2018-05-04T17:09:17.709Z [ 4808] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server dci.sophosupd.com/.../Config>
2018-05-04T17:09:17.709Z [ 6028] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server dci.sophosupd.com/.../Config>
2018-05-04T17:09:17.709Z [ 6028] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2018-05-04T17:09:17.709Z [ 4808] INFO  WinMain SophosUpdate has completed with the result 0.
2018-05-04T17:09:18.724Z [ 6028] INFO  IPCSender::ProcessSend IPCSender::ProcessSend exiting
2018-05-04T17:09:18.724Z [ 6028] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread finished.
2018-05-04T17:09:18.724Z [ 4808] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml



This thread was automatically locked due to age.
Parents
  • Anyone find a solution on this as I am having same issue, but a different .dat file is involved in my case. Only started happening a few days ago and now cannot install any new workstations.

  • FYI got this response from Sophos tech support:

    I have gone over the logs that you have sent in and on the UTM and from the log files I can see it matches a software defect that we have in the firmware version that you are running but currently there is no workaround or an ETA on when the defect will be resolved.

    Not exactly helpful :(

  • Just spent the last couple hours troubleshooting this. Same issue, can install the endpoint package but then autoupdate fails although the files can be downloaded directly without issue.

     

    In the end I copied the warehouse folder from a functioning system, ran update again (no files need updating) and the install completed.

Reply
  • Just spent the last couple hours troubleshooting this. Same issue, can install the endpoint package but then autoupdate fails although the files can be downloaded directly without issue.

     

    In the end I copied the warehouse folder from a functioning system, ran update again (no files need updating) and the install completed.

Children
  • Hi Mike,

    Thanks heaps for the info, much appreciated. Worked a treat!

    While not a solution I can live with this workaround until Sophos fix the 'defect'.

  • Thanks heaps Mike, this was helpful as a workaround.

    I had a couple of other gremlins getting this working which I'll add here in case it helps anyone else.

    The scenario is a brand new install of UTM 9.509-3 in a home lab, trying to protect a Win10 1607 LTSB (patched). Initial install of autoupdater and MCS succeeds but at the end the installer claims it'll need to wait for an Internet connection to complete. This never completes, with %programdata%\sophos\autoupdate\logs\sophosupdate.log showing [E59264] cannot locate server for various .dat files at http://d1.sophosupd.com/update

    1. As I didn't have a working endpoint on the UTM, I copied the warehouse files from a working standalone-installed SAV (licensed home use version, not Sophos Home) located at %programdata%\sophos\autoupdate\data\warehouse and pasted them into the same folder on the non-working machine (it didn't seem to make a difference whether these were overwritten or not)

    2. This helped the updater proceed past the initial .dat file it couldn't find, however the log indicated that a different .dat file was now not able to download

    3. I manually downloaded the next .dat file and put it in the root of the warehouse folder

    4. This happened again 3 or 4 times, so repeated step 3, until...

    5. Eventually I got to a .dat file which when pasted into a link, wanted to save as a zip file (6db986e508ddd1d24980b75885f902fcx000.dat). Couldn't locate where that would go, but the zip contained a bunch of .xml files that looked to be info on uninstalling other AV products

    6. Gave up for the night, and then tried to download the same .dat file through Firefox on a different PC this morning. It saved as a .dat, rather than a zip. Tried on IE on the different PC (as IE was the only installed browser on the affected Win10 client), and IE returned it as ZIP as well.

    7. Shrugged, pasted the 6db986e508ddd1d24980b75885f902fcx000.dat file into the Win10 machine's warehouse folder and updated.

    8. Autoupdater installed the missing packages. Rebooted, and after about 10 minutes the UTM reported that the endpoint is up to date, and the client isn't showing download errors any more. The extracted content of the zip now seems to have appeared in the root of the warehouse folder.

    Additional info:

    I had previously tried to protect a client on our work UTM which is hardware and on the same software version, hoping to get the full set of relevant warehouse files from there. The install progressed with similar symptoms (AU and MCS installed only) however the sophosupdate.log showed a different error regarding being unable to retrieve metadata. Not sure if that's related, but same as this post: Unable to update Sophos Endpoint Protection

    Had a look through the known issues register, couldn't see anything that describes this issue logged.