Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 9059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SEC 5.5.1

vogonfleet

Hello,

 

today we have updated ous Sophos SEC from 5.3.0 to 5.5.1 . As suggested we did all registry settings to enable TLS 1.2 on the MSSQL Express 2012 Server.

This is the output of the checkdbconnection tool :

 

C:\Program Files (x86)\Sophos\Enterprise Console\Tools\CheckDbConnection>CheckDB
Connection.exe -d SOPHOS
Sophos Connectivity Verifier
5.5.1.955

Copyright 2000-2018 Sophos Limited. Alle Rechte vorbehalten.
Sophos und Sophos Anti-Virus sind eingetragene Marken der Sophos Limited und der
 Sophos Group. Alle anderen Produkt- und Firmenbezeichnungen sind Marken oder ei
ngetragene Marken der jeweiligen Eigentümer.

(!) Betriebssystem kann für Verwendung von TLS 1.2 konfiguriert werden
(/) Installiertes .NET Framework unterstützt TLS 1.2
Verbindung zum SQL Server hergestellt
(!) SQL Server-Instanz kann für Verwendung von TLS 1.2 konfiguriert werden
(/) TCP/IP-Protokoll für SQL Server ist aktiviert
(/) Es ist ein Zertifikat installiert, das für SQL Server verwendet werden kann
(/) SQL Server Native Client-Bibliothek unterstützt TLS 1.2
Verschlüsselte Verbindung zum SQL Server kann nicht hergestellt werden

SQL Server Instance named SOPHOS has been installed.
SOPHOS - MSSQL$SOPHOS - Express Edition (64-bit) - 11.4.7001.0

Opening the SEC managenet console fails and the this the output of the event log :

 

C:\Program Files (x86)\Sophos\Enterprise Console\Tools\CheckDbConnection>CheckDB
Connection.exe -d SOPHOS
Sophos Connectivity Verifier
5.5.1.955

Copyright 2000-2018 Sophos Limited. Alle Rechte vorbehalten.
Sophos und Sophos Anti-Virus sind eingetragene Marken der Sophos Limited und der
Sophos Group. Alle anderen Produkt- und Firmenbezeichnungen sind Marken oder ei
ngetragene Marken der jeweiligen Eigentümer.

(!) Betriebssystem kann für Verwendung von TLS 1.2 konfiguriert werden
(/) Installiertes .NET Framework unterstützt TLS 1.2
Verbindung zum SQL Server hergestellt
(!) SQL Server-Instanz kann für Verwendung von TLS 1.2 konfiguriert werden
(/) TCP/IP-Protokoll für SQL Server ist aktiviert
(/) Es ist ein Zertifikat installiert, das für SQL Server verwendet werden kann
(/) SQL Server Native Client-Bibliothek unterstützt TLS 1.2
Verschlüsselte Verbindung zum SQL Server kann nicht hergestellt werden

SQL Server Instance named SOPHOS has been installed.
SOPHOS - MSSQL$SOPHOS - Express Edition (64-bit) - 11.4.7001.0

- System

- Provider

[ Name] Sophos Management Service

- EventID 8004

[ Qualifiers] 49152

Level 2

Task 2

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2018-05-25T11:27:42.000000000Z

EventRecordID 28493

Channel Application

Computer MHV-SOPHOS.HOTELS.HV.MARITIM.INT

- Security

[ UserID] S-1-5-18

- EventData

Step: Migrating data if necessary Error: std::runtime_error. Database upgrade failed. Please see KBA 113946. Data: ErrorUnexpected

 

Thanks for any help



This thread was automatically locked due to age.
Parents
  • 0

    Hello vogonfleet,

    you've probably seen 113946 but it might seem somewhat obscure.

    I assume the management service is stopped. Please use the UpgradeDB.exe tool from an elevated (admin) cmd prompt (note that -sourceVersion is case sensitive):
    UpgradeDB.exe -debug -reset
    UpgradeDB.exe -debug -sourceVersion=521
    This should perform the necessary upgrade and allow the Management Service to start.

    Christian

Reply
  • 0

    Hello vogonfleet,

    you've probably seen 113946 but it might seem somewhat obscure.

    I assume the management service is stopped. Please use the UpgradeDB.exe tool from an elevated (admin) cmd prompt (note that -sourceVersion is case sensitive):
    UpgradeDB.exe -debug -reset
    UpgradeDB.exe -debug -sourceVersion=521
    This should perform the necessary upgrade and allow the Management Service to start.

    Christian

Children
  • 0 in reply to QC

    Hello Christian,

     

    thanks for your reply. I did the things you mentioned but ran into the following problems :

     

    C:\Users\administrator.HOTELS>cd "c:\Program Files (x86)\Sophos\Enterprise Conso
    le"

    c:\Program Files (x86)\Sophos\Enterprise Console>UpgradeDB.exe -debug -reset
    25.05.2018 14:29:05 Parsing command-line qualifiers ... successfully completed.

    25.05.2018 14:29:05 Validating parameter values ...
    25.05.2018 14:29:05 Connection string to SOPHOS DB: Provider=SQLNCLI11;Trusted_C
    onnection=Yes;Database=SOPHOS551;Server=MHV-SOPHOS.HOTELS.HV.MARITIM.INT\SOPHOS;
    Encrypt=yes;TrustServerCertificate=true;;DataTypeCompatibility=80;;Use Encryptio
    n for Data=true;;Trust Server Certificate=true;
    Connection string to SophosSecurity: Provider=SQLNCLI11; Trusted_Connection=Yes;
    Database=SophosSecurity;Server=MHV-SOPHOS.HOTELS.HV.MARITIM.INT\SOPHOS;Encrypt=y
    es;TrustServerCertificate=true;;DataTypeCompatibility=80;;Use Encryption for Dat
    a=true;;Trust Server Certificate=true;

    25.05.2018 14:29:05 Invalid source version: -1
    25.05.2018 14:29:05 Exit code 1 (Invalid command line qualifier.)

    c:\Program Files (x86)\Sophos\Enterprise Console>UpgradeDB.exe -debug -sourceVer
    ion=521
    25.05.2018 14:29:24 Failed to parse: -sourceVerion=521
    25.05.2018 14:29:24 Exit code 1 (Invalid command line qualifier.)

    c:\Program Files (x86)\Sophos\Enterprise Console>UpgradeDB.exe -debug -sourceVer
    sion=521
    25.05.2018 14:29:40 Parsing command-line qualifiers ... successfully completed.

    25.05.2018 14:29:40 Validating parameter values ...
    25.05.2018 14:29:40 Connection string to SOPHOS DB: Provider=SQLNCLI11;Trusted_C
    onnection=Yes;Database=SOPHOS551;Server=MHV-SOPHOS.HOTELS.HV.MARITIM.INT\SOPHOS;
    Encrypt=yes;TrustServerCertificate=true;;DataTypeCompatibility=80;;Use Encryptio
    n for Data=true;;Trust Server Certificate=true;
    Connection string to SophosSecurity: Provider=SQLNCLI11; Trusted_Connection=Yes;
    Database=SophosSecurity;Server=MHV-SOPHOS.HOTELS.HV.MARITIM.INT\SOPHOS;Encrypt=y
    es;TrustServerCertificate=true;;DataTypeCompatibility=80;;Use Encryption for Dat
    a=true;;Trust Server Certificate=true;

    25.05.2018 14:29:40 ... successfully completed.
    25.05.2018 14:29:40 Transferring data to the new database ...
    25.05.2018 14:29:42 Error: DBI exception thrown Violation of PRIMARY KEY constra
    int 'PK_IDELists'. Cannot insert duplicate key in object 'dbo.IDELists'. The dup
    licate key value is (866).
    25.05.2018 14:29:42 Exit code 5 (Failed to transfer data from the old database.)

     

    Any ideas.

     

    Thanks in advance.

     

    Fredo

  • +1 in reply to vogonfleet

    Hello Fredo,

    can't explain the -1 for the first command (perhaps it doesn't like -reset together with -debug).

    Anyway, it's a good idea to reinitialize the new database after an error during transfer. Please use InstallDB.bat to do so (InstallDB.bat /? prints a short help), just for the SOPHOS551 database should suffice. Then retry the upgrade.

    Christian

  • 0 in reply to QC

    Hello Christian,

     

    this tip helped. At the end of the upgrade the migration failed.

    To get the enterprise console working again, i had to delete all old databases

    on the sql instance, exept the SOPHOS551 database.

    After this the service started again.

     

    Thanks for your help.

     

    Fredo

  • 0 in reply to vogonfleet

    Hello Fredo,

    had to delete all old databases
    so you did not migrate your existing data?

    Christian

  • 0 in reply to QC

    Hello Christian,

     

    i did an install with InstallDB.bat to have a new database SOPHOS551, then i did an

    upgradeDB wich ended with errors. But this took a long time before the error occurs,

    so i think most of the migration has been done.

    After this i did a backup of all existing database on the sql server, SOPHOS521, SOPHOSPachDB,

    and deleted them.

    With only the SOPHOS551 database on the sql server the enterprise console service satarted again.

    Until now all data are visible and updates, enrolment is working perfect for now.

     

    Fredo

  • 0 in reply to vogonfleet

    Hello Fredo,

    I see. There might be some inconsistency that does not seem to affect the current operation ... hopefully it doesn't surface later. BTW - are you using Tamper Protection? Migration created a new policy type. Had a migration error on one of my servers, successfully (or so I thought) upgraded manually only to detect an inconsistency a few days later.

    Christian

Unfiltered HTML