Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 3 subscribers
  • Views 11170 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stand Alone Endpoint Security and Control Not updating

Tania Keenan1

I am attempting to roll out some Windows Surface Pros with Sophos Endpoint Security and Control.

It appears to install fine, but will then not update.

 

I just get ERROR: Download of Sophos Endpoint Security and Failed from Sophos Server.

I am using the same install files that I have used successfully previously and I have checked that the software still updates on other devices.

The username and password are again the same as used on previous installs and our license is up to date.

I have also tried on a different network (ie using my phone as a hot spot)

 

Any advice would be gratefully received



This thread was automatically locked due to age.
Parents
  • 0

    Hello Tania Keenan1,

    could you post one complete update cycle from the ALUpdate log (in %ProgramData%\Sophos\AutoUpdate\Logs\)?

    Christian

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    thanks, but not the log from the GUI but the more verbose ALUpdate20181105.... log under ProgramData. This should have detailed information.

    Christian

  • 0 in reply to QC

    Trace(2018-Nov-05 12:35:27): ALUpdate started: -ScheduledUpdate  -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"

    Trace(2018-Nov-05 12:35:27): Process security set successfully

    Trace(2018-Nov-05 12:35:27): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0

    Trace(2018-Nov-05 12:35:27): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.

    Trace(2018-Nov-05 12:35:27): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0

    Trace(2018-Nov-05 12:35:27): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.

    Trace(2018-Nov-05 12:35:27): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0

    Trace(2018-Nov-05 12:35:27): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.

    Trace(2018-Nov-05 12:35:27): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.

    Trace(2018-Nov-05 12:35:27): Computer is a not possible cluster

    Trace(2018-Nov-05 12:35:27): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global

    Trace(2018-Nov-05 12:35:27): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription

    Trace(2018-Nov-05 12:35:27): Considering subscribed products.

    Trace(2018-Nov-05 12:35:27): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}

    Trace(2018-Nov-05 12:35:27): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.

    Trace(2018-Nov-05 12:35:27): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.

    Trace(2018-Nov-05 12:35:27): Considering product {E17FE03B-0501-4aaa-BC69-0129D965F311}

    Trace(2018-Nov-05 12:35:27): Considering product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}

    Trace(2018-Nov-05 12:35:27): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} is not already subscribed.

    Trace(2018-Nov-05 12:35:27): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} was added to the list.

    Trace(2018-Nov-05 12:35:27): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} is removable.

    Trace(2018-Nov-05 12:35:27): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} was added to the list.

    Trace(2018-Nov-05 12:35:27): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} is optional.

    Trace(2018-Nov-05 12:35:27): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} is removable.

    Trace(2018-Nov-05 12:35:27): Could not read registry entry containing Sophos address - using hardcoded value.

    Trace(2018-Nov-05 12:35:27): GenerateCustomerID: complete

    Trace(2018-Nov-05 12:35:27): Computer is a not possible cluster

    Trace(2018-Nov-05 12:35:27): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global

    Trace(2018-Nov-05 12:35:27): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4

    Trace(2018-Nov-05 12:35:27): IPCSender::ProcessSend started

    Trace(2018-Nov-05 12:35:27): IPCSender::ProcessSend: No messages in queue, starting to wait

    Trace(2018-Nov-05 12:35:27): RMSMessageHandler: ALUpdateStart

    Trace(2018-Nov-05 12:35:27): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />

    Trace(2018-Nov-05 12:35:27): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />

    Trace(2018-Nov-05 12:35:27): IPCSender::ProcessSend: No messages in queue, starting to wait

    Trace(2018-Nov-05 12:35:27): ALUpdate(AutoUpdate.Started): 

    Trace(2018-Nov-05 12:35:27): UpdateCoordinator::UpdateNow: Entering

    Trace(2018-Nov-05 12:35:27): PopulateCache: Entering

    Trace(2018-Nov-05 12:35:27): UpdateCoordinator::UpdateNow: current platform is WIN_10_X64

    Trace(2018-Nov-05 12:35:27): ProductFactory::Create: SimpleProduct: {E17FE03B-0501-4aaa-BC69-0129D965F311}

    Trace(2018-Nov-05 12:35:27): ProductFactory::Create: SAU Product

    Trace(2018-Nov-05 12:35:27): CIDMapFile::Create C:\ProgramData\Sophos\AutoUpdate\cache\ssp.map

    Trace(2018-Nov-05 12:35:27): ProductFactory::Create: SimpleProduct: {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}

    Trace(2018-Nov-05 12:35:27): ProductFactory::Create: SimpleProduct: {8087796B-2289-4897-98A5-58FF23DAAFD0}

    Trace(2018-Nov-05 12:35:27): UpdateCoordinator::UpdateNow: About to Sync list of products

    Trace(2018-Nov-05 12:35:27): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown

    Trace(2018-Nov-05 12:35:27): TrySyncProduct<class SDDS2::SULUpdateLocation>, Started: 

    Trace(2018-Nov-05 12:35:27): TrySyncProduct<class SDDS2::SULUpdateLocation>, creating update location

    Trace(2018-Nov-05 12:35:27): Could not read registry entry containing Sophos address - using hardcoded value.

    Trace(2018-Nov-05 12:35:27): SULUpdateLocation created!

    Trace(2018-Nov-05 12:35:27): TrySyncProduct, Calling BeginSync

    Trace(2018-Nov-05 12:35:27): SULUpdateLocation: BeginSync

    Trace(2018-Nov-05 12:35:27): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode

    Trace(2018-Nov-05 12:35:27): SDDS2Update(SyncProduct.Start): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:27): Calling SULDownloader Setup...

    Trace(2018-Nov-05 12:35:27): warehousePath: "C:\ProgramData\Sophos\AutoUpdate\data\warehouse"

    Trace(2018-Nov-05 12:35:27): decodePath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode"

    Trace(2018-Nov-05 12:35:27): certPath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir"

    Trace(2018-Nov-05 12:35:27): server = sophos

    Trace(2018-Nov-05 12:35:27): Adding Sophos Update Location: http://dci.sophosupd.com/update

    Trace(2018-Nov-05 12:35:27): Adding Sophos Update Location: http://dci.sophosupd.net/update

    Trace(2018-Nov-05 12:35:27): No manually configured proxy.

    Trace(2018-Nov-05 12:35:27): SULDownloader setup successful.

    Trace(2018-Nov-05 12:35:27): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:27): No resubscription attribute found.

    Trace(2018-Nov-05 12:35:27): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:27): Adding product filter 'savxp'.

    Trace(2018-Nov-05 12:35:27): Adding product filter 'sau'.

    Trace(2018-Nov-05 12:35:27): Adding product filter 'ssp'.

    Trace(2018-Nov-05 12:35:27): Adding product filter 'ntp64'.

    Trace(2018-Nov-05 12:35:27): Calling SULDownloader addFilter...

    Trace(2018-Nov-05 12:35:27): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\savxp

    Trace(2018-Nov-05 12:35:27): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\sau

    Trace(2018-Nov-05 12:35:27): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ssp

    Trace(2018-Nov-05 12:35:27): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ntp64

    Trace(2018-Nov-05 12:35:27): Calling SULDownloader synchronise...

    Trace(2018-Nov-05 12:35:28): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:28): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:28): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:29): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:29): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:29): [I96736] Looking for package StandaloneWindows RECOMMENDED 10

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement SAVCONTROLLINE STANDALONE 

    Trace(2018-Nov-05 12:35:29): [I45378] Found included product F8FFD42E-47AC-4CFF-9E27-EC84ED62128E 1.3.1.2 

    Trace(2018-Nov-05 12:35:29): [I45378] Found included product 4DB41E90-DC56-41DC-B91E-9B8E537489A8 3.0.6.50 

    Trace(2018-Nov-05 12:35:29): [I45378] Found included product 9BF40A4E-23AE-48be-9974-5A1F261DBEE8 5.14.36.36 

    Trace(2018-Nov-05 12:35:29): [I45378] Found included product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.2.334.3730.13837 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement SAUCONTROLLINE RECOMMENDED 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement TELEMSUP RECOMMENDED 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement USERAPPFEED LATEST 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement SDU RECOMMENDED 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement SXLSUP LATEST 2

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement VDL LATEST 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement HIPS LATEST 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement IDE557 LATEST 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement IDE558 LATEST 

    Trace(2018-Nov-05 12:35:29): [I49502] Found supplement IDE559 LATEST 

    Trace(2018-Nov-05 12:35:29): [I19463] Syncing product StandaloneWindows 168

    Trace(2018-Nov-05 12:35:29): ERROR: [E59264] Cannot locate server for http://d1.sophosupd.com/update/0221704eeba4f0491dbe607ffa854077x000.dat WinHttpQueryHeaders 12150

    Trace(2018-Nov-05 12:35:29): Synchronise failed: 4

    Trace(2018-Nov-05 12:35:29): Synchronisation state: 3

    Trace(2018-Nov-05 12:35:29): SDDS2Update(SDDS2DownloadFailed): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:29): TrySyncProduct<class SDDS2::SULUpdateLocation>, Calling SyncProduct with {E17FE03B-0501-4aaa-BC69-0129D965F311}

    Trace(2018-Nov-05 12:35:29): SULUpdateLocation: SyncProduct

    Trace(2018-Nov-05 12:35:29): Synchronise connected but failed.

    Trace(2018-Nov-05 12:35:29): TrySyncProduct<class SDDS2::SULUpdateLocation>, SyncProduct returned - 0

    Trace(2018-Nov-05 12:35:29): SULUpdateLocation: EndSync

    Trace(2018-Nov-05 12:35:29): TrySyncProduct<class SDDS2::SULUpdateLocation>, Ended - 0

    Trace(2018-Nov-05 12:35:29): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown

    Trace(2018-Nov-05 12:35:29): TrySyncProduct<class SDDS2::SULUpdateLocation>, Started: 

    Trace(2018-Nov-05 12:35:29): TrySyncProduct<class SDDS2::SULUpdateLocation>, creating update location

    Trace(2018-Nov-05 12:35:29): Could not read registry entry containing Sophos address - using hardcoded value.

    Trace(2018-Nov-05 12:35:29): SULUpdateLocation created!

    Trace(2018-Nov-05 12:35:29): TrySyncProduct, Calling BeginSync

    Trace(2018-Nov-05 12:35:29): SULUpdateLocation: BeginSync

    Trace(2018-Nov-05 12:35:29): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode

    Trace(2018-Nov-05 12:35:29): SDDS2Update(SyncProduct.Start): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:29): Calling SULDownloader Setup...

    Trace(2018-Nov-05 12:35:29): warehousePath: "C:\ProgramData\Sophos\AutoUpdate\data\warehouse"

    Trace(2018-Nov-05 12:35:29): decodePath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode"

    Trace(2018-Nov-05 12:35:29): certPath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir"

    Trace(2018-Nov-05 12:35:29): server = sophos

    Trace(2018-Nov-05 12:35:29): Adding Sophos Update Location: http://dci.sophosupd.com/update

    Trace(2018-Nov-05 12:35:29): Adding Sophos Update Location: http://dci.sophosupd.net/update

    Trace(2018-Nov-05 12:35:29): No manually configured proxy.

    Trace(2018-Nov-05 12:35:29): SULDownloader setup successful.

    Trace(2018-Nov-05 12:35:29): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:29): No resubscription attribute found.

    Trace(2018-Nov-05 12:35:29): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:29): Adding product filter 'savxp'.

    Trace(2018-Nov-05 12:35:29): Adding product filter 'sau'.

    Trace(2018-Nov-05 12:35:29): Adding product filter 'ssp'.

    Trace(2018-Nov-05 12:35:29): Adding product filter 'ntp64'.

    Trace(2018-Nov-05 12:35:29): Calling SULDownloader addFilter...

    Trace(2018-Nov-05 12:35:29): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\savxp

    Trace(2018-Nov-05 12:35:29): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\sau

    Trace(2018-Nov-05 12:35:29): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ssp

    Trace(2018-Nov-05 12:35:29): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ntp64

    Trace(2018-Nov-05 12:35:29): Calling SULDownloader synchronise...

    Trace(2018-Nov-05 12:35:30): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:30): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:30): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:31): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:31): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:31): [I96736] Looking for package StandaloneWindows RECOMMENDED 10

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement SAVCONTROLLINE STANDALONE 

    Trace(2018-Nov-05 12:35:31): [I45378] Found included product F8FFD42E-47AC-4CFF-9E27-EC84ED62128E 1.3.1.2 

    Trace(2018-Nov-05 12:35:31): [I45378] Found included product 4DB41E90-DC56-41DC-B91E-9B8E537489A8 3.0.6.50 

    Trace(2018-Nov-05 12:35:31): [I45378] Found included product 9BF40A4E-23AE-48be-9974-5A1F261DBEE8 5.14.36.36 

    Trace(2018-Nov-05 12:35:31): [I45378] Found included product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.2.334.3730.13837 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement SAUCONTROLLINE RECOMMENDED 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement TELEMSUP RECOMMENDED 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement USERAPPFEED LATEST 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement SDU RECOMMENDED 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement SXLSUP LATEST 2

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement VDL LATEST 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement HIPS LATEST 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement IDE557 LATEST 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement IDE558 LATEST 

    Trace(2018-Nov-05 12:35:31): [I49502] Found supplement IDE559 LATEST 

    Trace(2018-Nov-05 12:35:31): [I19463] Syncing product StandaloneWindows 168

    Trace(2018-Nov-05 12:35:31): ERROR: [E59264] Cannot locate server for http://d1.sophosupd.com/update/0221704eeba4f0491dbe607ffa854077x000.dat WinHttpQueryHeaders 12150

    Trace(2018-Nov-05 12:35:31): Synchronise failed: 4

    Trace(2018-Nov-05 12:35:31): Synchronisation state: 3

    Trace(2018-Nov-05 12:35:31): SDDS2Update(SDDS2DownloadFailed): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:31): TrySyncProduct<class SDDS2::SULUpdateLocation>, Calling SyncProduct with {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}

    Trace(2018-Nov-05 12:35:31): SULUpdateLocation: SyncProduct

    Trace(2018-Nov-05 12:35:31): Synchronise connected but failed.

    Trace(2018-Nov-05 12:35:31): TrySyncProduct<class SDDS2::SULUpdateLocation>, SyncProduct returned - 0

    Trace(2018-Nov-05 12:35:31): SULUpdateLocation: EndSync

    Trace(2018-Nov-05 12:35:31): TrySyncProduct<class SDDS2::SULUpdateLocation>, Ended - 0

    Trace(2018-Nov-05 12:35:31): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown

    Trace(2018-Nov-05 12:35:31): TrySyncProduct<class SDDS2::SULUpdateLocation>, Started: 

    Trace(2018-Nov-05 12:35:31): TrySyncProduct<class SDDS2::SULUpdateLocation>, creating update location

    Trace(2018-Nov-05 12:35:31): Could not read registry entry containing Sophos address - using hardcoded value.

    Trace(2018-Nov-05 12:35:31): SULUpdateLocation created!

    Trace(2018-Nov-05 12:35:31): TrySyncProduct, Calling BeginSync

    Trace(2018-Nov-05 12:35:31): SULUpdateLocation: BeginSync

    Trace(2018-Nov-05 12:35:31): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode

    Trace(2018-Nov-05 12:35:31): SDDS2Update(SyncProduct.Start): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:31): Calling SULDownloader Setup...

    Trace(2018-Nov-05 12:35:31): warehousePath: "C:\ProgramData\Sophos\AutoUpdate\data\warehouse"

    Trace(2018-Nov-05 12:35:31): decodePath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode"

    Trace(2018-Nov-05 12:35:31): certPath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir"

    Trace(2018-Nov-05 12:35:31): server = sophos

    Trace(2018-Nov-05 12:35:31): Adding Sophos Update Location: http://dci.sophosupd.com/update

    Trace(2018-Nov-05 12:35:31): Adding Sophos Update Location: http://dci.sophosupd.net/update

    Trace(2018-Nov-05 12:35:31): No manually configured proxy.

    Trace(2018-Nov-05 12:35:31): SULDownloader setup successful.

    Trace(2018-Nov-05 12:35:31): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:31): No resubscription attribute found.

    Trace(2018-Nov-05 12:35:31): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:31): Adding product filter 'savxp'.

    Trace(2018-Nov-05 12:35:31): Adding product filter 'sau'.

    Trace(2018-Nov-05 12:35:31): Adding product filter 'ssp'.

    Trace(2018-Nov-05 12:35:31): Adding product filter 'ntp64'.

    Trace(2018-Nov-05 12:35:31): Calling SULDownloader addFilter...

    Trace(2018-Nov-05 12:35:31): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\savxp

    Trace(2018-Nov-05 12:35:31): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\sau

    Trace(2018-Nov-05 12:35:31): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ssp

    Trace(2018-Nov-05 12:35:31): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ntp64

    Trace(2018-Nov-05 12:35:31): Calling SULDownloader synchronise...

    Trace(2018-Nov-05 12:35:32): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:32): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:32): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:33): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:33): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:33): [I96736] Looking for package StandaloneWindows RECOMMENDED 10

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement SAVCONTROLLINE STANDALONE 

    Trace(2018-Nov-05 12:35:33): [I45378] Found included product F8FFD42E-47AC-4CFF-9E27-EC84ED62128E 1.3.1.2 

    Trace(2018-Nov-05 12:35:33): [I45378] Found included product 4DB41E90-DC56-41DC-B91E-9B8E537489A8 3.0.6.50 

    Trace(2018-Nov-05 12:35:33): [I45378] Found included product 9BF40A4E-23AE-48be-9974-5A1F261DBEE8 5.14.36.36 

    Trace(2018-Nov-05 12:35:33): [I45378] Found included product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.2.334.3730.13837 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement SAUCONTROLLINE RECOMMENDED 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement TELEMSUP RECOMMENDED 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement USERAPPFEED LATEST 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement SDU RECOMMENDED 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement SXLSUP LATEST 2

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement VDL LATEST 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement HIPS LATEST 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement IDE557 LATEST 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement IDE558 LATEST 

    Trace(2018-Nov-05 12:35:33): [I49502] Found supplement IDE559 LATEST 

    Trace(2018-Nov-05 12:35:33): [I19463] Syncing product StandaloneWindows 168

    Trace(2018-Nov-05 12:35:33): ERROR: [E59264] Cannot locate server for http://d1.sophosupd.com/update/0221704eeba4f0491dbe607ffa854077x000.dat WinHttpQueryHeaders 12150

    Trace(2018-Nov-05 12:35:33): Synchronise failed: 4

    Trace(2018-Nov-05 12:35:33): Synchronisation state: 3

    Trace(2018-Nov-05 12:35:33): SDDS2Update(SDDS2DownloadFailed): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:33): TrySyncProduct<class SDDS2::SULUpdateLocation>, Calling SyncProduct with {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}

    Trace(2018-Nov-05 12:35:33): SULUpdateLocation: SyncProduct

    Trace(2018-Nov-05 12:35:33): Synchronise connected but failed.

    Trace(2018-Nov-05 12:35:33): TrySyncProduct<class SDDS2::SULUpdateLocation>, SyncProduct returned - 0

    Trace(2018-Nov-05 12:35:33): SULUpdateLocation: EndSync

    Trace(2018-Nov-05 12:35:33): TrySyncProduct<class SDDS2::SULUpdateLocation>, Ended - 0

    Trace(2018-Nov-05 12:35:33): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown

    Trace(2018-Nov-05 12:35:33): TrySyncProduct<class SDDS2::SULUpdateLocation>, Started: 

    Trace(2018-Nov-05 12:35:33): TrySyncProduct<class SDDS2::SULUpdateLocation>, creating update location

    Trace(2018-Nov-05 12:35:33): Could not read registry entry containing Sophos address - using hardcoded value.

    Trace(2018-Nov-05 12:35:33): SULUpdateLocation created!

    Trace(2018-Nov-05 12:35:33): TrySyncProduct, Calling BeginSync

    Trace(2018-Nov-05 12:35:33): SULUpdateLocation: BeginSync

    Trace(2018-Nov-05 12:35:33): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode

    Trace(2018-Nov-05 12:35:33): SDDS2Update(SyncProduct.Start): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:33): Calling SULDownloader Setup...

    Trace(2018-Nov-05 12:35:33): warehousePath: "C:\ProgramData\Sophos\AutoUpdate\data\warehouse"

    Trace(2018-Nov-05 12:35:33): decodePath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\decode"

    Trace(2018-Nov-05 12:35:33): certPath: "C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir"

    Trace(2018-Nov-05 12:35:33): server = sophos

    Trace(2018-Nov-05 12:35:33): Adding Sophos Update Location: http://dci.sophosupd.com/update

    Trace(2018-Nov-05 12:35:33): Adding Sophos Update Location: http://dci.sophosupd.net/update

    Trace(2018-Nov-05 12:35:33): No manually configured proxy.

    Trace(2018-Nov-05 12:35:33): SULDownloader setup successful.

    Trace(2018-Nov-05 12:35:33): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:33): No resubscription attribute found.

    Trace(2018-Nov-05 12:35:33): SubscriptionProvider: StandaloneWindows/RECOMMENDED/10

    Trace(2018-Nov-05 12:35:33): Adding product filter 'savxp'.

    Trace(2018-Nov-05 12:35:33): Adding product filter 'sau'.

    Trace(2018-Nov-05 12:35:33): Adding product filter 'ssp'.

    Trace(2018-Nov-05 12:35:33): Adding product filter 'ntp64'.

    Trace(2018-Nov-05 12:35:33): Calling SULDownloader addFilter...

    Trace(2018-Nov-05 12:35:33): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\savxp

    Trace(2018-Nov-05 12:35:33): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\sau

    Trace(2018-Nov-05 12:35:33): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ssp

    Trace(2018-Nov-05 12:35:33): Adding cache: C:\ProgramData\Sophos\AutoUpdate\cache\ntp64

    Trace(2018-Nov-05 12:35:33): Calling SULDownloader synchronise...

    Trace(2018-Nov-05 12:35:34): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:34): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:34): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:35): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:35): SDDS2(SDDS2.DownloadFile): 0221704eeba4f0491dbe607ffa854077x000.dat

    Trace(2018-Nov-05 12:35:35): [I96736] Looking for package StandaloneWindows RECOMMENDED 10

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement SAVCONTROLLINE STANDALONE 

    Trace(2018-Nov-05 12:35:35): [I45378] Found included product F8FFD42E-47AC-4CFF-9E27-EC84ED62128E 1.3.1.2 

    Trace(2018-Nov-05 12:35:35): [I45378] Found included product 4DB41E90-DC56-41DC-B91E-9B8E537489A8 3.0.6.50 

    Trace(2018-Nov-05 12:35:35): [I45378] Found included product 9BF40A4E-23AE-48be-9974-5A1F261DBEE8 5.14.36.36 

    Trace(2018-Nov-05 12:35:35): [I45378] Found included product E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.2.334.3730.13837 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement SAUCONTROLLINE RECOMMENDED 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement TELEMSUP RECOMMENDED 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement USERAPPFEED LATEST 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement SDU RECOMMENDED 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement SXLSUP LATEST 2

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement VDL LATEST 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement HIPS LATEST 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement IDE557 LATEST 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement IDE558 LATEST 

    Trace(2018-Nov-05 12:35:35): [I49502] Found supplement IDE559 LATEST 

    Trace(2018-Nov-05 12:35:35): [I19463] Syncing product StandaloneWindows 168

    Trace(2018-Nov-05 12:35:35): ERROR: [E59264] Cannot locate server for http://d1.sophosupd.com/update/0221704eeba4f0491dbe607ffa854077x000.dat WinHttpQueryHeaders 12150

    Trace(2018-Nov-05 12:35:35): Synchronise failed: 4

    Trace(2018-Nov-05 12:35:35): Synchronisation state: 3

    Trace(2018-Nov-05 12:35:35): SDDS2Update(SDDS2DownloadFailed): Sophos Endpoint Security and Control, sophos

    Trace(2018-Nov-05 12:35:35): TrySyncProduct<class SDDS2::SULUpdateLocation>, Calling SyncProduct with {8087796B-2289-4897-98A5-58FF23DAAFD0}

    Trace(2018-Nov-05 12:35:35): SULUpdateLocation: SyncProduct

    Trace(2018-Nov-05 12:35:35): Synchronise connected but failed.

    Trace(2018-Nov-05 12:35:35): TrySyncProduct<class SDDS2::SULUpdateLocation>, SyncProduct returned - 0

    Trace(2018-Nov-05 12:35:35): SULUpdateLocation: EndSync

    Trace(2018-Nov-05 12:35:35): TrySyncProduct<class SDDS2::SULUpdateLocation>, Ended - 0

    Trace(2018-Nov-05 12:35:35): ALUpdate(): 

    Trace(2018-Nov-05 12:35:35): ALUpdate(DownloadEnded): 

    Trace(2018-Nov-05 12:35:35): UpdateCoordinator::UpdateNow: About to Action list of products

    Trace(2018-Nov-05 12:35:36): RMSMessageHandler: ALUpdateEnd

    Trace(2018-Nov-05 12:35:36): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID></ID><StringID>113</StringID><Sender>ALUpdate</Sender></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated packages</ReadableMessage></Config>

    Trace(2018-Nov-05 12:35:36): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID></ID><StringID>113</StringID><Sender>ALUpdate</Sender></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated packages</ReadableMessage></Config>

    Trace(2018-Nov-05 12:35:36): IPCSender::ProcessSend: Listener not ready starting to wait

    Trace(2018-Nov-05 12:35:37): IPCSender::ProcessSend exiting​

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    thanks, that's the one.

    The error is Cannot locate server for http://d1.sophosupd.com/update/0221704eeba4f0491dbe607ffa854077x000.dat WinHttpQueryHeaders 12150

    12150 is ERROR_WINHTTP_HEADER_NOT_FOUND - meaning a header that the downloader expects is missing from the response. Shouldn't happen. 
    Are there already files with a .dat extension under C:\ProgramData\Sophos\AutoUpdate\data\warehouse?
    Can you download the file with a browser, if so could you try to capture the response headers (usually Developer Tools → Network)?

    You've already rules out the network using a hotspot. Other endpoints might not need to update (i.e. download) this file and wouldn't be affected from whatever the cause is.

    Christian

  • 0 in reply to QC

    Yes there are several hundred other .dat files in that location, although Sophos was only installed on Friday and the Pro has been switched off all weekend.

    Yes I can download from a browser.

    Screenshot attached

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    several hundred other .dat files
    this suggests a problem with this particular file. Hm, the screenshot doesn't show the headers for the .dat response. Which browser? IIRC IE didn't show the headers for a download.

    Christian

  • 0 in reply to QC

    This was taken from Google.

    How do I get the information you need?

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    I'm using Firefox, but guess Chrome is similar. I open a new tab or window, F12 (Developer Tools), then paste the URL and press Enter/GoTo.

    Christian 

  • 0 in reply to QC

    Yes, thats what I did, thats how I got the last screenshot.

    If I run it on my own PC I get this

     

    If I run the same thing on the Pro I get

     

    What I cant identify is how to show you the "headers"?

  • 0 in reply to Tania Keenan1

    Hello ,

    you should be able to see the headers by clicking on the Name).

    The request for the .dat document is not in the Pro screenshot though, it shows as far as I can tell an OWA login (and furthermore the Status is given as 242). What happens if you request some other .dat - on of those that are already in the Warehouse?

    Christian

  • 0 in reply to QC

    Morning,

     

    If I request one of the other .dat files, the headers look like this

Reply Children
  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    both look ok. But when you request the 0221704eeba4f0491dbe607ffa854077x000.dat from the Pro you don't get a response?

    Christian

  • 0 in reply to QC

    The Site cant be reached page was just what was on there anyway,  The page itself didnt change, but the .dat file did download..

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    the installer still fails with the same error for the same file? Did I understand correctly that you can download the "problem" 0221... .dat with a browser on the Pro and both screenshots are from the Pro?

    Christian

  • 0 in reply to QC

    Yes the installer still fails on that .dat file.

    Yes I can download it.

    Yes the screenshots are from the Pro.

     

    I have 16 of these the roll out and have the same issue on the first 5 so far.

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    weird. Wonder if it's a red herring.
    AFAIK AutoUpdate's downloader still uses HTTP so it should be possible to capture the traffic with Wireshark using tcp port 80 (optionally with an additional and host 2.19.60.128) as capture filter. The HTTP data can be viewed with Analyze → Follow → HTTP stream.

    Christian

  • 0 in reply to QC

    Fullscreen sophos capture.txt Download 
    GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[2920 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[2920 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[2920 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[2920 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[2920 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[2920 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: "8b213c5c2843072d47dda5d7237001ae:1540468002.571153"
Last-Modified: Thu, 25 Oct 2018 11:46:42 GMT
Server: AkamaiNetStorage
Content-Length: 3909
Expires: Tue, 06 Nov 2018 13:32:16 GMT
Date: Tue, 06 Nov 2018 13:31:36 GMT
Connection: keep-alive
Content-Type: application/octet-stream
Cache-Control: s-maxage=40, max-age=40

<?xml version="1.0" encoding="utf-8" ?>
<Warehouse>
<LicenseDescription>Endpoint Protection Advanced</LicenseDescription>
<LastModified>2018-10-25T11:38:28Z</LastModified>
<LastAssigned>2015-08-20T09:44:41Z</LastAssigned>
<FileName>266ac3f214ce22a7ba5847748213816f</FileName>
<URL>http://d1.sophosupd.com/update</URL>
<URL>http://d1.sophosupd.net/update</URL>
<Warehouses>
<WarehouseEntry>
<Name>sdds.def_retired</Name>
</WarehouseEntry>
<WarehouseEntry>
<Name>sdds.fw_linux_s_LIN2018-5.3</Name>
</WarehouseEntry>
<WarehouseEntry>
<Name>sdds.epa_WIN2018-5a.1</Name>
</WarehouseEntry>
<WarehouseEntry>
<Name>sdds.SUM2018-2.1</Name>
</WarehouseEntry>
<WarehouseEntry>
<Name>sdds.MAC2018-4.3</Name>
</WarehouseEntry>
</Warehouses>
<Redirects><Redirect Substitution="d2.sophosupd.net/update-C" Pattern="d2.sophosupd.net/update"/><Redirect Substitution="d2.sophosupd.com/update-C" Pattern="d2.sophosupd.com/update"/><Redirect Substitution="d3.sophosupd.net/update-C" Pattern="d3.sophosupd.net/update"/><Redirect Substitution="d3.sophosupd.com/update-C" Pattern="d3.sophosupd.com/update"/><GET /update/2/64/2645f66c4fa03b6ea0a6427c734db1cb.dat HTTP/1.1
Connection: Keep-Alive
Accept: text/*, application/*
User-Agent: AutoUpdate/5.2.0.276 SDDS/2.0 (u="7XXXXXXXXX" c="37c99a16-170e-4aab-94ec-f3bf3abc615b" i="")
Host: dci.sophosupd.com

[5745 bytes missing in capture file].
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBhTEnMCUGA1UEAxMeU29w
aG9zIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYJKoZIhvcNAQkBFhNzb3Bo
b3NjYUBzb3Bob3MuY29tMRQwEgYDVQQIEwtPeGZvcmRzaGlyZTELMAkGA1UEBhMC
VUsxEzARBgNVBAoTClNvcGhvcyBQbGMwHhcNMDgxMjAxMDAwMDAwWhcNMjQwMTI4
MDAwMDAwWjCBnDEiMCAGA1UEAxMZU29waG9zSW50ZXJtZWRpYXRlRXhwMjAyNDEi
MCAGCSqGSIb3DQEJARYTc29waG9zY2FAc29waG9zLmNvbTEUMBIGA1UECBMLT3hm
b3Jkc2hpcmUxCzAJBgNVBAYTAlVLMRMwEQYDVQQKEwpTb3Bob3MgTHRkMRowGAYD
VQQLExFTb3Bob3NTZWN1cmVCdWlsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPP2jxQPAX3fGCjB27ca1tLqgvvwbtkpJQ3HBOiDOoshZomCSEhBduTN
KYSXVNS4Ta+shE3G0NRYh0x51xG9I5M79rgebqZrUMm/iHayJu2z8F/Vuc8c2wZP
JFB/PDxgCLTE8XkSm/o56mrS7flWBgcS5odSF7vC21dd/M5B03/DArt9XEk+0bhA
pHDgeS0LYyZrFLg4f8CpQoyTJS4ar4urZJRyhLJbcognr7FA9q7RlGdiwlYh6Upq
ioHIHfVT1j2t6KJCUO/zHowkCE5D5mp/pVG+lSReA6GAgtEFRKOpSGA6OTj3csou
YjFm6hIG/qSBi74uW4dKsfWF1jjYHd0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAGPIEHpFysO7eBpZDnTMglK0Z4Z4Mq78KXT8d8S+A
8Ds6zuGoT3So0tsI1DiVPodZ8Un3y4rJ4NnO1ueXMwWBvKQVQu7kcBH4d50m/yb5
rZkdg3qIyevIsNFb5AQ2wuM0/LT2KTmYgv09Jy/D58XoKSMtnU9dT57sgwZ0DHE1
RKUUuWceStccPDViBzVGKWgNgNSlzFFIqHYwyohKidh2IFQKw18p+qcAEwcS9KP/
09e1jqpl8FzfxpSfXV+Djouudu9H75mkvvYPoUuZeFeYKrEgFLq9IuDqvflBgL+/
fS8PCgvVMn5tAKMdsV+AOGZ/Shmmo3aLs6nfNyooDsO0Aw==
-----END CERTIFICATE-----
    I have overwritten the Username with 7XXXXXXXXX , and pasted into a Txt doc.

  • 0 in reply to Tania Keenan1

    Hello Tania Keenan1,

    thanks.
    This is traffic to/from dci.sophosupd.com, meta information and catalogs. This isn't all of the traffic up to the download error though - is it? As I don't see the request for the failing .dat (and Host: isn't one of the dn.sophosupd). I'd expect the possibly incorrect headers near the end of the capture.

    Christian

  • 0 in reply to QC

    Thats all the data that there was using the filter you suggested.

     

    However,,, I have just run the capture again and the update went through with no issues.....

    I have manually updated 2 other Pros as well and they are now also updating successfully .

Unfiltered HTML