Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 4313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Download of Sophos clean failed issue

Amir G

Hi,

I noticed some computers in the console have an error. the error is "Download of Sophos clean failed from server \\XXX\Sophosupdate\CIDs\S000\OPMHMPA".

How can I fix this issue?
we have Sophos Enterprise 5.5.0, Sophos clean 3.7.21.105, Sophos endpoint 1.0.7.2,



This thread was automatically locked due to age.
  • 0

    Hello Amir G,

    minor correction: Sophos endpoint 1.0.7.2 is likely Sophos Endpoint Defense 1.0.7.2

    Anyway, if the error is not transient please check the verbose ALUpdate log (in %ProgramData%\Sophos\AutoUpdate\Logs\), it should have the details on the download error.

    Christian

  • 0 in reply to QC

    Thank you for your help. but I don't know what should I look for in the log files.

    I've attached the log files, can check them.

     

    ALUpdate20181108T012628.2713890.log1423.alc.log

  • 0 in reply to Amir G

    Hello Amir G,

    apparently this is an AD environment but it looks like the endpoint is either not on the LAN or not joined to the domain.

    Attempting to make a connection to remote machine \\PATCHSRV\SophosUpdate\CIDs\S000\SAVSCFXP\
    CIDUpdate(Info): \\PATCHSRV\SophosUpdate, AMICO\SophosManagement, 53

    53 is The network path was not found. Normally this means the endpoint can't resolve to name to an IP.

    Obviously Sophos is set as secondary update location and consequently, as the Primary fails, it is tried but without success:

    server = sophos
    Adding Sophos Update Location: dci.sophosupd.com/update
    Adding Sophos Update Location: dci.sophosupd.net/update
    No manually configured proxy.
    SULDownloader setup successful.
    SubscriptionProvider: F26F7EC0-1302-4DA7-8B6B-A5383051D41A/10.8.2.3.3730.1/
    Enumerating available product versions...
    Out of sources

    This looks like like the endpoint can't reach the Sophos servers and as it fails instantly either the names can't be resolved or the connection is refused.

    I can't say though what the expected behaviour is (other than updating should work) - it seems the endpoints are on the LAN but don't have Internet connectivity. In this case the reason is that the unqualified server name can't be resolved. As they communicate with the server I assume it's not that they are "outside" and should fall back to using Sophos as update location but fail to connect to it.

    Christian

Unfiltered HTML