Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 12196 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

80070057

Steve Sze

Hi,

 

Just want to ask regarding the error Im having,

I installed Sophos Management Console using this guide:

>>>installation guide for air-gapped network

  • Problem occurred when I click on Protect computers I get the error 80070057
    • There's also a yellow exclamation point under Error tab aligned with the endpoint name
    • Already checked online but seems there's not much regarding this error
  • I checked the client and I was able to see the sophos autoupdate  as illustrated below:
  • It seems that the installation is incomplete

****Note that this is a hardened windows server 2016 so I enabled/disabled some reg keys plus local security policies,

****Maybe there's some policies I need to enable? 

 

Please help 

 

Thanks,



This thread was automatically locked due to age.
  • 0

    Hello Steve Sze,

    the installation is incomplete
    it looks like the started task triggered and successfully ran setup.exe (that performs the bootstrap install) but AutoUpdate failed to complete the installation.
    What's in the Remote Management System folder?
    In addition please check (or post) the ALUpdate log (in %ProgramData%\Sophos\AutoUpdate\Logs\). 

    Christian

  • 0 in reply to QC

    Oh that was a fast reply, thanks Christian

    anyway The Remote Management System has only the cac.pem and the mrinit files

    And from the ALUpdate log, I saw some failures:

    Trace(2018-Nov-21 00:52:32): Attempting to make a connection to remote machine \\<Management Console HostName>\SophosUpdate\CIDs\S000\SAVSCFXP\
    Trace(2018-Nov-21 00:52:32): CIDUpdate(Info): \\<Management Console HostName>\SophosUpdate, <Management Console HostName>\SophosUpgradeMgr, 1326
    Trace(2018-Nov-21 00:52:32): GetCacDotPemFromLocalRMS could not open the Router registry key.
    Trace(2018-Nov-21 00:52:32): GetCacDotPemFromSUM could not open the Management Tools registry key.
    Trace(2018-Nov-21 00:52:32): Custom certificate could not be obtained.
    Trace(2018-Nov-21 00:52:32): Remote connection over UNC.
    Trace(2018-Nov-21 00:52:32): File master.upd not found (Remote). Return code 0x80040f04
    Trace(2018-Nov-21 00:52:32): Unable to read file master.upd (Remote)
    Trace(2018-Nov-21 00:52:32): Unable to synchronise file root.upd.
    Trace(2018-Nov-21 00:52:32): Unable to synchronise file escdp.dat.
    Trace(2018-Nov-21 00:52:32): Unable to synchronise file expired_credential.dat.
    Trace(2018-Nov-21 00:52:32): Unable to synchronise file ProductID.dat.
    Trace(2018-Nov-21 00:52:32): Unable to synchronise file order.xml.
    Trace(2018-Nov-21 00:52:32): Unable to recover file root.upd.
    Trace(2018-Nov-21 00:52:32): Unable to recover file escdp.dat.
    Trace(2018-Nov-21 00:52:32): Unable to recover file ProductID.dat.
    Trace(2018-Nov-21 00:52:32): Unable to recover file expired_credential.dat.
    Trace(2018-Nov-21 00:52:32): Unable to recover file order.xml.
    Trace(2018-Nov-21 00:52:32): Error -2147217660 in ReadCustomerIDFile
    Trace(2018-Nov-21 00:52:32): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
    Trace(2018-Nov-21 00:52:32): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
    Trace(2018-Nov-21 00:52:32): CIDUpdate(SyncProduct.Start): RMSNT, \\<Management Console HostName>\SophosUpdate\CIDs\S000\SAVSCFXP\
    Trace(2018-Nov-21 00:52:32): CIDUpdateLocation::Sync - Updating from local CID: \\<Management Console HostName>\SophosUpdate\CIDs\S000\SAVSCFXP\rms
    Trace(2018-Nov-21 00:52:32): CIDSync(CidSyncMessage):
    Trace(2018-Nov-21 00:52:32): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
    Trace(2018-Nov-21 00:52:32): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\rms.map
    Trace(2018-Nov-21 00:52:32): CIDSync(CidSyncMessage): \\<Management Console HostName>\SophosUpdate\CIDs\S000\SAVSCFXP\rms,
    Trace(2018-Nov-21 00:52:32): CIDUpdateLocation::SyncProduct: Failed to update product (RMSNT) from "\\<Management Console HostName>\SophosUpdate\CIDs\S000\SAVSCFXP\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
    Trace(2018-Nov-21 00:52:32): CIDUpdate(CIDDownloadFailed):
    Trace(2018-Nov-21 00:52:33): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
    Trace(2018-Nov-21 00:52:33): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
    Trace(2018-Nov-21 00:52:33): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
    Trace(2018-Nov-21 00:52:33): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
    Trace(2018-Nov-21 00:52:33): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
    Trace(2018-Nov-21 00:52:33): Calling package_source_init
    Trace(2018-Nov-21 00:52:33): TrySyncProduct, Calling BeginSync

     

     

    Thanks

  • 0 in reply to Steve Sze

    Hello Steve Sze,

    only [two] files
    thought as much.

    While the error is obvious (<Management Console HostName>\SophosUpgradeMgr, 1326 meaning Logon failure: unknown user name or bad password.) it's not clear why it occurs.
    User and password are taken from the Updating policy (did you indeed name the user SophosUpgradeMgr    ?) assigned to the group the target server is in and they should be correct. Unless you changed this user's password or modified the policy these should be the credentials specified during SEC installation. Could you try to make a connection to the CID from the 2016 using these credentials?

    Christian

  • 0 in reply to QC

    Hello Christian,

     

    Ahhh I think I mistakenly named it SophosUpgradeMgr during the creation of user :( I checked the updating policy:

     

     

     

    How can I make a connection to CID from the client? Also, should I replace those with SophosUpdateMgr?

     

    Thanks

  • 0 in reply to Steve Sze

    Hello Christian, 

     

    You mean accessing the CID folder from 2016 client? I can open it with:

     Run \\\<Management Server Console Host Name>\SophosUpdate\CIDs

     

    Thanks

  • +1 in reply to Steve Sze

    Hello Steve Sze,

    yes. I can open it - without giving any credentials or using SophosUpgradeMgr? The name doesn't matter, you don't have to change it. Some background: During SEC install this user is given NTFS Read permission to the SophosUpdate share and the Default policy and any policy you Create are pre-configured with its credentials. 

    If you haven't made any changes to this account or to the credentials in the updating policy you shouldn't get 1326. Unlikely but maybe not impossible that obfuscation and de-obfuscation eventually corrupt the password (shouldn't happen, might happen if you used "very special characters").
    If you can connect (Map Network Drive, Connect using different credentials or the equivalent command line command) but AutoUpdate fails I'd first try to re-enter the password in the updating policy and re-run Protect. If it still fails I'd change the account's password to a value as simple as your security policy permits, change the password in the policy, re-run Protect

    Christian   

     

  • 0 in reply to QC

    Hi Christian,

     

    So I followed this guide: 

    Sophos Endpoint Security and Control: How to change the username and password for the updating policy

    Updated the database account used by the Updating policy and was able to successfully protect my first windows endpoint after 1 day of research haha

     

    Thanks a lot for your help mate!

    cheers!

Unfiltered HTML