This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deployment for Windows Servers Error

Good Day,

 

I'm facing an error in one of our Network Environment. We have 12 network environments and these zone only got these problem. I'm having an error with deploying the endpoint protection from Console to Windows Client. Though the scheduled task was successfully executed, it seems that there's still some errors. Here's what I got from a fresh log I generated

[ALUpdatexxxx.log]

Trace(2018-Dec-31 10:32:58): UpdateCoordinator::UpdateNow: current platform is WIN_10_SVR_X64 reelase: 1607
Trace(2018-Dec-31 10:32:58): Failed to load status file: C:\ProgramData\Sophos\AutoUpdate\data\status\status.xml
Trace(2018-Dec-31 10:32:58): ProductFactory::Create: SimpleProduct: {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2018-Dec-31 10:32:58): ProductFactory::Create: SimpleProduct: {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2018-Dec-31 10:32:58): CIDMapFile::Create C:\ProgramData\Sophos\AutoUpdate\cache\sau.map
Trace(2018-Dec-31 10:32:58): AddSpecialRootFiles: theFile = sau.map theRoot = C:\ProgramData\Sophos\AutoUpdate\cache
Trace(2018-Dec-31 10:32:58): ProductFactory::Create: SAU Product
Trace(2018-Dec-31 10:32:58): ProductFactory::Create: SimpleProduct: {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
Trace(2018-Dec-31 10:32:58): ProductFactory::Create: SimpleProduct: {8087796B-2289-4897-98A5-58FF23DAAFD0}
Trace(2018-Dec-31 10:32:58): ProductFactory::Create: SimpleProduct: {1129226C-32AB-4B72-85E1-A9CC8DFBC859}
Trace(2018-Dec-31 10:32:58): RelativeCidUpdateSourceLocator::AugmentUpdateSources: Entering
Trace(2018-Dec-31 10:32:58): Processing CID update location: \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2018-Dec-31 10:32:58): RelativeCidUpdateSourceLocator::AugmentUpdateSources: Finished. Number of new locations added: 0
Trace(2018-Dec-31 10:32:58): UpdateCoordinator::UpdateNow: About to Sync list of products
Trace(2018-Dec-31 10:32:58): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2018-Dec-31 10:32:58): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2018-Dec-31 10:32:58): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2018-Dec-31 10:32:58): Calling package_source_init
Trace(2018-Dec-31 10:32:58): TrySyncProduct, Calling BeginSync
Trace(2018-Dec-31 10:32:58): Logging on network access user
Trace(2018-Dec-31 10:32:58): Attempting to make a connection to remote machine \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2018-Dec-31 10:32:58): CIDUpdate(Info): \\[SophosEndPointServer]\SophosUpdate, [SophosEndPointServer]\SophosUpdateMgr, 1909
Trace(2018-Dec-31 10:32:58): GetCacDotPemFromLocalRMS could not open the Router registry key.
Trace(2018-Dec-31 10:32:58): GetCacDotPemFromSUM could not open the Management Tools registry key.
Trace(2018-Dec-31 10:32:58): Custom certificate could not be obtained.
Trace(2018-Dec-31 10:32:58): Remote connection over UNC.
Trace(2018-Dec-31 10:32:58): File master.upd not found (Remote). Return code 0x80040f04
Trace(2018-Dec-31 10:32:58): Unable to read file master.upd (Remote)
Trace(2018-Dec-31 10:32:58): Unable to synchronise file root.upd.
Trace(2018-Dec-31 10:32:58): Unable to synchronise file escdp.dat.
Trace(2018-Dec-31 10:32:58): Unable to synchronise file expired_credential.dat.
Trace(2018-Dec-31 10:32:58): Unable to synchronise file ProductID.dat.
Trace(2018-Dec-31 10:32:58): Unable to synchronise file order.xml.
Trace(2018-Dec-31 10:32:58): Unable to recover file root.upd.
Trace(2018-Dec-31 10:32:58): Unable to recover file escdp.dat.
Trace(2018-Dec-31 10:32:58): Unable to recover file ProductID.dat.
Trace(2018-Dec-31 10:32:58): Unable to recover file expired_credential.dat.
Trace(2018-Dec-31 10:32:58): Unable to recover file order.xml.
Trace(2018-Dec-31 10:32:58): Error -2147217660 in ReadCustomerIDFile
Trace(2018-Dec-31 10:32:58): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2018-Dec-31 10:32:58): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
Trace(2018-Dec-31 10:32:58): CIDUpdate(SyncProduct.Start): RMSNT, \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2018-Dec-31 10:32:58): CIDUpdateLocation::Sync - Updating from local CID: \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\rms
Trace(2018-Dec-31 10:32:58): CIDSync(CidSyncMessage):
Trace(2018-Dec-31 10:32:58): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2018-Dec-31 10:32:58): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\rms.map
Trace(2018-Dec-31 10:32:58): CIDSync(CidSyncMessage): \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\rms,
Trace(2018-Dec-31 10:32:58): CIDUpdateLocation::SyncProduct: Failed to update product (RMSNT) from "\\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
Trace(2018-Dec-31 10:32:58): CIDUpdate(CIDDownloadFailed):
Trace(2018-Dec-31 10:32:59): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
Trace(2018-Dec-31 10:32:59): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
Trace(2018-Dec-31 10:32:59): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2018-Dec-31 10:32:59): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2018-Dec-31 10:32:59): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2018-Dec-31 10:32:59): Calling package_source_init
Trace(2018-Dec-31 10:32:59): TrySyncProduct, Calling BeginSync
Trace(2018-Dec-31 10:32:59): Logging on network access user
Trace(2018-Dec-31 10:32:59): Attempting to make a connection to remote machine \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\

 

 

Thanks a lot!



This thread was automatically locked due to age.
Parents
  • Hi,

    Going by:
    Trace(2018-Dec-31 10:32:58): Logging on network access user
    Trace(2018-Dec-31 10:32:58): Attempting to make a connection to remote machine \\[SophosEndPointServer]\SophosUpdate\CIDs\S000\SAVSCFXP\
    Trace(2018-Dec-31 10:32:58): CIDUpdate(Info): \\[SophosEndPointServer]\SophosUpdate, [SophosEndPointServer]\SophosUpdateMgr, 1909

    0x775 (WIN32: 1909 ERROR_ACCOUNT_LOCKED_OUT) -- 1909 (1909)

    Has the account been locked out?

    The only question then being is it the local SophosSAU account or the SophosUpdateMgr account.

    Regards,
    Jak

  • Hi Jak, 

    Thanks for quick response. Yeah it was locked out when I looked on lusrmgr.msc, I saw that there's a check on 'Account is locked out'. Im using the SophosUpdateMgr account. Should I recreate it, restart the AV server then redeploy?

     

    Regards,

  • If the SophosUpdateMgr account is locked out, does that suggest, that in one of the Updating policies, the password is incorrect leading to clients being sent and therefore using the wrong password?

    I assume it's the SophosUpdateMgr account rather than the local sophossauxxxx one?

    One option might be to open all the updating policies using that account and re-type the password.  This will hopefully send all the clients the "correct" one and prevent further lockouts.  You may have a battle until all computers have the correct one though.

    Otherwise, you could create a new updating account, called SophosUpdateMgr2 for example.  Ensure it has the right access to the sophosupdate share on the management server or wherever the clients are updating from, then add this to all of the updating policies.  It shouldn't take too long for all the clients to pick up the new updating policy assuming the computers are on.

    I guess which option you choose may depend on how many computers you have deployed and how many of them are currently connected.  If you have 10 computers and all are connected, it's probably easier to just update the password in the policies as all computers should get the policy pretty quick and have a slim chance of locking out the account again in the meantime.

    Regards,
    Jak

Reply
  • If the SophosUpdateMgr account is locked out, does that suggest, that in one of the Updating policies, the password is incorrect leading to clients being sent and therefore using the wrong password?

    I assume it's the SophosUpdateMgr account rather than the local sophossauxxxx one?

    One option might be to open all the updating policies using that account and re-type the password.  This will hopefully send all the clients the "correct" one and prevent further lockouts.  You may have a battle until all computers have the correct one though.

    Otherwise, you could create a new updating account, called SophosUpdateMgr2 for example.  Ensure it has the right access to the sophosupdate share on the management server or wherever the clients are updating from, then add this to all of the updating policies.  It shouldn't take too long for all the clients to pick up the new updating policy assuming the computers are on.

    I guess which option you choose may depend on how many computers you have deployed and how many of them are currently connected.  If you have 10 computers and all are connected, it's probably easier to just update the password in the policies as all computers should get the policy pretty quick and have a slim chance of locking out the account again in the meantime.

    Regards,
    Jak

Children
No Data