This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to update air-gapped machine, below is the log file

Hi,

I am unable to update my endpoint on air-gapped network.

below is the logs attached.

Appreciate your support.

Trace(2019-Jun-23 16:03:01): =========================
Trace(2019-Jun-23 16:03:01): ALUpdate is starting.
Trace(2019-Jun-23 16:03:01): AutoUpdate version: 5.14
Trace(2019-Jun-23 16:03:01): Build : 212545
Trace(2019-Jun-23 16:03:01): Command line : -ManualUpdate -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"
Trace(2019-Jun-23 16:03:01): =========================
Trace(2019-Jun-23 16:03:01): Process security set successfully
Trace(2019-Jun-23 16:03:01): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
Trace(2019-Jun-23 16:03:01): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
Trace(2019-Jun-23 16:03:01): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
Trace(2019-Jun-23 16:03:01): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
Trace(2019-Jun-23 16:03:01): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
Trace(2019-Jun-23 16:03:01): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is available from Sophos.
Trace(2019-Jun-23 16:03:01): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not the Spam Rules package.
Trace(2019-Jun-23 16:03:01): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
Trace(2019-Jun-23 16:03:01): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
Trace(2019-Jun-23 16:03:01): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
Trace(2019-Jun-23 16:03:01): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
Trace(2019-Jun-23 16:03:01): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is available from Sophos.
Trace(2019-Jun-23 16:03:01): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is the Spam Rules package.
Trace(2019-Jun-23 16:03:01): Computer is a not possible cluster
Trace(2019-Jun-23 16:03:01): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
Trace(2019-Jun-23 16:03:01): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
Trace(2019-Jun-23 16:03:01): Considering subscribed products.
Trace(2019-Jun-23 16:03:01): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2019-Jun-23 16:03:01): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
Trace(2019-Jun-23 16:03:01): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
Trace(2019-Jun-23 16:03:01): Considering product {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2019-Jun-23 16:03:01): Considering product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
Trace(2019-Jun-23 16:03:01): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} is not already subscribed.
Trace(2019-Jun-23 16:03:01): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} was added to the list.
Trace(2019-Jun-23 16:03:01): Product {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E} is removable.
Trace(2019-Jun-23 16:03:01): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} was added to the list.
Trace(2019-Jun-23 16:03:01): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} is optional.
Trace(2019-Jun-23 16:03:01): Product {8087796B-2289-4897-98A5-58FF23DAAFD0} is removable.
Trace(2019-Jun-23 16:03:01): Product {1129226C-32AB-4B72-85E1-A9CC8DFBC859} was added to the list.
Trace(2019-Jun-23 16:03:01): Product {1129226C-32AB-4B72-85E1-A9CC8DFBC859} is optional.
Trace(2019-Jun-23 16:03:01): Product {1129226C-32AB-4B72-85E1-A9CC8DFBC859} is removable.
Trace(2019-Jun-23 16:03:01): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
Trace(2019-Jun-23 16:03:01): IPCSender::ProcessSend started
Trace(2019-Jun-23 16:03:01): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2019-Jun-23 16:03:01): RMSMessageHandler: ALUpdateStart
Trace(2019-Jun-23 16:03:01): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2019-Jun-23 16:03:01): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2019-Jun-23 16:03:01): IPCSender::ProcessSend: No messages in queue, starting to wait
Trace(2019-Jun-23 16:03:01): ALUpdate(AutoUpdate.Started):
Trace(2019-Jun-23 16:03:01): UpdateCoordinator::UpdateNow: Entering
Trace(2019-Jun-23 16:03:01): PopulateCache: Entering
Trace(2019-Jun-23 16:03:01): UpdateCoordinator::UpdateNow: current platform is WIN_10_X64 reelase: 1903
Trace(2019-Jun-23 16:03:01): ProductFactory::Create: SimpleProduct: {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2019-Jun-23 16:03:01): ProductFactory::Create: SAU Product
Trace(2019-Jun-23 16:03:01): CIDMapFile::Create C:\ProgramData\Sophos\AutoUpdate\cache\ssp.map
Trace(2019-Jun-23 16:03:01): ProductFactory::Create: SimpleProduct: {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
Trace(2019-Jun-23 16:03:01): ProductFactory::Create: SimpleProduct: {8087796B-2289-4897-98A5-58FF23DAAFD0}
Trace(2019-Jun-23 16:03:01): ProductFactory::Create: SimpleProduct: {1129226C-32AB-4B72-85E1-A9CC8DFBC859}
Trace(2019-Jun-23 16:03:01): RelativeCidUpdateSourceLocator::AugmentUpdateSources: Entering
Trace(2019-Jun-23 16:03:01): Processing CID update location: \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:01): RelativeCidUpdateSourceLocator::AugmentUpdateSources: Finished. Number of new locations added: 0
Trace(2019-Jun-23 16:03:01): UpdateCoordinator::UpdateNow: About to Sync list of products
Trace(2019-Jun-23 16:03:01): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2019-Jun-23 16:03:01): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2019-Jun-23 16:03:01): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2019-Jun-23 16:03:01): Calling package_source_init
Trace(2019-Jun-23 16:03:01): TrySyncProduct, Calling BeginSync
Trace(2019-Jun-23 16:03:01): Logging on network access user
Trace(2019-Jun-23 16:03:01): Attempting to make a connection to remote machine \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:01): Connection to remote machine \\online\SophosUpdate\ successful
Trace(2019-Jun-23 16:03:01): GetCacDotPemFromLocalRMS could not open the Router registry key.
Trace(2019-Jun-23 16:03:01): GetCacDotPemFromSUM could not open the Management Tools registry key.
Trace(2019-Jun-23 16:03:01): Custom certificate could not be obtained.
Trace(2019-Jun-23 16:03:01): Remote connection over UNC.
Trace(2019-Jun-23 16:03:01): File master.upd not found (Remote). Return code 0x80040f0b
Trace(2019-Jun-23 16:03:01): Unable to read file master.upd (Remote)
Trace(2019-Jun-23 16:03:01): Unable to synchronise file root.upd.
Trace(2019-Jun-23 16:03:01): Unable to synchronise file escdp.dat.
Trace(2019-Jun-23 16:03:01): Unable to synchronise file expired_credential.dat.
Trace(2019-Jun-23 16:03:01): Unable to synchronise file ProductID.dat.
Trace(2019-Jun-23 16:03:01): Unable to synchronise file order.xml.
Trace(2019-Jun-23 16:03:01): Unable to recover file root.upd.
Trace(2019-Jun-23 16:03:01): Unable to recover file escdp.dat.
Trace(2019-Jun-23 16:03:01): Unable to recover file ProductID.dat.
Trace(2019-Jun-23 16:03:01): Unable to recover file expired_credential.dat.
Trace(2019-Jun-23 16:03:01): Unable to recover file order.xml.
Trace(2019-Jun-23 16:03:01): Error -2147217653 in ReadCustomerIDFile
Trace(2019-Jun-23 16:03:01): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2019-Jun-23 16:03:01): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
Trace(2019-Jun-23 16:03:01): CIDUpdate(SyncProduct.Start): SAVXP, \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:01): CIDUpdateLocation::Sync - Updating from local CID: \\online\SophosUpdate\savxp
Trace(2019-Jun-23 16:03:01): CIDSync(CidSyncMessage):
Trace(2019-Jun-23 16:03:01): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2019-Jun-23 16:03:01): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\savxp.map
Trace(2019-Jun-23 16:03:01): CIDSync(CidSyncMessage): \\online\SophosUpdate\savxp,
Trace(2019-Jun-23 16:03:01): CIDUpdateLocation::SyncProduct: Failed to update product (SAVXP) from "\\online\SophosUpdate\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
Trace(2019-Jun-23 16:03:01): CIDUpdate(CIDDownloadFailed):
Trace(2019-Jun-23 16:03:03): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
Trace(2019-Jun-23 16:03:03): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
Trace(2019-Jun-23 16:03:03): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2019-Jun-23 16:03:03): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2019-Jun-23 16:03:03): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2019-Jun-23 16:03:03): Calling package_source_init
Trace(2019-Jun-23 16:03:03): TrySyncProduct, Calling BeginSync
Trace(2019-Jun-23 16:03:03): Logging on network access user
Trace(2019-Jun-23 16:03:03): Attempting to make a connection to remote machine \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:03): Connection to remote machine \\online\SophosUpdate\ successful
Trace(2019-Jun-23 16:03:03): GetCacDotPemFromLocalRMS could not open the Router registry key.
Trace(2019-Jun-23 16:03:03): GetCacDotPemFromSUM could not open the Management Tools registry key.
Trace(2019-Jun-23 16:03:03): Custom certificate could not be obtained.
Trace(2019-Jun-23 16:03:03): Remote connection over UNC.
Trace(2019-Jun-23 16:03:03): File master.upd not found (Remote). Return code 0x80040f0b
Trace(2019-Jun-23 16:03:03): Unable to read file master.upd (Remote)
Trace(2019-Jun-23 16:03:03): Unable to synchronise file root.upd.
Trace(2019-Jun-23 16:03:03): Unable to synchronise file escdp.dat.
Trace(2019-Jun-23 16:03:03): Unable to synchronise file expired_credential.dat.
Trace(2019-Jun-23 16:03:03): Unable to synchronise file ProductID.dat.
Trace(2019-Jun-23 16:03:03): Unable to synchronise file order.xml.
Trace(2019-Jun-23 16:03:03): Unable to recover file root.upd.
Trace(2019-Jun-23 16:03:03): Unable to recover file escdp.dat.
Trace(2019-Jun-23 16:03:03): Unable to recover file ProductID.dat.
Trace(2019-Jun-23 16:03:03): Unable to recover file expired_credential.dat.
Trace(2019-Jun-23 16:03:03): Unable to recover file order.xml.
Trace(2019-Jun-23 16:03:03): Error -2147217653 in ReadCustomerIDFile
Trace(2019-Jun-23 16:03:03): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2019-Jun-23 16:03:03): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
Trace(2019-Jun-23 16:03:03): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:03): CIDUpdateLocation::Sync - Updating from local CID: \\online\SophosUpdate\sau
Trace(2019-Jun-23 16:03:03): CIDSync(CidSyncMessage):
Trace(2019-Jun-23 16:03:03): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2019-Jun-23 16:03:03): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\sau.map
Trace(2019-Jun-23 16:03:03): CIDSync(CidSyncMessage): \\online\SophosUpdate\sau,
Trace(2019-Jun-23 16:03:03): CIDUpdateLocation::SyncProduct: Failed to update product (Sophos AutoUpdate) from "\\online\SophosUpdate\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
Trace(2019-Jun-23 16:03:03): CIDUpdate(CIDDownloadFailed):
Trace(2019-Jun-23 16:03:04): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
Trace(2019-Jun-23 16:03:04): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
Trace(2019-Jun-23 16:03:04): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2019-Jun-23 16:03:04): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2019-Jun-23 16:03:04): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2019-Jun-23 16:03:04): Calling package_source_init
Trace(2019-Jun-23 16:03:04): TrySyncProduct, Calling BeginSync
Trace(2019-Jun-23 16:03:04): Logging on network access user
Trace(2019-Jun-23 16:03:04): Attempting to make a connection to remote machine \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:04): Connection to remote machine \\online\SophosUpdate\ successful
Trace(2019-Jun-23 16:03:04): GetCacDotPemFromLocalRMS could not open the Router registry key.
Trace(2019-Jun-23 16:03:04): GetCacDotPemFromSUM could not open the Management Tools registry key.
Trace(2019-Jun-23 16:03:04): Custom certificate could not be obtained.
Trace(2019-Jun-23 16:03:04): Remote connection over UNC.
Trace(2019-Jun-23 16:03:04): File master.upd not found (Remote). Return code 0x80040f0b
Trace(2019-Jun-23 16:03:04): Unable to read file master.upd (Remote)
Trace(2019-Jun-23 16:03:04): Unable to synchronise file root.upd.
Trace(2019-Jun-23 16:03:04): Unable to synchronise file escdp.dat.
Trace(2019-Jun-23 16:03:04): Unable to synchronise file expired_credential.dat.
Trace(2019-Jun-23 16:03:04): Unable to synchronise file ProductID.dat.
Trace(2019-Jun-23 16:03:04): Unable to synchronise file order.xml.
Trace(2019-Jun-23 16:03:04): Unable to recover file root.upd.
Trace(2019-Jun-23 16:03:04): Unable to recover file escdp.dat.
Trace(2019-Jun-23 16:03:04): Unable to recover file ProductID.dat.
Trace(2019-Jun-23 16:03:04): Unable to recover file expired_credential.dat.
Trace(2019-Jun-23 16:03:04): Unable to recover file order.xml.
Trace(2019-Jun-23 16:03:04): Error -2147217653 in ReadCustomerIDFile
Trace(2019-Jun-23 16:03:04): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
Trace(2019-Jun-23 16:03:04): CIDUpdateLocation::SyncProduct - Updating Product: Sophos System Protection
Trace(2019-Jun-23 16:03:04): CIDUpdate(SyncProduct.Start): Sophos System Protection, \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:04): CIDUpdateLocation::Sync - Updating from local CID: \\online\SophosUpdate\ssp
Trace(2019-Jun-23 16:03:04): CIDSync(CidSyncMessage):
Trace(2019-Jun-23 16:03:04): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2019-Jun-23 16:03:04): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\ssp.map
Trace(2019-Jun-23 16:03:04): CIDSync(CidSyncMessage): \\online\SophosUpdate\ssp,
Trace(2019-Jun-23 16:03:04): CIDUpdateLocation::SyncProduct: Failed to update product (Sophos System Protection) from "\\online\SophosUpdate\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
Trace(2019-Jun-23 16:03:04): CIDUpdate(CIDDownloadFailed):
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
Trace(2019-Jun-23 16:03:05): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2019-Jun-23 16:03:05): Calling package_source_init
Trace(2019-Jun-23 16:03:05): TrySyncProduct, Calling BeginSync
Trace(2019-Jun-23 16:03:05): Logging on network access user
Trace(2019-Jun-23 16:03:05): Attempting to make a connection to remote machine \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:05): Connection to remote machine \\online\SophosUpdate\ successful
Trace(2019-Jun-23 16:03:05): GetCacDotPemFromLocalRMS could not open the Router registry key.
Trace(2019-Jun-23 16:03:05): GetCacDotPemFromSUM could not open the Management Tools registry key.
Trace(2019-Jun-23 16:03:05): Custom certificate could not be obtained.
Trace(2019-Jun-23 16:03:05): Remote connection over UNC.
Trace(2019-Jun-23 16:03:05): File master.upd not found (Remote). Return code 0x80040f0b
Trace(2019-Jun-23 16:03:05): Unable to read file master.upd (Remote)
Trace(2019-Jun-23 16:03:05): Unable to synchronise file root.upd.
Trace(2019-Jun-23 16:03:05): Unable to synchronise file escdp.dat.
Trace(2019-Jun-23 16:03:05): Unable to synchronise file expired_credential.dat.
Trace(2019-Jun-23 16:03:05): Unable to synchronise file ProductID.dat.
Trace(2019-Jun-23 16:03:05): Unable to synchronise file order.xml.
Trace(2019-Jun-23 16:03:05): Unable to recover file root.upd.
Trace(2019-Jun-23 16:03:05): Unable to recover file escdp.dat.
Trace(2019-Jun-23 16:03:05): Unable to recover file ProductID.dat.
Trace(2019-Jun-23 16:03:05): Unable to recover file expired_credential.dat.
Trace(2019-Jun-23 16:03:05): Unable to recover file order.xml.
Trace(2019-Jun-23 16:03:05): Error -2147217653 in ReadCustomerIDFile
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {8087796B-2289-4897-98A5-58FF23DAAFD0}
Trace(2019-Jun-23 16:03:05): CIDUpdateLocation::SyncProduct - Updating Product: Sophos Network Threat Protection
Trace(2019-Jun-23 16:03:05): CIDUpdate(SyncProduct.Start): Sophos Network Threat Protection, \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:05): Optional product not found in master.upd. Skipping download
Trace(2019-Jun-23 16:03:05): CIDUpdate(PrimarySuccess):
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
Trace(2019-Jun-23 16:03:05): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
Trace(2019-Jun-23 16:03:05): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2019-Jun-23 16:03:05): CIDUpdateLocation::SyncProduct - Updating Product: Sophos Endpoint Defense
Trace(2019-Jun-23 16:03:05): CIDUpdate(SyncProduct.Start): Sophos Endpoint Defense, \\online\SophosUpdate\
Trace(2019-Jun-23 16:03:05): Optional product not found in master.upd. Skipping download
Trace(2019-Jun-23 16:03:05): CIDUpdate(PrimarySuccess):
Trace(2019-Jun-23 16:03:06): ALUpdate(DownloadEnded):
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: loading SAUControl.xml
Trace(2019-Jun-23 16:03:06): SAUControlConfigParser:: Cache path: ""
Trace(2019-Jun-23 16:03:06): SAUControlConfigParser: SAUControl config path is: "sau\saucontrol\saucontrol.xml"
Trace(2019-Jun-23 16:03:06): SAUControlConfigParser:: Caught runtime_error exception: SAUControl config is not available
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: loading order.xml
Trace(2019-Jun-23 16:03:06): InstallSequencer:: Cache path: ""
Trace(2019-Jun-23 16:03:06): InstallSequencer:: Caught runtime_error exception: Invalid cache path.
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Failed to process order.xml.
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Sorting products in order of install sequence
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: About to Action list of products
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Update Mode for Sophos Network Threat Protection is: 0
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction isLater=true, skipAction=false, isUninstall=true, m_lastUpdateSucceeded=false, numfilestocahce=1, Actiontype=Setup, Not preinstalled product
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction for {8087796B-2289-4897-98A5-58FF23DAAFD0}
Trace(2019-Jun-23 16:03:06): Null update
Trace(2019-Jun-23 16:03:06): ALUpdate(Action.Skipped): Sophos Network Threat Protection
Trace(2019-Jun-23 16:03:06): CIDUpdateLocation::OnNullUpdate...
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Update Mode for Sophos Endpoint Defense is: 0
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction isLater=true, skipAction=false, isUninstall=true, m_lastUpdateSucceeded=false, numfilestocahce=1, Actiontype=Setup, Not preinstalled product
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction for {1129226C-32AB-4B72-85E1-A9CC8DFBC859}
Trace(2019-Jun-23 16:03:06): Null update
Trace(2019-Jun-23 16:03:06): ALUpdate(Action.Skipped): Sophos Endpoint Defense
Trace(2019-Jun-23 16:03:06): CIDUpdateLocation::OnNullUpdate...
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Update Mode for SAVXP is: 0
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction isLater=false, skipAction=false, isUninstall=false, m_lastUpdateSucceeded=false, numfilestocahce=1, Actiontype=Setup, Not preinstalled product
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction for {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Update Mode for Sophos System Protection is: 0
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction isLater=false, skipAction=false, isUninstall=false, m_lastUpdateSucceeded=false, numfilestocahce=1, Actiontype=Setup, Not preinstalled product
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction for {F8FFD42E-47AC-4CFF-9E27-EC84ED62128E}
Trace(2019-Jun-23 16:03:06): UpdateCoordinator::UpdateNow: Update Mode for Sophos AutoUpdate is: 0
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction isLater=false, skipAction=false, isUninstall=false, m_lastUpdateSucceeded=false, numfilestocahce=1, Actiontype=Setup, Not preinstalled product
Trace(2019-Jun-23 16:03:06): SimpleProduct::DoAction for {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2019-Jun-23 16:03:07): RMSMessageHandler: ALUpdateEnd
Trace(2019-Jun-23 16:03:07): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>CIDDownloadFailed</ID><StringID>107</StringID><Sender>CIDUpdate</Sender><Insert>Sophos System Protection</Insert><Insert>\\online\SophosUpdate\</Insert></ErrorMessage><ReadableMessage>ERROR: Download of Sophos System Protection failed from server \\online\SophosUpdate\</ReadableMessage></Config>
Trace(2019-Jun-23 16:03:07): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>CIDDownloadFailed</ID><StringID>107</StringID><Sender>CIDUpdate</Sender><Insert>Sophos System Protection</Insert><Insert>\\online\SophosUpdate\</Insert></ErrorMessage><ReadableMessage>ERROR: Download of Sophos System Protection failed from server \\online\SophosUpdate\</ReadableMessage></Config>
Trace(2019-Jun-23 16:03:07): Telemetry::LoadTelemetrySupplement 344: Telemetry Interval set to 86400 seconds
Trace(2019-Jun-23 16:03:07): Telemetry::LoadDocument 190: C:\ProgramData\Sophos\AutoUpdate\\Config\TelemetryConfig.json does not exist
Trace(2019-Jun-23 16:03:07): Telemetry::LoadDocument 190: TelemetryConfig.json does not exist
Trace(2019-Jun-23 16:03:07): Telemetry::LoadTelemetrySupplement 361: Empty/No configuration telemetry has been disabled
Trace(2019-Jun-23 16:03:07): IPCSender::ProcessSend: Listener not ready starting to wait
Trace(2019-Jun-23 16:03:07): Telemetry::CalculateLastTelemtryTime 134: Telemetry last ran at 2019-06-23 15:01:57, Offset 2025, Offset Time 2019-06-23 15:35:42
Trace(2019-Jun-23 16:03:07): Telemetry::HasTelemetrySchedulePeriodElapsed 157: Telemetry schedule has not elapsed.
Trace(2019-Jun-23 16:03:08): IPCSender::ProcessSend exiting
Trace(2019-Jun-23 16:03:08): ALUpdate finished



This thread was automatically locked due to age.
  • Hello Zeeshan Shaban Ali,

    apparently it tries to update from \\online\SophosUpdate\ and it can make a SMB connection to the server online (or whatever its name if online is a pseudonym) but the share's contents aren't as expected. The update location must point to the SAVSCFXP folder, so either \SophosUpdate\ must share SAVSCFXP or the update path must point to it (e.g. \\online\SophosUpdate\CIDs\S000\SAVSCFXP\.

    Christian

  • Hi Christian,

     

    Thank you for your response. 

    Online is my server name. where My SEC is installed. 

    I have shared the path to SAVSCFXP and it worked. (this was done in my test LAB). According to the KB https://community.sophos.com/kb/en-us/64899 it was Warehouse folder to get updates. but that was not working.

    Now I have been trying to update my air-gapped SEC (this air gapped server has never been connected to internet after installing SEC) but unfortunately I'm unable to do: As per the KB I have to copy and share the warehouse folder from the non Air gapped network to air gapped server? am i right? config the update manager? attached is the screenshot.

      

    Please dont get confused as my air-gapped server name is also online as i have cloned the  VM.

    Please let me know if you would like more info.

    Appreciate you response.

    Regards,

     

    Zeeshan

     

  • Hello Zeeshan,

    thanks for the screenshots, quite helpful.

    Now am I right that this is the AutoUpdate log from ONLINE itself trying to update from its own CID?
    You are commingling two different update mechanisms:

    • The Endpoint software (SESC/SAVXP) is updated by AutoUpdate that needs either a CID or an AutoUpdate cache as source. For a managed computer the path to the CID is set with an Updating Policy (e.g. New Policy) - note that in SEC the policy the path ends with the share and CIDS\ and the subscription tag (e.g. S000\) . and platform-specific parts (SACSCFXP\) are automatically appended - whereas in the local GUI's Configure updating the full path has to be specified (note that once a managed computer has received an updating policy the configuration will be R/O). There is no value in the Policy compliance column so I assume ONLINE is still in the Unassigned group where it initially has been. You've installed SESC (SAVXP) manually running setup.exe? Wonder how the incomplete path got into the update settings.
    • The sources needed to deploy and update the CIDs are update by the Sophos Update Manager (SUM), that either downloads from Sophos or a copied/shared Warehouse under the SophosUpdate share. This is (as it seems correctly) configured in the Source Details that you showed.

    Thus you'd have to

    1. check one of the updating policies (Default or New Policy) for the correct path (\\ONLINE\SophosUpdate\) - this should be the case
    2. assign this policy to New Group
    3. move ONLINE to New Group

    Once ONLINE complies with the policy it should be able to update successfully-

    Christian

  • QC said:

     

    Now am I right that this is the AutoUpdate log from ONLINE itself trying to update from its own CID?

    I guess since i have two different machines and i have been trying different scenarios to update them so can't really remember.

     

    QC said:

    You are commingling two different update mechanisms:
    • The Endpoint software (SESC/SAVXP) is updated by AutoUpdate that needs either a CID or an AutoUpdate cache as source.

    ok

QC said:
  • For a managed computer the path to the CID is set with an Updating Policy (e.g. New Policy) - note that in SEC the policy the path ends with the share and CIDS\ and the subscription tag (e.g. S000\) . and platform-specific parts (SACSCFXP\) are automatically appended - whereas in the local GUI's Configure updating the full path has to be specified (note that once a managed computer has received an updating policy the configuration will be R/O). There is no value in the Policy compliance column so I assume ONLINE is still in the Unassigned group where it initially has been.

Yes

QC said:
  • You've installed SESC (SAVXP) manually running setup.exe? Wonder how the incomplete path got into the update settings.

i installed the standalone version as well as i tried to use the deployment packager.

QC said:

 

  • The sources needed to deploy and update the CIDs are update by the Sophos Update Manager (SUM), that either downloads from Sophos or a copied/shared Warehouse under the SophosUpdate share. This is (as it seems correctly) configured in the Source Details that you showed.

QC said:

 

Thus you'd have to

  1. check one of the updating policies (Default or New Policy) for the correct path (\\ONLINE\SophosUpdate\) - this should be the case

hope this is correct now.

QC said:
  1. assign this policy to New Group
  2. move ONLINE to New Group

Done

QC said:

Once ONLINE complies with the policy it should be able to update successfully-

 

Awaiting for your response. If it is possible for you to have a remote session? let me know i can send you an invitation.

Regards,

Zeeshan

 
  • Hello Zeeshan,

    I'm afraid, no - I'm not Sophos.

    To sort it out:

    • SophosUpdateManager is a folder you have created "somewhere" in the filesystem and you copied the \Warehouse\ from the SEC with the Internet connection into it (although it looks like you've copied all the contents the \SophosUpdate\ share)?
    • there is a share \\ONLINE\SophosUpdate\ and it also contains \CIDs\... ?
    • your updating policy should contain just \\ONLINE\SophosUpdate

      no additional path elements, as said in my previous post SEC appends the necessary parts. Furthermore it should point to the CID managed by \\ONLINE, not the copy from the other SEC/SUM

    BTW: Do not use an administrative account in the policy, create an account with more rights than necessary. Although they are obfuscated the credentials can be derived from the AutoUpdate configuration by any user of a computer. Even if it might not matter on the air-gap network it's bad practice and a bad habit.

    Christian

  • Hi,

    to answer your question

    QC said:
    SophosUpdateManager is a folder you have created "somewhere" in the filesystem and you copied the \Warehouse\ from the SEC with the Internet connection into it (although it looks like you've copied all the contents the \SophosUpdate\ share)?

    Yes. it is called source update just shared as "sophosupdatemanager" 

    Am i suppose to share only warehouse or all the content?

    QC said:
    there is a share \\ONLINE\SophosUpdate\ and it also contains \CIDs\... ?

     

    No, this is the same folder i created called Source update and shared it. Earlier i was not able to update SEC so i tot to copy the warehouse folder directly to  "C:\ProgramData\Sophos\Update Manager\Update Manager". that worked. is that the correct way to do?

    QC said:
    your updating policy should contain just \\ONLINE\SophosUpdate

    no additional path elements, as said in my previous post SEC appends the necessary parts. Furthermore it should point to the CID managed by \\ONLINE, not the copy from the other SEC/SUM

    ok.

     

    QC said:
    BTW: Do not use an administrative account in the policy, create an account with more rights than necessary. Although they are obfuscated the credentials can be derived from the AutoUpdate configuration by any user of a computer. Even if it might not matter on the air-gap network it's bad practice and a bad habit.

     

    Yes thanks for that but this was just a test environment to resolve the issue.

     

    Let me try it again i will get back to you.

    Regards,

    Zeeshan

  • Hello Zeeshan,

    share only warehouse
    the air-gapped SEC/SUM needs just the other's Warehouse (including the folder - SUM expects to find a folder named Warehouse on the path specified in the Source Details). CIDs are for the endpoints but not "foreign" endpoints as the RMS subfolder contains the configuration that tells the endpoints where to find (and how to verify) their management server.

    copy the warehouse folder directly
    you shouldn't do this. It works like this: SUM connects to a Warehouse either via HTTP(S) or UNC. It compares the source Warehouse to its local Warehouse and subsequently downloads missing and changed files. Haven't tried it but it might be possible to "loop-back" a SUM to its own Warehouse. If this is complete and consistent the update would succeed as there'd be no changes.

    A SUM always creates the default \\server\SophosUpdate share and once the update (i.e. the download from the source) is successful distributes to the CIDs. 

    just a test environment
    as said - bad habit [;)] ... IMO. There was no indication of a permissions issue.

    Christian

     

  • Hi,

     

    QC said:
    share only warehouse
    the air-gapped SEC/SUM needs just the other's Warehouse (including the folder - SUM expects to find a folder named Warehouse on the path specified in the Source Details). CIDs are for the endpoints but not "foreign" endpoints as the RMS subfolder contains the configuration that tells the endpoints where to find (and how to verify) their management server.

    I have no idea what happened but it was not working before but now i did a fresh installation of SEC and I just shared the warehouse folder and it was updated.

    Thank you very much.

     

    Now i am able to update SEC.

    also able to update standalone SESC but however i am not able to protect computers from SEC? any idea?

     

    awaiting for your response.

  • Hello Zeeshan,

    first of all, of course you have to regularly provide an updated warehouse - otherwise SUM would detect that there are no actual updates and start to complain :).

    The screenshot doesn't show in which group ZEESHAN-LAB is - Unassigned has no policies assigned, therefore no update and install location, and thus Protect is not possible. If it is in New Group and you get an error please see How the Protect Computers Wizard performs an installation.

    Christian