This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 7 and Server 2008R2 Extended Support Issue

We are experiencing an issue where none of the Windows 7 and Server 2008R2 clients are reporting back to the SEC 5.5.2 console. They do not show as 'up to date'. You can not assign a policy and cannot 'update now.' 

This happened previously and Sophos released a new Security Certificate - this was installed (default installation) and the Certificate added to the Trusted Root Certification Authorities' Store. This work fine and the Windows 7 and Server 2008R2 reported back to the SEC console as expected but it is now happening again. 

I have raised a Support Ticket - Sophos haven't got back to me with anything that has helped.

Nothing has changed on our systems - we have multiple installations and they all have the same error.

I have installed a brand new version of SEC 5.5.2 onto a new virtual server, added our subscriptions (inc Windows 7 and Server 2008R2 Extended Support) to re-download the definitions. Still the error is present. 



This thread was automatically locked due to age.
  • Hi again Christian, sorry for the delay - I have just installed a cut of the warehouse folder again for this week and still the Win7 and Server 2008R2 clients refuse to report back as 'up to date'. They also often show as 'offline'. If I wake them up or 'select all' and 'update now' then they usually re-connect, but still show as offline - I can't push out a policy (that's all faded out). Still a mystery. As I mentioned before - this is so similar to the issues BEFORE Sophos supplied the new security certificate April'ish time? Installing said certificate as we did worked originally - but is it possible this is now out of date or that we installed it incorrectly (if thats even possible!)?? Do you have a setup at your end that has Windows 7/Server 2008R2 clients? Is this something that you have been able to replicate or are yours all working fine? Is there a chance that our subscription to Extended Support has expired? Still no call from Support - although they did email on Monday to say they would! Again - thanks for your help, much appreciated.   

  • Hello Steve,

    talk about delay - I've taken quite a few days off so sorry for this delay.

    I can't push out a policy
    whether an endpoint appears as connected or not doesn't affect the Comply with menu items. There are three (only two for the All item and certain policies) reasons an entry is grey:
    • the relevant component is not installed
    • the console/dashboard did refresh, background of selected computers turns to grey and so do certain policy items (Updating, AV, ....) 
    • the endpoint is in the Unassigned group

    they usually re-connect, but still show as offline
    how do you know they re-connect? The console has only one indicator, the red or green overlay on the computer icon. 

    As said, the logs from your test environment don't indicate this kind of (permanent) error you say that happens in your air gapped installations. That you don't see a status change (up to date) in the console suggests that endpoint fail to send the messages upstream whereas you test endpoint logged success (Sent message (id=014EC328) to EM): A "real" log from a "real endpoint" might provide more information.  

    Christian

  • Afternoon Christian, 

    I can't push out a policy as the Win7/Server 2008R2 clients as I do not get the option when 'right clicked', with any Win10/Server 2012+ clients they work fine. 

    I cannot 'View computer details' on any of the Win7/Server2008R2 clients, can with the Win10/Server 2012+ clients. 

    Occasionally the Win7/Server2008R2 clients show as 'offline', if I highlight one of the Win10/Server 2012+ clients and then 'select all' and then select 'update now' then the Win7/Server 2008R2 clients wake up and seem to be reconnected (green) although I still can't view their details or push out a policy???

    I have heard back from Sophos Support and submitted the SDU files from clients and server - they do believe there is an issue and have had further reports from elsewhere - I am waiting (again) to hear back - apparently I have boosted to 'level 4'!!!! so very odd.

    I am almost definite that the log files from our our operational 'air gapped' platforms would be identical to those I have submitted to you - its just awkward to get to them due to the security issues.

    Cheers! 

  • Hello Steve,

    I can understand security.
    When you say cannot 'View computer details' you mean you don't have this option in the console, the window doesn't open, or there are almost no details? 

    can't [...] push out a policy
    my bad. There's a fourth reason: Unknown OS. While you can't use Update Computers Now on an endpoint that has not reported back an update location it seems that if there's at least one endpoint with a reported  update location  SEC sends the (IIRC) DoAction to all selected endpoints. Apparently the downstream connection is available and the endpoint does receive the command. I'm pretty sure it does update and after it has done so it tried to report back to SEC, RMS establishes the connection (the icon turns green) but sending the status message over this connection fails for whatever reason.

    It might be related to the extended subscription. I don't have it but I still have Win7/2008R2 endpoints on the network which correctly report that they can't update as well as other alerts and events.  

    Christian

  • Yes you're right Christian, you can select 'View Computer' but apart from the OS there are no details.

    The endpoints do seem to be happily updating so it is just a communications issue when they are attempting to report back. 

    Get support to give you an Extended Support license? I'm sure you'd get to the bottom of it!!!!

    Cheers