Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 6266 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update errors after subscription change

dluneau

Prior to Sophos Anti-virus 10.3 I had four software subscriptions.  Subscriptions and bootstraps were as follows:

Recommended  -  S000 (v9.7)

Endpoint v10 - S002 (v10.0)

Endpoint v10.2 - S003 (v10.2)

The automatic update from 10.2 to 10.3 display "Software not available" on the parent SUM as well as three child SUMs.  Sophos support told me to acknowledge alerts and run an update on parent SUM.

Next I was adivsed to create a new subscription,  Recommended1 - S005 (v10.3), and remove the older subscriptions.  I made all of the necessary changes under the update managers and to the updating policies.  Things seemed to be ok at this point.

A few days later I decided to put the software subsciption back to only one which was Recommended.  So I changed the version on Recommended subscription to Recommended (10.3) from 9.7 Extended Maintenance Recommended and I deleted the Recommended1 subscription.  I made all of the necessary changes to the parent SUM, child SUMs, and updating policies.

Once I did that almost 70% of our endpoints were displaying update errors mainly RMSNT and the bootstrap location pointed back to S000 (v9.7).  I assume all of the updates/binaries for 10.3 replaced all of the old stuff.

Sent SDU logs from parent SUM and some endpoints to Sophos support.  Support has been great up to this particular incident.

I took it upon myself to add the Recommended1 software subscription which created S008 (v10.3) bootstrap location, made necessary changes to parent and child SUMs and watched the error count decline.

I'm still seeing the following errors on clients.

ERROR: Could not find a source for updated packages (00000071)

Failed to install RMSNT: Package authentication failed (00000067)

Failed to install SAVXP: A previous version could not be uninstalled (00000067)

Failed to install Sophos AutoUpdate: The MSI has failed (00000067)

Updating failed because no update source has been specified (0000006e)

Download of Sophos AutoUpdate failed from server sophosupdates/CIDs/S008/SAVSCFXP/ (0000006b)

Download of SAVXP failed from server sophosupdates/CIDs/S003/SAVSCFXP/ (0000006b)

Download of RMSNT failed from server /CIDs/S008/SAVSCFXP/ (0000006b)

Download of SAVXP failed from server Sophos (0000006b)

Failed to install Sophos AutoUpdate: Error code 80070001

:44833


This thread was automatically locked due to age.
Parents
  • 0

    Hello dluneau,

    you should get your CIDs straight :smileyhappy:. You can find details in this forum as well as the article I'll refer to but first a summary and another explanation:

    The mrinit.conf to be used by a relay (not that it might be also a SUM but this is not required) and the clients it serves must be put into the \rms subfolder of the applicable CID(s) - please see Enterprise Console: configuring message relay computers. Ideally you should either run the installer from the applicable CID, use Protect Computers with this CID, or create the package from this CID (BTW: with which method do you create these packages?) but, as mentioned, installing with a "general" package and then applying the appropriate update policy usually works as well.

    When an endpoint (meaning any computer where RMS is installed) processes mrinit.conf it basically interprets it as follows:

    • if one of its "addresses" (name, FQDN, IP ...) matches one of the (values in)  MRParentAddresses it considers itself the management server
    • if one of its addresses matches one of the ParentRouterAddresses it considers itself a message relay, accepting connection from other endpoints and forwarding the messages to the MRParentAddress (note that this is not necessarily the management server, you can chain several MRs) and v.v.
    • if it doesn't find a match it uses ParentRouterAddress to forward to/accept from

    HTH

    Christian

    :44927
Reply
  • 0

    Hello dluneau,

    you should get your CIDs straight :smileyhappy:. You can find details in this forum as well as the article I'll refer to but first a summary and another explanation:

    The mrinit.conf to be used by a relay (not that it might be also a SUM but this is not required) and the clients it serves must be put into the \rms subfolder of the applicable CID(s) - please see Enterprise Console: configuring message relay computers. Ideally you should either run the installer from the applicable CID, use Protect Computers with this CID, or create the package from this CID (BTW: with which method do you create these packages?) but, as mentioned, installing with a "general" package and then applying the appropriate update policy usually works as well.

    When an endpoint (meaning any computer where RMS is installed) processes mrinit.conf it basically interprets it as follows:

    • if one of its "addresses" (name, FQDN, IP ...) matches one of the (values in)  MRParentAddresses it considers itself the management server
    • if one of its addresses matches one of the ParentRouterAddresses it considers itself a message relay, accepting connection from other endpoints and forwarding the messages to the MRParentAddress (note that this is not necessarily the management server, you can chain several MRs) and v.v.
    • if it doesn't find a match it uses ParentRouterAddress to forward to/accept from

    HTH

    Christian

    :44927
Children
No Data
Unfiltered HTML