Could Not Contact Server Problem

First off, review the knowledgebase articles specifically for your issue

https://www.sophos.com/en-us/support/knowledgebase/39155.aspx

Same string ID as in your logs...

Also check this

https://www.sophos.com/en-us/support/knowledgebase/118209.aspx

Since you mentioned firewall "problems" I would start there. Seems fairly obvious. Make a rule that allows all traffic in and out, and test. If that works, then remove the rule and make one appropriate for Sophos

Hi,

The first KB article is not relevant, as I am just using the deafult settings and policy to download direct from Sophos.

I don't think it's the firewall, as the only firewall on the system is Sophos itself, which has built-in rules for updating the AV. I did review that KB article earlier.

Also I have restored the whole system disk from the backup, and Sophos had successfully updated itself just before the backup, and the restore should have restored the same working settings.

It is possible that some other software on the system is causing a problem, or a physical issue, but I really need some help on how to check that. Is there a way to check the actual connection to the download sources?

Any other ideas?

Thanks

Andrew

Whats the enviroment? PC is a part of a domain, managed by an Enterprise Console? Can you verify that it is being managed? Can you re-push the Update policy to the machine? You installed Sophos on that PC via the Enterprise Console? Is there a proxy in the way of the internet traffic?

Re-add the PC to the domain if you didn't after the restore.

Can the machine be accessed/managed via the network other ways? Computer management, C: admin share etc? I would still check the firewall to rule it out, because it worked before means nothing in this case.

What was the reason it was restored from backup? Virus? Is your router blocking traffic from that machine because of it's previous issue?

Can you verify that the address it is looking at "http://dci.sophosupd.com/update" is the same as your other PC's. Delete the acl.log file and try an update, right now your log is fairly large with duplicate information.

Alternatively, uninstall ALL sophos related items and then, depending on your OS, delete

c:\documents and settings\all users\Application Data\Sophos

or

c:\ProgramData\Sophos

And also, according to your log...I would delete C:\Temp\sophos_{E17FE03B-0501-4aaa-BC69-0129D965F311} or anything Sophos from the Temp folder

Do a re-install via the Enterprise Console

Hello Andrew and rsenio,

@rsenio: <links to articles> [...] Whats the environment? [...] re-install via the Enterprise Console

in principle good advice, but Andrew did attach (and likely check) the ALUpdate log. In addition not only does the log suggest that it's a stand-alone install - no mention of RMSNT - but Sophos as Primary or only update location is not possible for a managed install.

I would delete ...

Yep, looks like a file (HIPSConfig-1-0-65-1.dat in the savxp cache) has corrupted permissions as access is denied and this causes the sync to fail. I've not much no experience with the (rather new) SUL/SDDS update mechanism thus I can't say what exactly  Distribute status failed: 4 signifies. But anyway IMO the error (boost::filesystem::remove: Access is denied:) in the scheduled update cycle points at the "problem area".

Christian

Hi,

@QC is right - this is a local install using the default online update source. I think he's also correct about the cause.

I did a complete uninstall as per @rsenio's suggestion, and then re-installed. It took several reboots to get everything working, but it's now updating with no problems. It may be worth noting this solution against the key indicators from my log

Thanks for your help. 

Andrew