Sophos installer creates a local AutoUpdate account using naming convention 'SophosSAU<machine-name>aaa' instead of 'SophosSAU<machine-name>0'

Hello Liam Hitchen,

indeed the installer now appends (or, as in your case, perhaps overlays) the string aaa instead of appending 0. Neither the SophosSAU article nor the release notes mention this change - if it is intended. Can't say if this change came with 10.6.3.

replaces the last 2 characters [...] all sorts of issues
which besides the failed updates (bad enough of course)? Shouldn't make a difference how the name built (except for DCs where there is a greater chance for collisions - wonder if it'd count up to aab, aac, ...) - unless the local account name and the Download User registry value are different. Haven't observed the overlay though, might depend on the computername length.
[Edit] A few checks suggest that only the first 8 characters of the computer name are used. No issues here though as far as I can tell. [/Edit]

Please contact Support directly - this is nothing you or I could fix it seems. I'd appreciate if you could post their answer here.

Christian

Unfortunately, Sophos Support have not provided a reason as to why the local account is created with the 'aaa'.  Instead, they have directed me to a KB article on how to manually create the local account before installing Sophos.  I've already done this and yes it does work, but I was more interested in why the change in the naming of the local account used for autoupdating.  To be honest, I don't think their support team even know why so it looks like all hope is lost !!

https://community.sophos.com/kb/en-us/48910 - I already used this to manually create the local account so I will just have to use this as the official resolution.

One thing to note: If you're using Sophos Central - Then you get Sophos AutoUpdate XG and there is no local SophosSAU account as it's all HTTP updating.

Regrards,

Jak

Hello Liam Hitchen,

the official resolution
while I don't (yet) know how the new format is affecting [y]our client computers I'd not call this a resolution. By all means Support should call for 58627 and related articles to be updated (even if Development doesn't want to disclose the rationale).
IMO 48910 only applies when either account creation by the Installer fails for whatever reason or your organisation objects to the automatically generated name. The latter is obviously not the case,  and apparently the former neither - you've mentioned updating failures therefore installation must have succeeded. 

Has Sophos changed the way it creates the local account?
Definitely the name generation. But as said this shouldn't make a difference. Possibly there are also changes in the account creation procedure though it doesn't look like they generally cause problems or we'd have already heard.

I will just have to use this
Depending on the deployment method the UserPreset could be a cinch but it doesn't sound like it is in your environment. I'd like to help but I'd need the failure details - preferably a complete update cycle from the ALUpdate log (it starts with ALUpdate started: -ScheduledUpdate ...). If you don't want to make it public you can send me a private message.

Christian