This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Client Install Failure

In the past I've had issues with Sophos updating. Usually the program installs but if you try to manually run an update it will say it cannot find the server. At some point later it does update and everything is fine.

Since the beginning of November when trying to install Sophos Endpoint Client on Windows 7 64 bit imaged machines I get the following error: Installation is almost complete. Sophos Endpoint Security and Control has been installed. An internet connection is required for registration, updates and configuration. Registration, updates and configuration will begin when a connection becomes available. I know the machine I'm installing on is connected to the internet because I downloaded the install client directly from Sophos Central Admin. The machine is on a wireless connection.The shield icon does not appear in the tray and no program menu has been created for Sophos.
Things I've tried:
Running the install with a known good wired network connection plugged in and the wireless connection disabled.
Turning off the Windows firewall and running the installation.
Creating an outbound rule on the Windows firewall to allow the installer out. Then running the installation.
Disabling the Windows Defender service and running the install.
Connecting to the internet through a Verizon Jetpack, (a hotspot), so as to bypass any of our network switches and firewalls. Then installing Sophos from scratch.
I uninstalled Sophos, uninstalled .net, reinstalled .net with all updates and reran the Sophos installer. It seemed to work.

Another time when trying to install Sophos Endpoint Client I loaded a new laptop from scratch with Windows 7 - 64 bit. I received the same error when trying to install Sophos. At first I was getting the error invalid token but then it started giving the same error as in the above scenario.
I tried replacing two files from a computer that had the program installed already. The two files are: sof.dat and scf.dat. They are located in: C:\Program Files (x86)\Sophos\Management Communications System\Endpoint. I replaced these files because the computer with the issues was missing one of the files. These files appear to contain certificates for components of the autoupdate service and the management communications system. I was thinking maybe updated certificates were added after the initial setup. I restarted the computer after doing this and the install still would not complete.
The next day when I turned on the laptop it finished the installation automatically.

The installations seem to complete sometime after the initial installation is complete. I'm having trouble tracing down a definitive cause as to why the installation will not complete at first. Any help or insight would be appreciated.



This thread was automatically locked due to age.
Parents
  • Hello Peter Samuels,

    [to reuse my own text I've posted elsewhere] Endpoint is probably not the ideal group for your endpoint problem. A number of topics is definitely "overlapping", i.e.it applies to all product lines. When it comes to installation and management though it's better to choose the applicable group - Central in your case.

    As for the Installation is almost complete please see 'Installation is almost Complete' warning at the end of the Sophos Central Managed Endpoint installer. Do I understand correctly that eventually the install completes and afterwards the machines are updating fine? The article might or might not help to determine the cause of the apparently delayed registration. The .dat files you've mentioned shouldn't make a difference. AFAIK they "just" identify a number of executables to the Sophos Client Firewall which is not available for Central.

    Christian

  • Yes, eventually the install completes and the machines update fine. As a matter of fact a machine I spent most of the day troubleshooting yesterday finished installing the client automatically when I turned it on this morning.

    I looked at the article you linked. The biggest problem I have when following the article is the problem computers don't have the shield icon yet. Looking in the MCSClient log shows the machine appearing to communicate normally, (200 response code). The article has a link to another article which tells how to check if a computer has obtained a computer ID. Unfortunately, that link leads to a that page no longer exists error. I was wondering if there may be another way to access that article or a similar article.

  • Hello Peter Samuels,

    dunno the whereabouts of 119652 and can't find a potentially similar article. The gold image article suggests it could be EndpointIdentity.txt. The program responsible for displaying the shield is ALMon.exe.
    I'm not of much help in interpreting an MCS log but I'd expect at least some indication that registration is still pending. As said in my initial post the Central forums might be the better place to ask.

    Christian

Reply Children