Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 29661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Brand New Install, issues with updating

Jeremy Brook

So I have had a quick browse though other forum posts and I notice several have similar issues but I could find an exact copy of my issues.

First to clarify, this is a fresh installation of Sophos Enterprise Control, and currently installing the Endpoint client to a few test systems.  The Update manager within the console appears to be updating correctly.  If I check the details I see no error codes, and gives me a time and date of the last successful download (in my case 10 minutes ago)

I can confirm that I am able to access the SophosUpdate share from all workstations.  I can install the client fine by right clicking on computers within the console, but a short while later If I look at the Endpoint client on the workstation I see the error

"Updating: Failed"

If I click update now and watch the status, if its a fresh install it will download several packages, or if already downloading it will say "no files needed updating" (all suggesting it is checking the network share correctly).  There are 7 packages in total it tries to update all from the same source yet 3 or 4 of them fail.  You can see below the update log, it connects fine to the share for some of the packages, but then fails for others even though its the exact same share location.

 

Time: 06/12/2016 16:43:33
Message: AutoUpdate finished
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:32
Message: Installation of Sophos System Protection skipped
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Installation of Sophos AutoUpdate skipped
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Installation of Sophos Network Threat Protection skipped
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Installation of SAVXP skipped
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Installation of RMSNT skipped
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Downloading phase completed
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Product cache update from primary server successfully finished
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:31
Message: Downloading product Sophos System Protection from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:30
Message: Product cache update from primary server successfully finished
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:30
Message: Downloading product Sophos AutoUpdate from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:29
Message: Product cache update from primary server successfully finished
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:29
Message: Downloading product Sophos Network Threat Protection from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:28
Message: Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:28
Message: Downloading product Sophos HitmanPro Alert from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:27
Message: Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:27
Message: Downloading product Sophos Endpoint Agent from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:26
Message: Product cache update from primary server successfully finished
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:26
Message: Downloading product SAVXP from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:25
Message: Product cache update from primary server successfully finished
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:25
Message: Downloading product RMSNT from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\
Module: CIDUpdate
Process ID: 4824
Thread ID: 13092

Time: 06/12/2016 16:43:25
Message: *************** Sophos AutoUpdate started ***************
Module: ALUpdate
Process ID: 4824
Thread ID: 13092

 

 

If I look on the console, sometimes (not always weirdly) There is a log "Download of sophos HitmanPro Alert failed from server \\SERVERNANME\SophosUpdate\CIDs\S000\SAVSCFXP\ [0x0000006b]

 

You can see in the client log this file fails, but so do others aswell but non of those are ever logged on the console?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jeremy Brook,

    as far as I can see the erros are for Hitman Pro and Endpoint Agent (not sure right now what the latter is), the former now called Intercept-X if I'm correct and AFAIK not yet available for the on-premise SEC. Is this a trial license?

    As far as the regular components are concerned everything looks fine - no download errors, and Installation skipped indicates that last time there were some changes the installation was successful.

    Christian

  • 0 in reply to QC

    This is a purchased subscription for "Endpoint Protection - Advanced 2"

    When I log in it shows me downloads specific to my subscription.  The console version was 5.4.1 and the file was sec_541_sfx.exe 708Mb

    To deploy the endpoints I am simply right clicking on a computer from within the console and choose "protect computer" this then rolls out the install.  I also have the option of running setup from the shared directory.

    If these Applications such as Hitman Pro and Endpoint agents no longer exist or are not part of the SEC then this all suggests there is a bug in this version of the console as it wants to install it but the necessary files are not part of the share.

    I have had a look through the shared directory and within their there are several subfolders for each package of sophos and there doesn't seem to be one for hitman pro (and others).

    My thoughts at the moment is that there is some sort of conflict between the older cloud based sophos and the sophos managed via SEC.  All the test machines had the cloud version install, but this was removed prior to installing the SEC version.  You mention Hitman Pro agents are not part of SEC but could it have part of the cloud version and this is causing an issue with the autoupdater?

  • 0 in reply to Jeremy Brook

    Hello Jeremy,

    AFAIK Hitman Pro is rebranded to Intercept X - currently in Beta for the Central version, Beta for on-premise SEC next year. So it's not discontinued but rather coming soon (as additional product but managed by SEC).
    Did you ever use it on your Central managed endpoints (though I think there shouldn't be any leftovers causing AutoUpdate to try to download it). And as said it's not yet available for SEC. Guess you'd see it as extra product (in addition to the different platform products) under subscriptions. Is there an associated policy section?

    Christian

  • 0 in reply to QC

    Just to let you know I only just installed the cloud version using sophos central maybe 2 weeks ago, I then decided to move to SEC because I found my license wasn't transferable and SEC is much better for client deploying and reporting than the central online based system.

     

    So I have just done a full uninstall of all the sophos related items within add/remove program from one of the clients.  I then went to manually delete all the sophos folders within program files (including x86) and programdata.  Two of the folders failed to delete which I found on because two sophos services were still running.  I also noticed a folder called HitmanPro.Agent within the programdata folder.  I can confirm that this folder is definitely part of the Sophos Central install as I have just checked on a live machine that hasn't had the SEC install deployed but did have sophos central.  So yes my original suspision is correct in that Sophos SEC and Sophos Central conflict even though sophos SEC claims to have uninstalled Central version.

    Now when I install sophos using SEC it no longer fails to download Hitman Pro but still fails on this "Sophos Endpoint Agent" again I reckon this is related to Sophos central and not SEC.  What I am going to try no is to remove Sophos SEC, reinstall Sophos central and then uninstall this myself (before I have used the Sophos SEC thirdparty uninstall tool) then reinstall sophos SEC and see what I get.

  • 0 in reply to Jeremy Brook

    Getting there, I haven't done the reinstalls yet but I noticed in programs and features "Sophos Endpoint Agent" was listed with a install date of November and a generic exe icon (not the usual sophos icon).  When I tried to uninstall it told me it no longer exists and it remove the item from the list.  This item wasn't there where I uninstalled as above so more fuel regarding sophos SEC inability to uninstall sophos central prior to install.

Reply
  • 0 in reply to Jeremy Brook

    Getting there, I haven't done the reinstalls yet but I noticed in programs and features "Sophos Endpoint Agent" was listed with a install date of November and a generic exe icon (not the usual sophos icon).  When I tried to uninstall it told me it no longer exists and it remove the item from the list.  This item wasn't there where I uninstalled as above so more fuel regarding sophos SEC inability to uninstall sophos central prior to install.

Children
No Data
Unfiltered HTML