This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why do some but not all of my Endpoint clients update?

 I have a valid 25 client license for Endpoint Security.  My basic questions is how does Endpoint Update limit me to 25 clients?   It is installed on at least 25 clients and configured with identical credentials.  All are set to use 'Sophos" as the primary update source with no secondary.  Some clients update correctly and some show "Cannot Connect to Server".  All clients are on the same network with the same (Sophos) firewall.  It is possible that more than 25 clients are trying to update.  Are the clients exceeding 25 the ones that can't update?  I am sure that Endpoint Security was installed on many more than 25 clients and that a lot of them are no longer in service anywhere, e.g. destroyed.  Sophos Control Center 4.0.2362 is installed on the local domain server but none of the clients seem to have it configured as the update source, and it has not been updated since 2012!  The Sophos expert who installed this setup is no longer available.  Do I simply find all the clients and de-configure Endpoint Security for number 26 and higher?



This thread was automatically locked due to age.
Parents
  • Hi,

    Sophos Control Center is very old and retired. You can upgrade it to Enterprise Console - https://community.sophos.com/kb/en-us/119105.  

    That said, I wonder if you're not better upgrading to the cloud managed product Sophos Central.  https://cloud.sophos.com.

    The licence is not enforced on the on-premise product.  The clients just update from a UNC path, so as long as that has the means to support clients updating it should be fine.

    It might be worth calling your Partner/Re-seller to ask about Sophos Central if you're not opposed to the idea of a Cloud managed product.

    Regards

    Jak

     

  • Jak,

    Are you saying I can have more than 25 clients updating directly from Sophos despite having a 25-client license?  That does not explain what it see.  My clients are not set to a UNC path but directly to Sophos.  They are not configured for Control Center.

    My partner/reseller is the root of this problem.  I guess I need a new one.

    I want to clients to work properly before even considering upgrading to Enterprise or Cloud.

    My current reseller is recommending Webroot.

    Dean

  • Hello Dean,

    the same (Sophos) firewall
    a network device or the client firewall (SCF)? Just asking.

    Anyway, as Jak has said the license count is not enforced for the on-premise product. Its concept is that a central server (not necessarily running a server-grade OS) downloads software and updates, makes them available for the endpoints, and lets you manage the endpoints. This server should generally be the Primary. update source (UNC or HTTP), for a managed endpoint Sophos can be set (only) as Secondary. A stand-alone version is also available for endpoints which aren't on your network - but this should be the exception. The SA version is - naturally - not managed and a local administrator can change its configuration at any time. There might or might not be a common cause for the failed updates.

    As you want the endpoints to work properly there are two paths:

    1. upgrade your management server to SEC (you are entitled to it if your license is still active) and re-protect your endpoints with the managed version. SCC is retired, the upgrade would require two steps and as you likely don't have any useful management data it's probably better to do a fresh install (on a current server OS). You might not be able to reprotect the endpoints which have "issues" though
    2. ignore central management for now, troubleshoot the endpoints. For this you'd have to check the ALUpdate logs (%ProgramData%\Sophos\AutoUpdate\Logs\), please post a complete update cycle (it starts with a line containing  ALUpdate started: -ScheduledUpdate ...).

    Christian

  • Christian,

    I am ignoring central management until we upgrade the server.  Neither of the subject computers are listed in Control Center anyhow.  Here are three snapshots of log files and configurations.  One is from a client that is currently working.  The other two are from a client that is currently not working.  One shows the current update cycle.  The other shows the update cycle where it stopped working.  Interestingly our current license started 1/6/2015.  Using the new license started the failures on the non-working client.

    Thanks,

    Dean

  • Hello Dean,

    the Not-Working-1 screenshot seems to be from way in the past and there's also a gap (9/10/2014 to 1/20/2015). Now a few months gap shouldn't cause updates to fail (see here), the SDDS (update from Sophos) mechanism is slightly different from the CID (on-premise) mechanism though. As you say your license has been renewed at this time, while the update attempt was a mere 14 days after the change I won't absolutely rule out that it failed because of the change. Apparently the credentials were correct at this time as it successfully checked AutoUpdate.

    The current alc.log is surprisingly sparse, as said the ALUpdateyyyymmddThh....log is required for further analysis. Not unlikely just downloading and running the current SA installer would upgrade the endpoint and resolve the issue but I'd rather make sure that the installed product isn't corrupt.

    Christian   

  • Here is the latest cycle from the ALUpdate log.  It says the product subscription is disabled.  I rechecked the license Username and Password and they are the same on all clients.  It would seem that no client should work.

    Trace(2017-Jan-11 10:06:49): ALUpdate started: -ManualUpdate -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
    Trace(2017-Jan-11 10:06:49): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
    Trace(2017-Jan-11 10:06:49): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
    Trace(2017-Jan-11 10:06:49): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
    Trace(2017-Jan-11 10:06:49): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is available from Sophos.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not the Spam Rules package.
    Trace(2017-Jan-11 10:06:49): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
    Trace(2017-Jan-11 10:06:49): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is available from Sophos.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is the Spam Rules package.
    Trace(2017-Jan-11 10:06:49): Computer is a not possible cluster
    Trace(2017-Jan-11 10:06:49): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2017-Jan-11 10:06:49): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
    Trace(2017-Jan-11 10:06:49): Considering subscribed products.
    Trace(2017-Jan-11 10:06:49): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2017-Jan-11 10:06:49): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
    Trace(2017-Jan-11 10:06:49): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
    Trace(2017-Jan-11 10:06:49): Considering product {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2017-Jan-11 10:06:49): Could not read registry entry containing Sophos address - using hardcoded value.
    Trace(2017-Jan-11 10:06:49): GenerateCustomerID: complete
    Trace(2017-Jan-11 10:06:49): Computer is a not possible cluster
    Trace(2017-Jan-11 10:06:49): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2017-Jan-11 10:06:49): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend started
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2017-Jan-11 10:06:49): RMSMessageHandler: ALUpdateStart
    Trace(2017-Jan-11 10:06:49): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2017-Jan-11 10:06:49): ALUpdate(AutoUpdate.Started):
    Trace(2017-Jan-11 10:06:49): UpdateCoordinator::UpdateNow: Entering
    Trace(2017-Jan-11 10:06:49): PopulateCache: Entering
    Trace(2017-Jan-11 10:06:49): UpdateCoordinator::UpdateNow: About to Sync list of products
    Trace(2017-Jan-11 10:06:49): UpdateLocationFacade::SyncProduct: Last Update Mechanism = SDDS
    Trace(2017-Jan-11 10:06:49): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Started:
    Trace(2017-Jan-11 10:06:49): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, creating update location
    Trace(2017-Jan-11 10:06:49): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\1484147209
    Trace(2017-Jan-11 10:06:49): Using top level catalogue sdds.esc_10_2
    Trace(2017-Jan-11 10:06:49): SDDSUpdateLocation, constructor start
    Trace(2017-Jan-11 10:06:49): locConfig.m_server = Sophos
    Trace(2017-Jan-11 10:06:49): Calling check on source.m_address.m_path = Sophos
    Trace(2017-Jan-11 10:06:49): Calling package_source_init
    Trace(2017-Jan-11 10:06:49): Creating package source to represent parent
    Trace(2017-Jan-11 10:06:49): Create package source to represent local cache
    Trace(2017-Jan-11 10:06:49): SDDSUpdateLocation::Constructor finished
    Trace(2017-Jan-11 10:06:49): TrySyncProduct, Calling BeginSync
    Trace(2017-Jan-11 10:06:51): SDDSUpdateLocation caught exception from BeginSync: Cannot locate server for es-web-2.sophos.com/.../sdds.esc_10_2.xml GetLastError returned 0
    Trace(2017-Jan-11 10:06:51): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Ended - 0
    Trace(2017-Jan-11 10:06:51): UpdateLocationFacade::SyncProduct: Last Update Mechanism = SDDS
    Trace(2017-Jan-11 10:06:51): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Started:
    Trace(2017-Jan-11 10:06:51): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, creating update location
    Trace(2017-Jan-11 10:06:51): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\1484147211
    Trace(2017-Jan-11 10:06:51): Using top level catalogue sdds.esc_10_2
    Trace(2017-Jan-11 10:06:51): SDDSUpdateLocation, constructor start
    Trace(2017-Jan-11 10:06:51): locConfig.m_server = Sophos
    Trace(2017-Jan-11 10:06:51): Calling check on source.m_address.m_path = Sophos
    Trace(2017-Jan-11 10:06:51): Calling package_source_init
    Trace(2017-Jan-11 10:06:51): Creating package source to represent parent
    Trace(2017-Jan-11 10:06:51): Create package source to represent local cache
    Trace(2017-Jan-11 10:06:51): SDDSUpdateLocation::Constructor finished
    Trace(2017-Jan-11 10:06:51): TrySyncProduct, Calling BeginSync
    Trace(2017-Jan-11 10:06:53): SDDSUpdateLocation caught exception from BeginSync: Cannot locate server for es-web-2.sophos.com/.../sdds.esc_10_2.xml GetLastError returned 0
    Trace(2017-Jan-11 10:06:53): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Ended - 0
    Trace(2017-Jan-11 10:06:53): ALUpdate():
    Trace(2017-Jan-11 10:06:53): ALUpdate(DownloadEnded):
    Trace(2017-Jan-11 10:06:53): UpdateCoordinator::UpdateNow: About to Action list of products
    Trace(2017-Jan-11 10:06:54): RMSMessageHandler: ALUpdateEnd
    Trace(2017-Jan-11 10:06:54): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID></ID><StringID>113</StringID><Sender>ALUpdate</Sender></ErrorMessage><ReadableMessage>ERROR: Could not find a source for updated packages</ReadableMessage></Config>
    Trace(2017-Jan-11 10:06:54): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID></ID><StringID>113</StringID><Sender>ALUpdate</Sender></ErrorMessage><ReadableMessage>ERROR: Could not find a source for updated packages</ReadableMessage></Config>
    Trace(2017-Jan-11 10:06:54): IPCSender::ProcessSend: Listener not ready starting to wait
    Trace(2017-Jan-11 10:06:55): IPCSender::ProcessSend exiting

  • Christian,

    The attached log file extract says the subscription is disabled.  Why just on this one client?  How can I enable it?

    Dean

    Trace(2017-Jan-11 10:06:49): ALUpdate started: -ManualUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
    Trace(2017-Jan-11 10:06:49): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
    Trace(2017-Jan-11 10:06:49): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
    Trace(2017-Jan-11 10:06:49): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
    Trace(2017-Jan-11 10:06:49): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
    Trace(2017-Jan-11 10:06:49): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
    Trace(2017-Jan-11 10:06:49): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
    Trace(2017-Jan-11 10:06:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
    Trace(2017-Jan-11 10:06:49): Computer is a not possible cluster
    Trace(2017-Jan-11 10:06:49): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2017-Jan-11 10:06:49): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
    Trace(2017-Jan-11 10:06:49): Considering subscribed products.
    Trace(2017-Jan-11 10:06:49): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2017-Jan-11 10:06:49): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
    Trace(2017-Jan-11 10:06:49): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
    Trace(2017-Jan-11 10:06:49): Considering product {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2017-Jan-11 10:06:49): Could not read registry entry containing Sophos address - using hardcoded value.
    Trace(2017-Jan-11 10:06:49): GenerateCustomerID: complete
    Trace(2017-Jan-11 10:06:49): Computer is a not possible cluster
    Trace(2017-Jan-11 10:06:49): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2017-Jan-11 10:06:49): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend started
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2017-Jan-11 10:06:49): RMSMessageHandler: ALUpdateStart
    Trace(2017-Jan-11 10:06:49): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2017-Jan-11 10:06:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2017-Jan-11 10:06:49): ALUpdate(AutoUpdate.Started): 
    Trace(2017-Jan-11 10:06:49): UpdateCoordinator::UpdateNow: Entering
    Trace(2017-Jan-11 10:06:49): PopulateCache: Entering
    Trace(2017-Jan-11 10:06:49): UpdateCoordinator::UpdateNow: About to Sync list of products
    Trace(2017-Jan-11 10:06:49): UpdateLocationFacade::SyncProduct: Last Update Mechanism = SDDS
    Trace(2017-Jan-11 10:06:49): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Started: 
    Trace(2017-Jan-11 10:06:49): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, creating update location
    Trace(2017-Jan-11 10:06:49): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\1484147209
    Trace(2017-Jan-11 10:06:49): Using top level catalogue sdds.esc_10_2
    Trace(2017-Jan-11 10:06:49): SDDSUpdateLocation, constructor start
    Trace(2017-Jan-11 10:06:49): locConfig.m_server = Sophos
    Trace(2017-Jan-11 10:06:49): Calling check on source.m_address.m_path = Sophos
    Trace(2017-Jan-11 10:06:49): Calling package_source_init
    Trace(2017-Jan-11 10:06:49): Creating package source to represent parent
    Trace(2017-Jan-11 10:06:49): Create package source to represent local cache
    Trace(2017-Jan-11 10:06:49): SDDSUpdateLocation::Constructor finished
    Trace(2017-Jan-11 10:06:49): TrySyncProduct, Calling BeginSync
    Trace(2017-Jan-11 10:06:51): SDDSUpdateLocation caught exception from BeginSync: Cannot locate server for http://es-web-2.sophos.com/update/catalogue/sdds.esc_10_2.xml GetLastError returned 0
    Trace(2017-Jan-11 10:06:51): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Ended - 0
    Trace(2017-Jan-11 10:06:51): UpdateLocationFacade::SyncProduct: Last Update Mechanism = SDDS
    Trace(2017-Jan-11 10:06:51): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Started: 
    Trace(2017-Jan-11 10:06:51): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, creating update location
    Trace(2017-Jan-11 10:06:51): Path to decode files to: C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\1484147211
    Trace(2017-Jan-11 10:06:51): Using top level catalogue sdds.esc_10_2
    Trace(2017-Jan-11 10:06:51): SDDSUpdateLocation, constructor start
    Trace(2017-Jan-11 10:06:51): locConfig.m_server = Sophos
    Trace(2017-Jan-11 10:06:51): Calling check on source.m_address.m_path = Sophos
    Trace(2017-Jan-11 10:06:51): Calling package_source_init
    Trace(2017-Jan-11 10:06:51): Creating package source to represent parent
    Trace(2017-Jan-11 10:06:51): Create package source to represent local cache
    Trace(2017-Jan-11 10:06:51): SDDSUpdateLocation::Constructor finished
    Trace(2017-Jan-11 10:06:51): TrySyncProduct, Calling BeginSync
    Trace(2017-Jan-11 10:06:53): SDDSUpdateLocation caught exception from BeginSync: Cannot locate server for http://es-web-2.sophos.com/update/catalogue/sdds.esc_10_2.xml GetLastError returned 0
    Trace(2017-Jan-11 10:06:53): TrySyncProduct<class AutoUpdate::SDDSUpdateLocation>, Ended - 0
    Trace(2017-Jan-11 10:06:53): ALUpdate(): 
    Trace(2017-Jan-11 10:06:53): ALUpdate(DownloadEnded): 
    Trace(2017-Jan-11 10:06:53): UpdateCoordinator::UpdateNow: About to Action list of products
    Trace(2017-Jan-11 10:06:54): RMSMessageHandler: ALUpdateEnd
    Trace(2017-Jan-11 10:06:54): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID></ID><StringID>113</StringID><Sender>ALUpdate</Sender></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated packages</ReadableMessage></Config>
    Trace(2017-Jan-11 10:06:54): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID></ID><StringID>113</StringID><Sender>ALUpdate</Sender></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated packages</ReadableMessage></Config>
    Trace(2017-Jan-11 10:06:54): IPCSender::ProcessSend: Listener not ready starting to wait
    Trace(2017-Jan-11 10:06:55): IPCSender::ProcessSend exiting
    

  • Hello Dean,

    thanks. From the log it looks like the endpoint is in principle ok. In principle means it tries to update as expected - that it searches for SDDS.esc_10_2.xml suggests it's still running 10.2, a rather short-lived version, won't go into details. Hacking the configuration files could make AutoUpdate working again but as far as I can see just installing a current SA version over the existing one should do.

    I'll answer any remaining question when it has worked [:)]

    Christian

  • Christian,

    That resolved the issue and moved it to 10.6.

    Thanks,

    Dean

Reply Children
No Data