Got and interesting situation on one of my sites. I am currently in the process of migrating our infrastructure from one domain to another. There is a trust relationship between the 2 domains and updating has been working fine however as we are planning on decomissioning the old domain this needs to be done.
I have rebuilt a new server (completely new DB everything) and am currently starting to migrate my endpoints from one domain to the other. I am reprotecting the endpoints via AD Sync from the new server and am seeing a situation where a subset of the systems are reprotected. of the remaining PC's I have a few errors being thrown up:
Installation failed 16/02/2017 15:12:14 80070002 The installation could not be started: The system cannot find the file specified. The computer may need additional configuration before installation. See knowledgebase article 29287.
or
16/02/2017 15:19:42 80070569 The installation could not be started: Logon failure: the user has not been granted the requested logon type at this computer. The computer may need additional configuration before installation. See knowledgebase article 29287.
(I am a Domain admin, the admin account is a member of the SophosAdministrators Group but I have also tested this with a working local admin account as well)
oh and a smattering of:
0000002e The installation could not be started. The computer may need additional configuration before installation. See article 29287.
If I run the install from the client PC the SAV install initially fails with the following error:
Log Name: Application
Source: Sophos Anti-Virus
Date: 16/02/2017 14:23:22
Event ID: 65535
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: [machinename].DomainName
Description:
The description for Event ID 65535 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
-------------------
Catastrophic failure
the message resource is present but the message is not found in the string/message table
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="32768">65535</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-02-16T14:23:22.000000000Z" />
<EventRecordID>33876</EventRecordID>
<Channel>Application</Channel>
<Computer>[machinename].DomainName</Computer>
<Security />
</System>
<EventData>
<Data>Catastrophic failure</Data>
</EventData>
</Event>
---------------------
If i manually run the SAU install and then edit the SAU Config to mirror a working installation Autoupdate completes a full download and installation. However the endpoint shows as offline on the console. Redeploying from the root SUM server is occasionally succesful irritatingly however the root SUM server has the same subscription and credential set as the local update server which is not working. Forcing a download completes succesfully but I have the same failed installs when deploying from the local cache.
All of the systems have the same GPO's applied, and I believe have the same base build. So anyone have any ideas?
This thread was automatically locked due to age.
