Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 31 replies
  • Subscribers 1 subscriber
  • Views 120965 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoints Failing to Install New Update

PostQ

Hello,

After receiving the new update (10.3.7 3.51) I have 100+ endpoints that are failing to uninstall the new software.  During the install process the old versions of the software are uninstalled, then when the install is starting they error out.  I'm receiving either an "Installation of Sophos AutoUpdate Failed [0x00000008]" error or an "A runtime error occurred. [0x00000062]" error.

From my testing, when this error occurs it's because the AutoUpdate folder that's created in either of the following locations has messed up permissions.  Basically, it won't allow anyone or anything to access it or delete it.  Those locations are:

C:\Program Files (x86)\Sophos\AutoUpdate  -or-  C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir

If I restart the PC with this problem and boot into Safe Mode, log in then out, the bad file is automatically deleted, restart into normal Windows and try the install again.  At that point everything installs correctly and there are no problems.  

I don't want to have to restart 100+ computers into safe mode if I don't have to, we need a better solution and soon because these computers with this problem are unprotected right now.  Thanks for anyone's help!

:50144


This thread was automatically locked due to age.
  • 0

    Jbull,

    We just realized that exact same thing and are looking into getting the RMS installed and tested on machines.  But so far that seems to fix issues.  I'll let you guys know more tomorrow after we test some more.  It's quittin time.

    And yep, Sophos needs some good 'ole country music on their hold queue.  ;)

    :50320
  • 0

    I have tested this morning and found that I can re-protect a computer from the console which will install the AV and the AutoUpdate client.  Once that finishes, it should pull down the RMS msi file which I manually ran with the following script:

    msiexec /i "C:\ProgramData\Sophos\AutoUpdate\Cache\rms\Sophos Remote Management System.msi" /qn /l* C:\Temp\SophosRMS.txt

    This will silently install the RMS piece and log it to C:\Temp\SophosRMS.txt.

    My next test is re-protecting a failed endpoint then pushing the above script with KACE which I plan to do this afternoon.  We are in the process of updating our KACE agents.

    Last I heard from my escalated support ticket is that they thought there may be a connection to the KACE and were researching it and would get back to me.  I tried uninstalling a KACE agent, rebooting, and re-protecting a PC and that didn't work so I've kept along this path of manually fixing it until I hear something definitive from support.

    :50356
  • 0

    This is the latest news from Sophos on my case.  They suggest it is a conflict with KACE software metering and if you stop the KACE metering service, re-protect, then restart the service you should be fine.  I'm not super confident it will fix our issue because I tried uninstalling the KACE agent, rebooting, and re-protecting and it didn't work.  I've included the Sophos KB article below for anyone that it may help and I will post again once I've done some testing.

    http://www.sophos.com/en-us/support/knowledgebase/121070.aspx

    :50364
  • 0

    Yesterday I sent KACE some verbose logs from Process Monitor, Wireshark and the Sophos Diagnostic Utility.  They narrowed it down to KACE Software Metering (kswmetersvc.exe) They parsed the logs and came back with the following:

    Hello Tom,

    Our Global Team has reviewed the files you uploaded. It looks like Kace might have been the issue at your site.

    Issue

    During the upgrade to version 10.0.12 or 10.3.7 the Sophos AutoUpdate component fails. The following errors can be found in the specified logs on the affected computer:

    Sophos AutoUpdate Setup log.txt

    Error: Install of MSI failed with error 1603

    Sophos AutoUpdate install log.txt

    Product: Sophos AutoUpdate -- Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files (x86)\Sophos\AutoUpdate. The installation cannot continue. Log on as an administrator or contact your system administrator.

    Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files (x86)\Sophos\AutoUpdate. The installation cannot continue. Log on as an administrator or contact your system administrator.

    Windows Application Event log

    Event:
    Log Name: Application
    Source: MsiInstaller
    Date:
    Event ID: 11303
    Task: N/A
    Level: Error
    Opcode: Info
    Keyword: Classic
    User:
    User Name:
    Computer:
    Description:Product: Sophos AutoUpdate -- Error 1303.The installer has insufficient privileges to access this directory: C:\Program Files (x86)\Sophos\AutoUpdate. The installation cannot continue. Log on as an administrator or contact your system administrator.

    In the Sophos Enterprise Console or Sophos Control Center the following error may appear:

    Installation of Sophos AutoUpdate Failed [0x00000008]

    First seen in
    Sophos Anti-Virus for Windows 2000+ 10.3.7,
    Sophos Anti-Virus for Windows 2000+ 10.0.12

    Cause

    This issue has been seen on computers running the following service:

    Dell KACE Software Meter (kswmetersvc.exe)

    When started this service opens a Handle to the Sophos AutoUpdate folder preventing it being deleted as part of the upgrade.

    What To Do

    To allow an affected computer to install/upgrade:

    1. Stop the Dell KACE Software Meter service
    2. Re-protect the affected computer/s
    3. Once protected start the Dell KACE Software Meter service

    Note: We recommend contacting the vendor of the software for information on how to prevent this issue in the future

    :50366
  • 0

    Looks like you beat me to posting the reply JBull!

    In any case, I wanted to also add how we've been fixing it while waiting for a solution, with some success.  Using KACE, we set up a script to uninstall RMS if a machine has RMS but no AV installed.  This scrip runs every 30 minutes, checking for a registry flag it sets so it isn't repeated:

    Verify

    1. Verify that “HKLM\SOFTWARE\Wow6432Node\Sophos-RMS-Fix!RMS-Fix” is not equal to “1”.

    On Success

    1. Launch “C:\Windows\System32\MsiExec.exe” with params “/X{FED1005D-CBC8-45D5-A288-FFC7BB304121} /qn”.
    2. Set “HKLM\SOFTWARE\Wow6432Node\Sophos-RMS-Fix!RMS-Fix” to “1”.

    We set the package to install Sophos AV created from the Sophos Deployment Packager to be installed at startup on any machine missing AV using smart labels.  It's not 100% as someone can reboot before the script to remove RMS runs, causing the install to take place before the RMS removal, but the count of machines with all Sophos components installed is climbing.

    Tom

    :50368
  • 0

    Looks like we all came to the same conclusions at the same time!  We too have the RMS working as a backup option, but we just turned our Metering off and haven't had any problems.  Darn Dell products...  Can't live with it and can't live without it...

    At least we can move forward now and put this behind all of us.  :)  Thanks for all of your collaboration guys!

    :50370
  • 0

    So you have seen success turning the metering off and re-deploying?  I haven't had a chance to test yet but I'm hoping for the best.

    I appreciate everyone contributing to the thread!

    :50374
  • 0

    It's been a slow process, but that's exactly what's been working for us. Protecting again from within the Console I've been able to go from 90+ unprotected systems down to 36, some of which haven't touched the network in a few months. Since disabling Kace Metering I haven't had to uninstall anything - just went straight to Protect and Sophos was able to install normally.

    I second jbull. Thank you everyone!

    :50458
  • 0

    Here's what I am doing.....

    -Stopping Kace service

    -Reinstalling with command lin

    -running msiexec /i "C:\ProgramData\Sophos\AutoUpdate\Cache\rms\Sophos Remote Management System.msi" /qn /l* C:\windows\Temp\SophosRMS.txt (Thanks for that)

    -rebooting

    :50600
  • 0

    Hello,

    It's worth noting, in order for AutoUpdate to maintain RMS post installing in this way (running the MSI directly), iupd.cfg (C:\Program Files\Sophos\AutoUpdate\Config\iupd.cfg) needs the correct action 0x400107. E.g:

    ;RMS 2000/XP
    [iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}]
    AllowLocalConfig = 1
    Action = 0x400107

    Also, the MSI of RMS expects to find, cac.pem and mrinit.conf under:

    C:\Program Files\Sophos\Remote Management System\

    otherwise the install of RMS will fail with error 1722.

    Regards,

    Jak

    :50614
Unfiltered HTML