Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 17169 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM Error : Could not remove target for decode by hardlink

paulus tamba

We have an SUM update server updating to the parent server. The SUM server is able to download the binaries from the parent server, and looking at View update manager details from SEC showed last successful download was recent. However, it was marked as failed with generic message of Software Update failed (80040401). Looking at the LogViewer and SUMTrace yield this particular error: 

2017-08-01 23:11:18 : Cmd-ALL << [I1021][ActionDeploySDF-Sub9-0][DispatcherPrograms-2017-08-01T16-10-17-2] Action 'ActionDeploySDF-Sub9-0' with caller 'DispatcherPrograms-2017-08-01T16-10-17-2' started...
2017-08-01 23:11:18 : Creating file package source...
2017-08-01 23:11:18 : Decoding the product to C:\ProgramData\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA\PSRVR
2017-08-01 23:11:18 : Decoding C:/ProgramData/Sophos/Sophos Endpoint Management/4.5/Updates/Secure/SDFs/SophosPA/PSRVR/ManagementServiceLib.dll
2017-08-01 23:11:50 : EventLog: 3758112802 1 Inserts:> "C:\ProgramData\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA" "PSRVR" "2DE69C24-D975-47b2-8D2F-6BEA861A9C75" "RECOMMENDED" "2DE69C24-D975-47b2-8D2F-6BEA861A9C75" "Could not remove target for decode by hard link."
2017-08-01 23:11:50 : Cmd-ALL << [E4022][C:\ProgramData\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA][PSRVR][2DE69C24-D975-47b2-8D2F-6BEA861A9C75][RECOMMENDED][2DE69C24-D975-47b2-8D2F-6BEA861A9C75][Could not remove target for decode by hard link.] SDF Deployment operation failed when decoding payload '2DE69C24-D975-47b2-8D2F-6BEA861A9C75'. Details: Could not remove target for decode by hard link.
2017-08-01 23:11:50 : Cmd-ALL << [E400D][ActionDeploySDF-Sub9-0][DispatcherPrograms-2017-08-01T16-10-17-2] Action 'ActionDeploySDF-Sub9-0' with caller 'DispatcherPrograms-2017-08-01T16-10-17-2' failed!

Any idea about this? Have searched community site with no luck. 

Thanks 



This thread was automatically locked due to age.
Parents
  • 0

    Hello paulus tamba,

    this isn't a child SUM, is it, but a full mangement server. It tries to decode to \Sophos Endpoint Management\4.5\ which is for the Patch server component that is only relevant for the management server, and 4.5 suggests it was once SEC4.5 and has been upgraded. There are perhaps other subdirectories beside 4.5 (I've seen 4.7, 5.0, and 5.1) only one has the \Updates\Secure\... path though.
    Does this path exist under 4.5 and if is ManagementServiceLib.dll there?

    Christian

  • 0 in reply to QC

    Yes, it's a management server, however it fetched updates from other server, not from Sophos directly. Managed to fix it by giving temporary access to the said folder. 

    Now other child server is behaving differently. The server are able to download the updates from the parent server, but SUM shows software updates failed. 

    Logviewer throws the following error: 

    Error Sophos Update Manager failed to update from product release 'Payload-SDDM' with version 66.1. Details: Failed to signal the self-updater process. Error code: 5

    Research suggested that Error Code 5 is access denied. But I can't figure out what is failing. The same error log appears on Windows Event Log, with event ID 16421. I remember reading somewhere in the forum threads that it's self-update failure, and the thread suggested to remove SUM.msi from C:\Windows\Temp as well as looking at MSIxxx log files in the same folder, but I couldn't find neither SUM.msi nor latest MSI log file. 

    Any idea? 

  • 0 in reply to paulus tamba

    Hello paulus tamba,

    can you find and post the relevant part in the SUMTrace log?
    I no longer have the one from the last self-update (66.1), though I guess the relevant tag is [ActionSelfUpdate-SDDM]. The self-updater and the MSI are in %ProgramData%\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1, the MSI log is in \Windows\Temp but likely it hasn't got as far as running the MSI.

    Christian

  • 0 in reply to QC

    Hi QC,

    Yes it's related to [ActionSelfUpdate-SDDM]. Here's the relevant SUMTrace.log 

     

    2017-08-02 18:55:04 : Cmd-ALL << [I1021][ActionDecodeEverything-SDDM][DispatcherPrograms-2017-08-02T11-54-50-3] Action 'ActionDecodeEverything-SDDM' with caller 'DispatcherPrograms-2017-08-02T11-54-50-3' started...
    2017-08-02 18:55:04 : Cmd-ALL << [S001A][C:\ProgramData\Sophos\Update Manager\Working\.\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][sum][A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][RECOMMENDED] The decode operation was successful (and NULL).
    2017-08-02 18:55:04 : Cmd-ALL << [S0013][C:\ProgramData\Sophos\Update Manager\Working\.\Decoded-SDDM] The decode operation was successful, and no new data files were decoded.
    2017-08-02 18:55:04 : Cmd-ALL << [I0009][ActionDecodeEverything-SDDM][DispatcherPrograms-2017-08-02T11-54-50-3] Action 'ActionDecodeEverything-SDDM' with caller 'DispatcherPrograms-2017-08-02T11-54-50-3' succeeded!
    2017-08-02 18:55:04 : Cmd-ALL << [I1021][ActionSelfUpdate-SDDM][DispatcherPrograms-2017-08-02T11-54-50-3] Action 'ActionSelfUpdate-SDDM' with caller 'DispatcherPrograms-2017-08-02T11-54-50-3' started...
    2017-08-02 18:55:04 : SelfUpdateOperation::Execute has started.
    2017-08-02 18:55:04 : SelfUpdateOperation: No previous self-update to clean up, starting a new one.
    2017-08-02 18:55:04 : SelfUpdateOperation: Evaluating whether SUM needs to self-update...
    2017-08-02 18:55:04 : SelfUpdateOperation: Self update will begin now.
    2017-08-02 18:55:04 : SelfUpdateOperation: Getting base decode path...
    2017-08-02 18:55:04 : SelfUpdateOperation: Base decode path set as: C:\ProgramData\Sophos\Update Manager\Working\.\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1
    2017-08-02 18:55:04 : SelfUpdateOperation: About to signal self-updater thread...
    2017-08-02 18:55:04 : Open registry key failed! Error code: 5
    2017-08-02 18:55:04 : EventLog: 3758112805 1 Inserts:> "Payload-SDDM" "66.1" "Failed to signal the self-updater process. Error code: 5"
    2017-08-02 18:55:04 : Cmd-ALL << [E4025][Payload-SDDM][66.1][Failed to signal the self-updater process. Error code: 5] Failed to self-update from payload 'Payload-SDDM', version 66.1. Details: Failed to signal the self-updater process. Error code: 5
    2017-08-02 18:55:04 : Cmd-ALL << [E400D][ActionSelfUpdate-SDDM][DispatcherPrograms-2017-08-02T11-54-50-3] Action 'ActionSelfUpdate-SDDM' with caller 'DispatcherPrograms-2017-08-02T11-54-50-3' failed!
    2017-08-02 18:55:04 : Cmd-ALL << [E400E][DispatcherPrograms-2017-08-02T11-54-50-3] Event with dispatcher ID 'DispatcherPrograms-2017-08-02T11-54-50-3' failed to execute.

     

    I tried giving the SophosUpdateMgr FullControl permission to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C7A82DB-69BC-4198-AC26-BB862F1BE4D0} but same error persists, and now new error appears : 

    2017-08-02 21:12:19 : EventLog: 1610616834 4 Inserts:>
    2017-08-02 21:12:19 : Cmd-Terminal << Failed to remove the persisted process id value form the registry.

  • 0 in reply to paulus tamba

    Hello paulus tamba,

    sorry, I'm being dense (must be the heat) - the should be a SUMSelfUpdaterLog.txt in %ProgramData%\Sophos\Update Manager\Logs\ that details the self-updater's steps.
    I suspect it's trying to access HKLM\SOFTWARE\Wow6432Node\Sophos\UpdateManager\ or one of its subkeys when it fails. The permissions on this key are an explicitly set Full Control for SYSTEM, NETWORK SERVICE and Administrators.

    giving the SophosUpdateMgr FullControl permission to [the Uninstall key]
    You shouldn't give additional permissions on this key (and a number of others) let alone to a deliberately restricted user (and don't confuse     SophosUpdateMgr with SophosMgmtUser).

    Christian

  • 0 in reply to QC

    The permissions on this key are an explicitly set Full Control for SYSTEM, NETWORKS SERVICE and Administrators.

    I've fixed the permission to reflect your recommended recommendations. Previously there was Everyone permission (this was an inherited machine). But that didn't fix the issue. 

    - the should be a SUMSelfUpdaterLog.txt in %ProgramData%\Sophos\Update Manager\Logs\ that details the self-updater's steps.

    Yes, there is, from previous installation. So looks like the self-updating mechanism didn't happen. 

    I've checked the folder C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1 and I can see the SUM.msi file in there. Since looks like the self-updating doesn't work, will it do harm if I run the installer manually? 

  • 0 in reply to paulus tamba

    Hello paulus tamba,

    Everyone permission with Full Control? that didn't fix the issue - you've reset the permission on this key and all contained objects, haven't you?

    the self-updating mechanism didn't happen
    indeed the SelfUpdateOperation messages in SUMTrace log are issued by SophosUpdateMgr.exe (the latter runs as NETWORK SERVICE) and it looks like also the Open registry key failed. As far as I can see it tries to access the mentioned key. If the permissions are correct on the whole tree HKLM\...\UpdateManager\ tree then I'd suggest that you run Process Monitor.

    will it do harm if I run the installer manually
    maybe, maybe not.     Not only does the self-updater run the installer with certain properties set it also does some housekeeping afterwards. Sure, it is possible to this manually but very likely the next time the self-updater will fail again. So this is not really a solution.

    Christian

Reply
  • 0 in reply to paulus tamba

    Hello paulus tamba,

    Everyone permission with Full Control? that didn't fix the issue - you've reset the permission on this key and all contained objects, haven't you?

    the self-updating mechanism didn't happen
    indeed the SelfUpdateOperation messages in SUMTrace log are issued by SophosUpdateMgr.exe (the latter runs as NETWORK SERVICE) and it looks like also the Open registry key failed. As far as I can see it tries to access the mentioned key. If the permissions are correct on the whole tree HKLM\...\UpdateManager\ tree then I'd suggest that you run Process Monitor.

    will it do harm if I run the installer manually
    maybe, maybe not.     Not only does the self-updater run the installer with certain properties set it also does some housekeeping afterwards. Sure, it is possible to this manually but very likely the next time the self-updater will fail again. So this is not really a solution.

    Christian

Children
  • 0 in reply to QC

    I was looking at the wrong registry key *oops* 

    After giving the HKLM...\UpdateManager\ tree full permission to NETWORK SERVICE, it was finally able to self update (the permission wasn't there). The content of the key is the process id, so I suppose self updater tried to find the PID to kill before starting to update but failed because it didn't have the necessary permission? 

    Anyway, your solution works. Thanks !!

Unfiltered HTML