This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Patch assessment not bringing any results back

Hi

I've inherited a Sophos Enterprise installation and have recently started to push out the patch assessment module from the console to some 30+ Windows servers.

Some have been restarted, all are now showing patch assessment is active, with the version number,

 

So I left everthing overnight ( the patch policy is set to 8 hours ) and when I run the patch assessment events viewer, there is nothing there. What should I check ?

 

I have set the Patch status to be All and get nothing there either. I can't believe all the servers have every patch installed as we are not running WSUS or any active patching routine.

 

thanks



This thread was automatically locked due to age.
Parents
  • Hello Mark Byrne,

    can't say if the endpoints report is as error when the can't send the assessment details to the server.
    You've probably checked that the Sophos Patch services are started on the management server. You'll find the logs under %\ProgramData%\Sophos\Patch\Logs. In case there's no helpful information the Sophos PatchChecker Tool might help in diagnosing the problem.

    Christian

  • Thanks for the reply Christian

    I've checked the services are running on the server - but  - I noticed they are running as a domain user and not the local\system account, is this right ?

    I'm not clear as to why it should be setup this way or if this is the default

     

    Other than that the PatchChecker tool came back with no errors that I could see, this is from my windows 10 laptop

    08/23/17 14:06:52|TID: 7236|ID: 0|File: SupportLogger.cpp|Line: 245|Evidence: Log Started: 08/23/2017 14:06:52 Process Information --------- Module: spa.exe Version: 1.0.311.1 for x86 Copyright: Copyright 2000-2012 Sophos Limited. All rights reserved. Operating System: 10.0.15063 Arch: X64
    08/23/17 14:06:52|TID: 7236|ID: 0|File: FileSystem.cpp|Line: 243|Evidence: Info Msg: Decrypting data read from file tzFileName: ps092afb2d-55f2-4d91-8210-1c5c8926c482.dat eLocation: 0 Grouping: oReadData.size(): 1318
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PdPolicyObject.cpp|Line: 69|Evidence: Info Msg: No reference to resolve for this object ObjectType: potPatchList
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PdPolicyObject.cpp|Line: 69|Evidence: Info Msg: No reference to resolve for this object ObjectType: potAssessment
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PdPolicyObject.cpp|Line: 69|Evidence: Info Msg: No reference to resolve for this object ObjectType: potSettings
    08/23/17 14:06:52|TID: 7236|ID: 0|File: RegisterAction.cpp|Line: 84|Evidence: Info Msg: Changing machineID tzMachineId: efe3ce21-3e62-5793-9b5c-bb51aa0890b2 tzNewMachineId: d0a4426a-97bb-552e-8548-fa9c9eb53ba9
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Communicator.cpp|Line: 174|Evidence: Info Msg: Retrieving capabilities is required.
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PatchServerCommBase.cpp|Line: 300|Evidence: Info Msg: Checking capabilities response
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PatchServerCommBase.cpp|Line: 318|Evidence: Info Msg: Set communication version to 101
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PatchServerCommBase.cpp|Line: 338|Evidence: Info Msg: Retrieve capabilities succeeded. Server: SenAV01.senator.local Port: 80 Action: /Sophos/Management/Patch/EndpointCommunicator/v101/capabilities/ HTTP Response Status: 200 Communication Result: ResultSuccess Extended Info: ResultCode: <true>
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Communicator.cpp|Line: 189|Evidence: Info Msg: SetupCommunicationVersion: Found version. CommunicationVersion: CommunicationVersion101
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Communicator.cpp|Line: 386|Evidence: Info Msg: Registration is required... beginning registration process
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Communicator.cpp|Line: 402|Evidence: Info Msg: Registering with server...
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PatchServerCommBase.cpp|Line: 160|Evidence: Info Msg: Http Send succeeded. Server: SenAV01.senator.local Port: 80 Action: /Sophos/Management/Patch/EndpointCommunicator/v101/registration/ HTTP Response Status: 200 Communication Result: ResultSuccess ResultCode: <true>
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Patch.cpp|Line: 138|Evidence: Info Msg: Set patch API program directory Program Directory: C:\Program Files\Sophos\Sophos Patch Agent\
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Patch.cpp|Line: 148|Evidence: Info Msg: Cleared detection cache
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Patch.cpp|Line: 160|Evidence: Default Patch API list file: /windows/x86_64/en/win10sp0.lst
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Patch.cpp|Line: 179|Evidence: Info Msg: Set patch API extract directory Extract Directory: C:\Program Files\Sophos\Sophos Patch Agent\T
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Patch.cpp|Line: 480|Evidence: Info Msg: Set patch API language Language: PPX_ENGLISH
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PolicyStorage.cpp|Line: 83|Evidence: Info Msg: Retrieving policy...
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PolicyStorage.cpp|Line: 127|Evidence: Policy Fetch indicated that policy is : NoPolicy
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PolicyStorage.cpp|Line: 131|Evidence: Info Msg: Deleting cached policy(ies) on disk.
    08/23/17 14:06:52|TID: 7236|ID: 0|File: FileSystem.cpp|Line: 243|Evidence: Info Msg: Decrypting data read from file tzFileName: ps092afb2d-55f2-4d91-8210-1c5c8926c482.dat eLocation: 0 Grouping: oReadData.size(): 1318
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PdPolicyObject.cpp|Line: 69|Evidence: Info Msg: No reference to resolve for this object ObjectType: potPatchList
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PdPolicyObject.cpp|Line: 69|Evidence: Info Msg: No reference to resolve for this object ObjectType: potAssessment
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PdPolicyObject.cpp|Line: 69|Evidence: Info Msg: No reference to resolve for this object ObjectType: potSettings
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 76|Evidence: Info Msg: Begin processing policy.
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 170|Evidence: Info Msg: Updated runtime setting tzSettingName: AllowReboot tzSettingVal: false
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 170|Evidence: Info Msg: Updated runtime setting tzSettingName: AssessInterval tzSettingVal: 8
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 170|Evidence: Info Msg: Updated runtime setting tzSettingName: RebootDelay tzSettingVal: 1
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 170|Evidence: Info Msg: Updated runtime setting tzSettingName: RebootMessageInterval tzSettingVal: 1
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 170|Evidence: Info Msg: Updated runtime setting tzSettingName: ServerPublicKey tzSettingVal: BgIAAACkAABSU0ExAAgAAAEAAQBZ26ABOfhQeqEUWM+RjtFl676ScfFQ1vYdn8NYWaxrIL3D/0OztUebxn/AHVhUXI/zJVJbfzwc/VlZmfvEOq9MQaCQ11Lc5Ohr25dTQOpM2o7P/0ju+Lvx86LduikODWPAIbWsEoSQbXBPGntzowOOPUSsAoD4HMVYdNbHZRFX6i4P5DQm6vQKfwXoodarETHIg5idRU1tW/UifgKJHBNeo6/KC/hx+gjA5V07TNFx7b7DfSPTKDyswJcJAIvSerL9REIG2ywNBgeuXS+mctX+Nz7ZScVjrnHnVVQ5i4fvSTzYMap/C7crYDWUf3VHfKTrR1udRWHxAL1+Tr0CAuTF
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Interpreter.cpp|Line: 170|Evidence: Info Msg: Updated runtime setting tzSettingName: ShowRebootMessage tzSettingVal: false
    08/23/17 14:06:52|TID: 7236|ID: 0|File: PatchServerCommBase.cpp|Line: 102|Evidence: Info Msg: Http Retrieve to memory succeeded. Server: SenAV01.senator.local Port: 80 Action: /Sophos/Management/Patch/EndpointCommunicator/v101/assessment HTTP Response Status: 200 Communication Result: ResultSuccess Extended Info: ResultCode: <true>
    08/23/17 14:06:52|TID: 7236|ID: 0|File: AssessStorage.cpp|Line: 69|Evidence: Info Msg: Retrieved assessment file list from the server
    08/23/17 14:06:52|TID: 7236|ID: 0|File: FileSystem.cpp|Line: 448|Evidence: Info Msg: File Exists. Calculating hash... tzFileName: 2017-08 Cumulative Update for Windows 10 Version 1507 x64 (KB4034668).pls
    08/23/17 14:06:52|TID: 7236|ID: 0|File: FileSystem.cpp|Line: 448|Evidence: Info Msg: File Exists. Calculating hash... tzFileName: 2017-08 Cumulative Update for Windows 10 Version 1511 x64 (KB4034660).pls

    ***SNIP **** lots of the file listing for patches....

    08/23/17 14:06:55|TID: 7236|ID: 0|File: FileSystem.cpp|Line: 448|Evidence: Info Msg: File Exists. Calculating hash... tzFileName: Wireshark 2.2.8 for Windows (See Notes).pls
    08/23/17 14:06:55|TID: 7236|ID: 0|File: PatchServerCommBase.cpp|Line: 102|Evidence: Info Msg: Http Retrieve to memory succeeded. Server: SenAV01.senator.local Port: 80 Action: /Sophos/Management/Patch/EndpointCommunicator/v101/file HTTP Response Status: 200 Communication Result: ResultSuccess Extended Info: ResultCode: <true>
    08/23/17 14:06:55|TID: 7236|ID: 0|File: ApplicationStorage.cpp|Line: 56|Evidence: Info Msg: Retrieved required file list from the server
    08/23/17 14:06:55|TID: 7236|ID: 0|File: ApplicationStorage.cpp|Line: 94|Evidence: Info Msg: File exists. Validating the hash... pFileDef->GetName(): sophos.plk pFileDef->GetPath(): [installdir]\
    08/23/17 14:06:55|TID: 7236|ID: 0|File: FileSystem.cpp|Line: 448|Evidence: Info Msg: File Exists. Calculating hash... tzFileName: sophos.plk
    08/23/17 14:06:55|TID: 7236|ID: 0|File: ApplicationStorage.cpp|Line: 108|Evidence: Info Msg: File hash matches. Download is not needed. pFileDef->GetName(): sophos.plk
    08/23/17 14:06:55|TID: 7236|ID: 0|File: Patch.cpp|Line: 96|Evidence: Info Msg: Destroying Patch object

     

     

  • Hello Mark,

    the user for the services is likely correct - it's the "Database Account" (in the example SophosManagement) referred to in the User accounts required article.

    Hm ... "around" Destroying Patch object there should be other lines, for example Assessment successful - updating last assessment time a few lines above and Sending... Type: TypeAssessment in one of the following lines. Is the PatchWorkerThread created - I see it shortly after the Retrieved required file list from the server.
    Is there a PatchChecker_patch.log?

    Christian

  • The log I posted has just had the hundreds of patch files and versions removed for brevity. 

     the PatchChecker_patch.log file has only two lines in it

     

    08/23/17 14:06:52|TID: 7236|ID: 0|File: SupportLogger.cpp|Line: 245|Evidence: Log Started: 08/23/2017 14:06:52 Process Information --------- Module: spa.exe Version: 1.0.311.1 for x86 Copyright: Copyright 2000-2012 Sophos Limited. All rights reserved. Operating System: 10.0.15063 Arch: X64
    08/23/17 14:06:52|TID: 7236|ID: 0|File: Patch.cpp|Line: 335|Evidence: Info Msg: === TRACE FUNCTION ENABLED ===

     

    That's it, should there be more in this log ? the client and server have the same two lines.

     

    thanks 

  • Hello Mark,

    there should be the details of the checks for the patches.
    In the trace log - is the PatchWorkerThread mentioned? If not it's perhaps not created - wonder if increasing the log level would give more information (can't check today, I'm already late ...).

    Christian

  • Thanks for the help Christian,

    I've increased the logging level to 4 and restarted the patch agent. Ran the PatchChecker again and couldn't see any difference in the Patch_log file ( still only two line )

     

    In one of the other logs ( 0984EC72D3C946359AD962539F7F6A79_trace.log ) I found this near the bottom of the log :

     

    08/23/17 16:47:47|TID: 17948|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CPatchEngine::RemoveLogger
    08/23/17 16:47:47|TID: 17948|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CAction::SafePublish
    08/23/17 16:47:47|TID: 17948|ID: 0|File: Action.cpp|Line: 89|Evidence: Complete: ProcessPolicy
    08/23/17 16:47:47|TID: 17948|ID: 2147500037|File: Action.cpp|Line: 95|Evidence: { *BEGIN Exception Collection* Code: 0x80004005 Unspecified error Evidence: Info Msg: Missing required file Program Directory: C:\Program Files\Sophos\Sophos Patch Agent\ File: winapplications.ospx Stack Dump: More Info From Action.cpp(94): Action: ProcessPolicy Source: Patch.cpp(407) **END Exception Collection** } Stack Dump:
    08/23/17 16:47:47|TID: 17948|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CAction::Execute
    08/23/17 16:47:47|TID: 17948|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CMainThread::PerformAction
    08/23/17 16:47:47|TID: 17948|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CMainThread::PerformActionT
    08/23/17 16:47:47|TID: 10880|ID: 0|File: StackLogger.h|Line: 27|Evidence: Entering: SophosPatch::CPatchEngine::Detach
    08/23/17 16:47:47|TID: 10880|ID: 0|File: PatchEngine.cpp|Line: 202|Evidence: Info Msg: Process detached as status listener. Cookie: 3EF54639-9102-49BE-93F7-037849E848D8
    08/23/17 16:47:47|TID: 10880|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CPatchEngine::Detach
    08/23/17 16:47:47|TID: 10880|ID: 0|File: StackLogger.h|Line: 27|Evidence: Entering: SophosPatch::CPatchEngine::RemoveLogger
    08/23/17 16:47:47|TID: 10880|ID: 0|File: StackLogger.h|Line: 33|Evidence: Exiting: SophosPatch::CPatchEngine::RemoveLogger

     

    Not sure if this is relevant or how to fix it, I've tried pushing the software from the console again but can't see any difference in the assessment viewer.

     

    thanks

     

  • Hello Mark,

    quite strange. It looks like winapplications.ospx is missing. Is it there (in C:\Program Files\Sophos\Sophos Patch Agent\)? Just tested, if it isn't it's downloaded from the server. Are there other occurrences of winapplications.ospx in the trace?
    I'd run Process Monitor (including file system events where Path ends with winapplications.ospx), this should show what happens with this file when running the PatchChecker.

    Christian

  • Ran the processmonitor and looked for the event:

     

    So it's trying to read a file that isn't there, I can't find this file on the server anywhere either.

    Is it possible to generate it from somewhere ?

  • Hello Mark,

    if it's not on the endpoint it is downloaded from the server (should show both in the PatchChecker_Trace and detailed trace logs). As spa.exe first checks for the file and its checksum and then downloads it the event you've posted isn't the only one for the ospx file, is it? 

    The endpoint should download the needed files from the server. On the server the file should be in %ProgramData%\Sophos\Patch\PatchDataLoader\Download\Ospx\.

    Christian

  • Hi Yes, it's just one file ( i ran the patchChecker twice )

    I've checked the server and there is no folder called OSPX listed.


    Directory of C:\ProgramData\Sophos\Patch\PatchDataLoader\Download

    11/05/2017 15:54 <DIR> .
    11/05/2017 15:54 <DIR> ..
    11/05/2017 15:54 <DIR> Lst
    23/08/2017 17:54 229,427,074 mcescan.cab
    23/08/2017 17:54 139 mcescanTimeStamp.xml
    21/08/2017 17:54 <DIR> Pls
    23/08/2017 17:54 12,252 sophos.xml
    21/08/2017 17:54 <DIR> Temp
    3 File(s) 229,439,465 bytes
    5 Dir(s) 78,538,924,032 bytes free

    C:\ProgramData\Sophos\Patch\PatchDataLoader\Download>

     

  • Hello Mark,

    I see that OSPXSet.xml is missing (this is likely the cause for the missing folder and files). I don't know how it gets there, mine has a timestamp corresponding to the last download by the Sophos Patch Feed task.
    Just in case please check the PatchFeedProcessor.log in C:\ProgramData\Sophos\Patch\Logs\ - though I fear it won't be of much help, in that case you should contact Support directly.

    Christian

Reply
  • Hello Mark,

    I see that OSPXSet.xml is missing (this is likely the cause for the missing folder and files). I don't know how it gets there, mine has a timestamp corresponding to the last download by the Sophos Patch Feed task.
    Just in case please check the PatchFeedProcessor.log in C:\ProgramData\Sophos\Patch\Logs\ - though I fear it won't be of much help, in that case you should contact Support directly.

    Christian

Children
  • Thanks for your help Christian,

    I've checked that log but the recent entries are all pretty boring :

     

    2017-08-19 17:54:02 | PID 16348 | TID 1 | Information | -----PROGRAM START-----
    2017-08-19 17:54:33 | PID 16348 | TID 1 | Information | -----PROGRAM END-----
    2017-08-20 17:54:02 | PID 6668 | TID 1 | Information | -----PROGRAM START-----
    2017-08-20 17:54:46 | PID 6668 | TID 1 | Information | -----PROGRAM END-----
    2017-08-21 17:54:02 | PID 15924 | TID 1 | Information | -----PROGRAM START-----
    2017-08-21 17:58:18 | PID 15924 | TID 1 | Information | -----PROGRAM END-----
    2017-08-22 17:54:02 | PID 5212 | TID 1 | Information | -----PROGRAM START-----
    2017-08-22 17:54:59 | PID 5212 | TID 1 | Information | -----PROGRAM END-----
    2017-08-23 17:54:01 | PID 16608 | TID 1 | Information | -----PROGRAM START-----
    2017-08-23 17:54:45 | PID 16608 | TID 1 | Information | -----PROGRAM END-----

     

    earlier entries have errors in them but these are all from before I was even thinking about using the patch assessment tool.

     

    2017-08-10 11:59:14 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 11:59:14 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:02:15 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:02:15 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:05:15 | PID 14744 | TID 1 | Warning | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:05:15 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:05:15 | PID 14744 | TID 1 | Warning | Failure encountered while inserting or updating patch APSB17-23 Adobe Flash Player 26.0.0.151 for Windows (See Notes) : Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
    2017-08-10 12:08:30 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:08:30 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:11:31 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:11:31 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:14:32 | PID 14744 | TID 1 | Warning | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:14:32 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:14:32 | PID 14744 | TID 1 | Warning | Failure encountered while inserting or updating patch 2017-08 Security Update for Adobe Flash Player for Windows 8.1 for x86 -based Systems (KB4034662) : Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
    2017-08-10 12:18:28 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:18:28 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:21:28 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:21:28 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:24:29 | PID 14744 | TID 1 | Warning | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:24:29 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:24:29 | PID 14744 | TID 1 | Warning | Failure encountered while inserting or updating patch 2017-08 Security Update for Adobe Flash Player for Windows Server 2012 x64 (KB4034662) : Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
    2017-08-10 12:32:26 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:32:26 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:35:26 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:35:26 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:38:27 | PID 14744 | TID 1 | Warning | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:38:27 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:38:27 | PID 14744 | TID 1 | Warning | Failure encountered while inserting or updating patch 2017-08 Security Update for Adobe Flash Player for Windows 8.1 x64 (KB4034662) : Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
    2017-08-10 12:42:09 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:42:09 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:45:10 | PID 14744 | TID 1 | Information | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Execution will be retried. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:45:10 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:48:11 | PID 14744 | TID 1 | Warning | An SQL exception has been caught while executing 'usp_pf_insupdPatch'. Location = 'Execute command', SQL Error Code = '-2146232060', Message = 'Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.'
    2017-08-10 12:48:11 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:48:11 | PID 14744 | TID 1 | Warning | Failure encountered while inserting or updating patch 2017-08 Security Update for Adobe Flash Player for Windows Server 2012 R2 x64 (KB4034662) : Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

     

    I've raised a ticket with support and hopefully will get an answer to this.
    Is there anything in the missing OPSXSet.xml that is installation specific ? Wondering if copying the .xml file in there would fix this issue ?

     

    Cheers

    Mark

  • Hello Mark,

    OPSXSet.xml
    you have one somewhere? It's not specific but the Patch Server should download it (from Lumension) and if it doesn't there's an issue that should be resolved. But it might be a temporary workaround.

    Christian

  • I don't have a SEC handy but based on these messages:

    2017-08-10 12:48:11 | PID 14744 | TID 1 | Information | Error(Number='-2',Message='Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.',Source='.Net SqlClient Data Provider',State='0')
    2017-08-10 12:48:11 | PID 14744 | TID 1 | Warning | Failure encountered while inserting or updating patch 2017-08 Security Update for Adobe Flash Player for Windows Server 2012 R2 x64 (KB4034662) : Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

    I'm sure there is a command timeout registry key that could be increased for the Patch component.

    From memory I assume it would be under either
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Patch
    or
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Patch

    There is usually a connection timeout and a command timeout value that can be changed.  In this case you would want to influence the command timeout.

    If you can adjust it to say 2 minutes / 180 seconds or whatever the units are and then restart the Sophos Patch services, does this error go away?  

    Regards,
    Jak

  • Hi Christian,

    No, I can't find "OPSXSet.xml" anywhere on either my own machine or the server. Waiting to hear from support now.

    Thanks

  • Thanks Jak, the SophosPatchCommandTimeout is already set at 180 

    From the conversation with Christian, I think we are missing some files from the server.

     

    Mark

  • Sophos resolved this issue with a custom SQL script ran against the SophosPatch52 DB - so not an easy fix but many thanks to everyone that helped. 
    We backed up the database then ran the script, which seems to reset the database, upgrade the status map and then delete criteria, agent platform information and OS version. It then inserted this information back into the database again.