Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 46677 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to uninstall Sophos AutoUpdate 5.2.0.276

Christian Shawyer

Hi there,

I'm just trying to uninstall Sophos AutoUpdate from one of our servers however the Windows Installer is unable to locate the MSI in C:\ProgramData\Sophos\AutoUpdate\cache\sau\. Having a look in the registry for the AutoUpdate install properties gives me a LocalPackage path of C:\Windows\Installer\ddc87f3e.msi, unfortunately this MSI is missing. 

So far I have tried changing the Windows Installer path to this \cache\sau\ directory on one of our working servers, however I receive the same message. I have also tried using a Sophos AutoUpdate msi from the \Windows\Installer\ path of one of our working servers however the operation timed (I image some error due to the AutoUpdate on the functional server being a higher version). 

Would there happen to be somewhere where I could get a hold of a 5.2.0.276 AutoUpdate .msi to use for the uninstall? If I'm misunderstanding the process please feel free to let me know. If there's also any other way to force the program off the server in a friendly manner I'd be very happy to hear it.

Any and all feedback greatly appreciated, cheers,

Christian



This thread was automatically locked due to age.
Parents
  • 0

    One thing you could try, as per:

    https://community.sophos.com/kb/en-us/117348

    I.e. setting the ShowFixedPackages registry key.

    If you look under a subscription, and the various versions of the Windows packages available, you can then look at the component versions.  Do you see a SAU 5.2.0.276 i the list?  If so you could subscribe to that package, create a distribution point and you can get the MSI file from there.

    I've forgotten how old 5.2 is but this may be available in one of the packages.

    Regards,

    Jak

  • 0 in reply to jak

    Hey Jak,

     

    Cheers for that. I've created a new subscription for "Fixed Extended 10.6.3 VE3.65.3" which includes the AutoUpdate version 5.2.0.276. I then created a group and placed the offending computer in there, however when attempting to protect the computer to begin installation I unfortunately receive an error "80070002 Installaton failed. See knowledgebase article 29287. Installation failed. The computer may need additional configuration before installation."

    I've had a look at https://community.sophos.com/kb/en-us/29287 and followed the steps within to combat the error, however have had no success in doing so, still receive the same error even though the criteria are all met. Happy to hear any suggestions, I must be missing something.

     

    Cheers,

    Christian

  • 0 in reply to Christian Shawyer

    I don't think you need to protect the computer. I figured you'd just have SUM create the CID purely to harvest the SAU MSI file.  You can then just rename it to C:\Windows\Installer\ddc87f3e.msi on the problem client before running the uninstaller.

    Regards,

    Jak

  • 0 in reply to jak

    Ah awesome that sounds good. Sorry would you happen to know where to look for the newly created the CID? Or is there a process to create the CID somewhere through SEC? I currently have S000 as the only folder under CIDs. However the UM itself hasn't updated since 23 Aug, so perhaps it just won't download until I sort that issue out. 

  • 0 in reply to Christian Shawyer

    In SEC, switch to the Update Manager list, create a new subscription on the left.  Choose the old package.

    You then need to add that to the subscription list maintained by your SUM.

    SUM should then start downloading and you'll end up with a S001 CID I assume you can go into and capture the file in question.  If you look at the View-Bootstrap locations it should be listed once SUM has finished download and deployment of the share.

    You can remove the subscription once done and delete the S001 directory.

    Regards,

    Jak

  • 0 in reply to jak

    Perfect, that sounds promising. Thanks Jak, I'll try that out once I get this Update Manager not updating issue sorted.

  • 0 in reply to Christian Shawyer

    If you want to link the latest SUMTrace log [https://community.sophos.com/kb/en-us/110143] we can have a look at it.

Reply Children
  • 0 in reply to Christian Shawyer

    Hello Christian,

    the UM itself hasn't updated since 23 Aug
    could you show where you see this? From the log it doesn't look like there's a failed Self-Update.

    Did you add a subscription yet as neither the Fixed Extended 10.6.3 nor a CID other than \S000\ is mentioned?

    Christian

  • 0 in reply to QC

    Hey Christian,

    Of course, I've attached a couple of screenshots showing the setup with the additional subscription I'm trying to get going. 

    Pics.zip

    The UM appears to be stuck on downloading binaries, I've tried rebooting the server / restarting the UM services a few times with no luck.

    I had a look at another post and tried a couple of things such as making sure Everyone has read/write permission on the SophosUpdate share, and changing the C:\ProgramData\Sophos\Update Manager\Working folder to Working_OLD to let that rebuild, however no luck for me with those ones.

     

  • 0 in reply to Christian Shawyer

    Hello Christian,

    thanks. The subscription configuration looks correct. SUM is indeed not the latest version (1.6.2.186) though.
    I see that the Download status is Downloading binaries - but the SUMTrace log shows completed (and as far as I can see successful) hourly Software and every 10 minutes Threat detection data updates. Wonder if internal communication is stalled - if you look at ACSINF01's Computer details in the Endpoints view - what is the Last message time and is it Up to date?

    Even if the Last message time is recent SUM might not communicate. If you look into %ProgramData%\Sophos\Remote Management System\3\Agent\AdapterStorage\SDDM\ is the timestamp of SDDM Status current? In the Agent log you should see SDDM state observer received a status lines corresponding to the DumpConfigXML lines in the SUMTrace. If not then please restart both the Sophos Agent and the SUM service (IIRC this usually helps, not sure about the order, perhaps doesn't matter).

    Christian

  • 0 in reply to QC

    Hey,

     

    Hmm strange. I had a look at some of the "Up to date" computers, and their last message times correlate to the 23 of August @ 7pm. They each have a red cross on their icon, and are all awaiting policy transfers. The SDDM Status timestamp is indeed up to date, however SDDM config is from the 23rd of August. I had a look at comparing the SDDM Agent log with the SUMTrace log as you have suggested, this was what I found: (Each log snippet separated by a few lines with a couple of the preceding lines above it)

    ACS SEC.zip

    They appear different to me, but I might be looking in the wrong spots. I gave those services a restart, however it appears to be still downloading binaries. Thanks a lot for your help on this one. :)

  • 0 in reply to Christian Shawyer

    Hello Christian,

    didn't mention the other component involved in communication - assuming only SUM can't communicate.
    From their last message times correlate to the 23 of August it seems to be the Sophos Message Router which doesn't pass the messages. I assume it's running but not working as it should - you could check its log or simply restart it (and it does no harm to restart the Management Service as well). 

    Christian

  • 0 in reply to QC

    Hey Christian,

    I gave those service restarts a shot on Friday night unfortunately without success. A reboot of the server hasn't changed much either. I'll keep trying a couple of others things and see what else I can find. Thanks for your help so far.

    Cheers,

    Christian

Unfiltered HTML