Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 46684 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to uninstall Sophos AutoUpdate 5.2.0.276

Christian Shawyer

Hi there,

I'm just trying to uninstall Sophos AutoUpdate from one of our servers however the Windows Installer is unable to locate the MSI in C:\ProgramData\Sophos\AutoUpdate\cache\sau\. Having a look in the registry for the AutoUpdate install properties gives me a LocalPackage path of C:\Windows\Installer\ddc87f3e.msi, unfortunately this MSI is missing. 

So far I have tried changing the Windows Installer path to this \cache\sau\ directory on one of our working servers, however I receive the same message. I have also tried using a Sophos AutoUpdate msi from the \Windows\Installer\ path of one of our working servers however the operation timed (I image some error due to the AutoUpdate on the functional server being a higher version). 

Would there happen to be somewhere where I could get a hold of a 5.2.0.276 AutoUpdate .msi to use for the uninstall? If I'm misunderstanding the process please feel free to let me know. If there's also any other way to force the program off the server in a friendly manner I'd be very happy to hear it.

Any and all feedback greatly appreciated, cheers,

Christian



This thread was automatically locked due to age.
  • 0 in reply to QC

    Hey Christian,

    Of course, I've attached a couple of screenshots showing the setup with the additional subscription I'm trying to get going. 

    Pics.zip

    The UM appears to be stuck on downloading binaries, I've tried rebooting the server / restarting the UM services a few times with no luck.

    I had a look at another post and tried a couple of things such as making sure Everyone has read/write permission on the SophosUpdate share, and changing the C:\ProgramData\Sophos\Update Manager\Working folder to Working_OLD to let that rebuild, however no luck for me with those ones.

     

  • 0 in reply to Christian Shawyer

    Hello Christian,

    thanks. The subscription configuration looks correct. SUM is indeed not the latest version (1.6.2.186) though.
    I see that the Download status is Downloading binaries - but the SUMTrace log shows completed (and as far as I can see successful) hourly Software and every 10 minutes Threat detection data updates. Wonder if internal communication is stalled - if you look at ACSINF01's Computer details in the Endpoints view - what is the Last message time and is it Up to date?

    Even if the Last message time is recent SUM might not communicate. If you look into %ProgramData%\Sophos\Remote Management System\3\Agent\AdapterStorage\SDDM\ is the timestamp of SDDM Status current? In the Agent log you should see SDDM state observer received a status lines corresponding to the DumpConfigXML lines in the SUMTrace. If not then please restart both the Sophos Agent and the SUM service (IIRC this usually helps, not sure about the order, perhaps doesn't matter).

    Christian

  • 0 in reply to QC

    Hey,

     

    Hmm strange. I had a look at some of the "Up to date" computers, and their last message times correlate to the 23 of August @ 7pm. They each have a red cross on their icon, and are all awaiting policy transfers. The SDDM Status timestamp is indeed up to date, however SDDM config is from the 23rd of August. I had a look at comparing the SDDM Agent log with the SUMTrace log as you have suggested, this was what I found: (Each log snippet separated by a few lines with a couple of the preceding lines above it)

    ACS SEC.zip

    They appear different to me, but I might be looking in the wrong spots. I gave those services a restart, however it appears to be still downloading binaries. Thanks a lot for your help on this one. :)

  • 0 in reply to Christian Shawyer

    Hello Christian,

    didn't mention the other component involved in communication - assuming only SUM can't communicate.
    From their last message times correlate to the 23 of August it seems to be the Sophos Message Router which doesn't pass the messages. I assume it's running but not working as it should - you could check its log or simply restart it (and it does no harm to restart the Management Service as well). 

    Christian

  • 0 in reply to QC

    Hey Christian,

    I gave those service restarts a shot on Friday night unfortunately without success. A reboot of the server hasn't changed much either. I'll keep trying a couple of others things and see what else I can find. Thanks for your help so far.

    Cheers,

    Christian

  • 0

    I've managed to uninstall the AutoUpdate now, copied the MSI from another server we look after that had the correct version it needed. 

  • 0 in reply to Christian Shawyer

    Hello Christian,

    so the AutoUpdate problem i solved, but the console still doesn't display current data?

    Christian

  • 0 in reply to QC

    Hey,

    Yes that's correct. Just taking a look at another server too which happens to have the same issue from the 23rd of August as well. Stuck on downloading binaries. This other server is running SEC 5.1.0.1839, whilst the one we've been discussing here is using SEC 5.5.0, recently upgraded from 5.1.0.1839. Could this have something to do with it do you think?

    Cheers,

    Christian

  • 0 in reply to jak

    Cheers Jak, I think that's done it.

    After following that thread and updating the registry with the right IP, the UM is reporting a valid status and the endpoints are lighting up green again. They're just awaiting policy transfer which I assume is because the Sophos Message Router / Sophos Agent services need to be restarted on them.

    Thanks for your help!

Unfiltered HTML