Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 30653 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade SEC from 5.4.0 to 5.5.0

warnox

Hi,

I would like to do a standalone, in-place upgrade of SEC from 5.4.0 to 5.5.0. Reading through the installation and release notes, I came across this KB (https://community.sophos.com/kb/en-us/124873) regarding TLS 1.2.

The article states, 'Windows - All supported versions are compatible'. How do I find out which are the supported versions and if we have any clients running unsupported versions?

Thanks for any help.



This thread was automatically locked due to age.
Parents
  • 0

    Hi warnox,

    The below table might help you with the TLS 1.2 supported Windows OS.

    Windows OS Version SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2
    Windows XP & Windows Server 2003 X X
    Windows Vista & Windows Server 2008
    Windows 7 & Windows Server 2008 R2
    Windows 8 & Windows Server 2012
    Windows 8.1 & Windows Server 2012 R2
    Windows 10 & Windows Server 2016

    Hope it helps

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Thanks, I wasn't sure if it was referring to a Windows version or Sophos client version.

    So basically, if there are 2003/XP machines in the environment we can't upgrade past 5.4.0?

  • 0 in reply to warnox

    Hello warnox,

    I have upgraded to 5.5.0 some time ago and I could upgrade even though I have still some XP machines on the network.
    Please note that XP/2003 is generally no longer supported by Sophos (there is an extended support version available). I think that upgrading SEC and RMS/TLS isn't the problem but the retirement of the XP/2003 version is.

    Christian

  • 0 in reply to QC

    And with 5.5.0, your XP/2003 clients are reporting in and updating correctly? That would be strange if 5.5.0 requires the client to support TLS 1.2.

    What version of endpoint/RMS are your XP/2003 clients running?

Reply Children
  • 0 in reply to warnox

    Hell warnox,

    according to the unsupported RMS article (note it's from January) all current Windows versions (certainly 10.6.4+ with RMS 4.0.8+) are compatible. XP SP3 have upgraded to 10.7.2.

    Christian

  • 0 in reply to QC

    Thanks Christian. Maybe I'm missing something but I can't see a mention of 10.6.4+ with RMS 4.0.8+ being compatible with SEC 5.4.1+ in that article?

    I guess the question is, at what Endpoint/RMS version did TLS 1.2 become compulsory, because then I would just need to make sure all the endpoints are at that version or above.

  • +1 in reply to warnox

    Hello warnox,

    sorry for the delayed reply, I've been away.

    I can't see a mention of 10.6.4+ [...] being compatible
    SEC 5.4.1 came out a year ago, at this time All supported [SESC for Windows] versions (you've quoted this in your initial post) definitely included even 10.6.3.

    at what Endpoint/RMS version did TLS 1.2 become compulsory
    compulsory is perhaps not the right word and it's not the RMS version that mandates TLS 1.2 but SEC. The SEC 5.4.1 - Use of ... article has more details. The simple conclusion is though: Any Windows endpoint that is up-to-date is "compatible" with SEC 5.4.1/5.5.0.

    Christian

  • 0 in reply to QC

    No problem, thanks for your reply.

    Ok, so basically the installer checks if you have any devices using endpoint software which doesn't support TLS 1.2? And fails if this is the case.

  • +1 in reply to warnox

    Hello warnox,

    the installer checks
    yes, the bootstrapper queries the database. With 5.4.1 it and the Server MSI didn't absolutely agree on the check and if you had endpoints with an empty AV version the MSI was started but subsequently failed.

    Christian

  • 0 in reply to QC

    Thanks, hopefully in 5.5.0 they do agree :)

  • 0 in reply to QC

    Hi 

    So I’ve been back and forth with Sophos support, and they won’t help me until we upgrade our version of Sophos Enterprise server from 5.2.0 to 5.5.0.

     I ran the 5.5.0 installer on our server, and I hit an issue regarding RMS. 

    You have managed computers running a version of RMS unsupported by Enterprise Console

    Looking on the net, Windows XP and Server 2003 can't run TLS 1.2.

    https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/

    I have extended support for XP & Server 2003, I'm worried if I upgrade SEC to 5.5.0, the XP and Server 2003 will stop receiving there updates.

    Has anyone upgraded to 5.5.0 and can confirm the XP and Server 2003 machines can still receive updates?

    Look forward to hearing from you.

    Regards

    Thomas

     

  • 0 in reply to Thomas Newman

    Hello Thomas,

    anyone [...] can confirm
    anyone other than yours truly who said so late December 2017? Note that RMS comes with its own libraries, it doesn't rely on OS support.
    In addition, RMS is "only" the management component, it doesn't affect updating. If RMS fails you would, of course, neither get the status of the endpoint not be able to change its policies but if updating has worked before it would continue to do so.

    Christian

  • 0 in reply to QC

    Hi Christian,

    I see thanks for clearing that up. I was worried that the legacy XP & Server 2003 machines would stop communicating when upgrading to 5.5.0, updates & policies.

    Thanks for all your help.

    Regards

    Thomas

  • 0 in reply to Thomas Newman

    I managed to update mine from 5.4.0 to 5.5.0 and 2003 machines are still reporting in but I didn't get any warnings during pre-checks. Suppose you need to update the RMS component on the affected machines before upgrading SEC.

Unfiltered HTML