Upgrade SEC from 5.4.0 to 5.5.0

Hi warnox,

The below table might help you with the TLS 1.2 supported Windows OS.

Hope it helps

Thanks, I wasn't sure if it was referring to a Windows version or Sophos client version.

So basically, if there are 2003/XP machines in the environment we can't upgrade past 5.4.0?

No problem, thanks for your reply.

Ok, so basically the installer checks if you have any devices using endpoint software which doesn't support TLS 1.2? And fails if this is the case.

Hello warnox,

the installer checks
yes, the bootstrapper queries the database. With 5.4.1 it and the Server MSI didn't absolutely agree on the check and if you had endpoints with an empty AV version the MSI was started but subsequently failed.

Christian

Thanks, hopefully in 5.5.0 they do agree :)

Hi 

So I’ve been back and forth with Sophos support, and they won’t help me until we upgrade our version of Sophos Enterprise server from 5.2.0 to 5.5.0.

 I ran the 5.5.0 installer on our server, and I hit an issue regarding RMS. 

You have managed computers running a version of RMS unsupported by Enterprise Console

Looking on the net, Windows XP and Server 2003 can't run TLS 1.2.

https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/

I have extended support for XP & Server 2003, I'm worried if I upgrade SEC to 5.5.0, the XP and Server 2003 will stop receiving there updates.

Has anyone upgraded to 5.5.0 and can confirm the XP and Server 2003 machines can still receive updates?

Look forward to hearing from you.

Regards

Thomas

Hello Thomas,

anyone [...] can confirm
anyone other than yours truly who said so late December 2017? Note that RMS comes with its own libraries, it doesn't rely on OS support.
In addition, RMS is "only" the management component, it doesn't affect updating. If RMS fails you would, of course, neither get the status of the endpoint not be able to change its policies but if updating has worked before it would continue to do so.

Christian

Hi Christian,

I see thanks for clearing that up. I was worried that the legacy XP & Server 2003 machines would stop communicating when upgrading to 5.5.0, updates & policies.

Thanks for all your help.

Regards

Thomas

I managed to update mine from 5.4.0 to 5.5.0 and 2003 machines are still reporting in but I didn't get any warnings during pre-checks. Suppose you need to update the RMS component on the affected machines before upgrading SEC.

Hello warnox et al.,

update the RMS component
just as AutoUpdate and the other (sub-)components you can't selectively update RMS - their version is determine by the Anti-Virus version. In addition as the relevant articles say all "current" Windows versions already fulfilled the requirement when SEC 5.4.1 was released.

Christian

Our 2003 servers are running 10.7.6 so I guess the latest Anti-Virus version still supports this legacy OS.

"all "current" Windows versions already fulfilled", is a bit confusing as 2003 isn't a current (or supported) version of Windows.

Hello warnox,

version of Windows
my bad, should have said "current" Sophos Anti-Virus for Windows versions. And supported can have three meanings: Relating to support of the SAV version by Sophos, relating to support of the platform by SAV/Sophos, and relating to support of the platform/Windows version by Microsoft.
As already mentioned there's also a lot of confusion regarding RMS and its protocol support vs. Windows and supported SSL/TLS versions.

Christian

Hello warnox,

version of Windows
my bad, should have said "current" Sophos Anti-Virus for Windows versions. And supported can have three meanings: Relating to support of the SAV version by Sophos, relating to support of the platform by SAV/Sophos, and relating to support of the platform/Windows version by Microsoft.
As already mentioned there's also a lot of confusion regarding RMS and its protocol support vs. Windows and supported SSL/TLS versions.

Christian