This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update from HTTP CID failing after updating to SAV 10.7.6 and SAU 5.10.139

Update from HTTP CID failing after updating to SAV 10.7.6 and SAU 5.10.139

Reinstalling the earlier version works fine.

Do I need to make a change to IIS?

 

I have a case logged with Sophos, just checking if anyone else has the same issue?



This thread was automatically locked due to age.
Parents
  • The irony of a component failing it's one and only job is not  funny in this case ... SAU 5.10.139 appears to be flakey!

    Needless to say we have the same issue here, and its not limited to a HTTP CID. What we have seen is that on any machine where SUM is installed with SAU 5.10.139 the update/install process flunks 100% of the time. This manifests with a stalled download on the 3rd download in the sequence and a high CPU usage for the ALUpdate.exe process.  As the downloads never complete, the installs never begin, and thus prevent the updates. The only way to stop the process also appears to be via the Task Manager, it does not end on it's own. This occurs regardless of if the CID is being accessed via HTTP, UNC or locally.

    The SUM itself maintains the warehouse and the CID's fine, but in terms of it's own Endpoint it is toast.

    This has been seen on the following:

    • O/S: Windows Server 2008 R2 and Windows Server 2012 R2
    • SAU: 5.10.139
    • SUM: 1.6.2.186.

    Sophos needs to fix/pull it urgently and devise some method to kill the hung download process so an endpoint can successfully update itself. Visiting 1000's of endpoints is not an option.

  • Hello DeanThompson,

    [I'm not Sophos]
    please open a case with Support, whatever the cause it doesn't seem to be a general issue. I have some 5000 endpoints among them more than 150 servers, mostly the ones you mention, with the Recommended subscription (thus SAU 5.10.139.139) - no problems of this kind.

    Christian

  • A little update.

     

    The endpoints are only able to connect to one of the HTTP CIDs. For this CID I deleted the SAVSCFXP folder during my initial testing to check SUM would recreate it. It took a couple of days for the HTTP to start working again.

    I did the same for the non-working CIDs yesterday. Hopefully, they start working tomorrow afternoon.

  • Hello Ahsan Amin,

    IIS is running on the server that hosts the CIDs? Once the update manager is idle (you can see it in the SUMTrace log) the CIDs should "work".

    Christian

  • SUM and SEC run on one server and IIS hosting the CIDs on another. I haven't figured out yet what copies the files from the SUM server to the IIS server. The guy who is off sick is in the process of starting from scratch on Server 2016, he's nearly done so we're hoping he'll be back soon :)

     

    Sophos also now have log files from various endpoints and servers.

  • Hi Amin,

    thank you very much! Deleting the SAVSCFXP folder resolved the issue for me. After doing so I forced the Update Manager server update and it immediately recreated the store. Clients then started downloading the files correctly and updated themselves to the correct version. Thank you again!

  • The recreated CIDs are now working OK but I now need a solution to fix all the Endpoints with are unable to connect. They can't be updated from the SEC.

    I'm hoping there is a file or two I can replace on the endpoint which will get them talking to the CID.

  • Hello Ahsan Amin,

    unable to connect
    do the have the correct (paths to the) CIDs in the updating policy or not? If the issue was with the contents of the CID they should start to update - depends on the updating interval how long it could take. If the path needs to be corrected this can be done by editing the policy  or assigning a different one.

    Christian

  • In my case I've waited for the computers to restart and meanwhile forced a Policy and software update. This seems to have solved most of the problematic devices and I am now looking ahead to fix those remaining.

  • It seems to me that the issue is with the use of a sauconf.xml in the CID.  This typically isn't required in a managed scenario, i.e SEC is managing the clients with RMS.  Do you know why it was added?  Maybe in error or when creating a custom package?

    If you remove the CID and let the Update Manager re-create it then it will not longer be present and hence this would appear to "fix" it.

    A comply with policy from SEC will trump a sauconf.xml unless SAU re-installs I believe.

    I suspect that the computers also showed differs from policy, if the sauconf.xml was breaking the password at the endpoint but certainly with sauconf.xml removed and a re-apply should fix it.

    Regards,
    Jak

Reply
  • It seems to me that the issue is with the use of a sauconf.xml in the CID.  This typically isn't required in a managed scenario, i.e SEC is managing the clients with RMS.  Do you know why it was added?  Maybe in error or when creating a custom package?

    If you remove the CID and let the Update Manager re-create it then it will not longer be present and hence this would appear to "fix" it.

    A comply with policy from SEC will trump a sauconf.xml unless SAU re-installs I believe.

    I suspect that the computers also showed differs from policy, if the sauconf.xml was breaking the password at the endpoint but certainly with sauconf.xml removed and a re-apply should fix it.

    Regards,
    Jak

Children
  • Another update ...

    Sophos connected remotely on Friday and advised a UNC CID should be primary, something about clients being unable to update from an HTTP CID. Demonstrated a client with SAU 5.7 updating from the HTTP CID as what he said didn't seem correct. However, the main priority was to get the clients stuck on SAU 5.10 working, so configured a UNC CID as primary and moved the HTTP to secondary. Once a client has updated to SAU 5.10 from the UNC CID it is able to connect to the HTTP CID.

    To recap, the issue only was with clients which updated to SAU 5.10 in the first day or two. Clients which updated later had no issues connecting to the HTTP CID.