Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC server migration from W2008 to W2016 has stopped SUM communicating with Sophos.

Cameron Todd

Hi,

I have been tasked with removing old OS platforms from our internal environment and have built a Win2016 server (02) to migrate our existing (and sole) SEC management server role (01) across to. I followed the server to server migration guide (install database component, migrate database and CA, repoint all endpoints etc) however, the one intractable problem I appear to have is that the new SEC server is not getting any updates from Sophos. The ubiquitous 80040401|0402|0406 errors are in the Update Manager log details on every update attempt.

I rechecked the subscription credentials (no authentication failure evident?) and I deleted the contents of the Working\ and Update Manager\Warehouse\ folders but both remain completely empty when I invoke subsequent Update requests. 

I checked with my firewall admin colleagues and there are connection requests going out to Sophos servers (two IP addresses 99.84.224.44, 23.32.52.109) on port 443 but don't appear to be responses/files coming back from Sophos.

I did see the version of SUM initially went from 1.6.x.. to 1.7.1.19, so some communication must have been successful?

Is it possible that the Sophos server end is refusing to authenticate my new server (same internal subnet but different host IP to the previous - formerly working - parent SUM host) even though the subscription login credentials are valid? The Recommended subscription is unchanged, also updating policies.

I assume by following all the migration guide steps that all the config of the previous host was moved and activated intact on the new host?

Thanks,

Cameron



This thread was automatically locked due to age.
Parents
  • +1

    Hello Cameron,

    SUM initially went from 1.6.x.. to 1.7.1.19, so some communication must have been successful?
    Correct. This suggests that a) the connection could be established and b) the credentials have been accepted. As far as communication with the backend (Sophos) is concerned it should work.

    I see: Last successful download - Never and Could not read from the update source location. The LogViewer says: Cannot create stream - haven't seen posts regarding this error lately (a knowledgebase article suggests credentials or firewall issues as cause but I thin these can be ruled out as SUM has updated). Could you post a relevant part of the SUMTrace log? If there is some useful information it's in the lines around the first occurrence in an update cycle of Cannot create stream.

    There are some posts that "blame" permissions on the \Warehouse\ folder, please see here.  

    Christian

  • 0 in reply to QC

    Hi Cameron,

     

    In addition to Christian`s workaround, I would like to add a few troubleshooting steps here.

    From the screen capture above, we could see that "Sync to the cloud server is failing" and the error shows "could not contact update location",

    Please double-check and confirm the username and password you are entering is correct and then Sophos Domains are not blocked by your firewall.

    You can see the knowledgebase article here and see if that helps,

    SAJ
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to SAJ

    thanks, the firewall guys insist that everything is fully open for my new host in order to do the current debugging and suggested there may be something wrong at the Sophos end given I changed to a different Host IP for this new client end server. Their wireshark trace did not show traffic returning as a response to my host's connection requests.

    I assumed the credentials for our SUM account are correct and unchanged as when i try to use any incorrect ones I get an authentication failure message, quickly, in the Update Manager details.

    I will certainly do these tests (as linked) to manually confirm the accessibility of the listed Sophos hosts, but am out of the office until Friday, now.

     

    regards

    Cameron. 

Reply
  • 0 in reply to SAJ

    thanks, the firewall guys insist that everything is fully open for my new host in order to do the current debugging and suggested there may be something wrong at the Sophos end given I changed to a different Host IP for this new client end server. Their wireshark trace did not show traffic returning as a response to my host's connection requests.

    I assumed the credentials for our SUM account are correct and unchanged as when i try to use any incorrect ones I get an authentication failure message, quickly, in the Update Manager details.

    I will certainly do these tests (as linked) to manually confirm the accessibility of the listed Sophos hosts, but am out of the office until Friday, now.

     

    regards

    Cameron. 

Children
No Data
Unfiltered HTML