This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.x Certificate Renewal and Endpoints Got Disconnected - CRITICAL

Hi Everyone,

Recently I've renewed Sophos Enterprise Console (On Prem) Certificate following the document mentioned in below given link.

https://support.sophos.com/support/s/article/KB-000039357?language=en_US

Unfortunately they haven't mentioned to Disable Temper Protection before proceeding. I went through it and I've 2500 machines. If I go manually disabling Temper Protection and then run the VB script in given link then Protect again the endpoint. May kill me.

I need the best practice and quick solution to resolve this issue. Using any script or Group Policy.

I've also logged ticket with Sophos but they are also taking time.

Kindly advise ASAP if there's any solution.

Regards



This thread was automatically locked due to age.
Parents
  • Hello Faisal,

    Thank you for reaching the community forum. May we know on which process you're currently stuck? Have you tried rolling back the current changes you've applied to your SEC? What's the current status of you're manage endpoint? As you've mentioned, you've created a case for this. Can you DM me the case ID so that I can take a look? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • Hi GlennSen,

    I've reverted back the settings but unfortunately there's a relay SUM server which is now not updating the endpoints the rest SUM are updating. 

    The error I am getting from that relay SUM is. "Failed to install SAVXP: The MSI has failed (error code 00000067)"

    Sophos Search

    I am now running in a different issue :/

    Regards

  • Thank you for sharing this. You're getting the generic error code on one of your SUM servers. As the article advises, you may need to locate the logs of which component is producing this installation failure. Once you get the logs, you can share them with us to check further.

    About the Documentation which you've followed on renewing the certificate. We'll check with our Doc team to amend the content and add the line for Tamper protection. Though by default, any changes that need to be done to any Sophos endpoint manage device need tamper protection to be disabled. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
Reply
  • Thank you for sharing this. You're getting the generic error code on one of your SUM servers. As the article advises, you may need to locate the logs of which component is producing this installation failure. Once you get the logs, you can share them with us to check further.

    About the Documentation which you've followed on renewing the certificate. We'll check with our Doc team to amend the content and add the line for Tamper protection. Though by default, any changes that need to be done to any Sophos endpoint manage device need tamper protection to be disabled. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
Children
No Data