Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 12770 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update settings keep changing - Windows Server

rkymtnhigh

Hello all!

I've got a handful of Windows Server 2008 clients that keep changing their update settings automatically.

I've set up new policies, new installs of agents, but nothing seems to work.

This is only happening on a select few of my devices in the SEC.


Here is what happens:

The primary update server keeps changing AWAY from the specified policy value.

It goes from \\NETWORKSERVER01\SophosUpdate\.. to Sophos (I'm assuming some sort of cloud updating)

Of course then it fails to update and I get this message in the SEC:

ERROR: Could not find a source for updated packages

I can force it to comply with the update policy and run a manual update, which resolves the issue temporarily.

After some time, it seems to reset itself back to the plain 'Sophos' update location.

Any help is greatly appreciated.

RMH

:57624


This thread was automatically locked due to age.
  • 0

    Hello RMH,

    first of all

    [update location] Sophos (I'm assuming some sort of cloud updating)

    it is. For managed endpoints you can set it as Secondary only (and the license credentials are needed). IIRC Sophos is the default location with the stand-alone installer (for unmanaged endpoints).

    On a managed endpoint the update locations can't be changed with the GUI. I'd rule out a CID customized with sauconf.xml. "Something" overwriting iconn.cfg or (re-)setting the update location with a script??? Then this "something" would have to run (perhaps regularly) on all the affected servers.

    If you open %ProgramData%Sophos\AutoUpdate\Config\iconn.cfg - are UserName and UserPassword set?

    Christian

    :57641
  • 0

    Username and Password are both set to cryptic values.

    The update location is also set to http://es-web.sophos.com/update/

    This does not comply with my updating policy. It seems that something is changing these values on its own.

    Thanks for the help.

    :57647
  • 0
    Hello RMH,

    at least the user shouldn't be cryptic - it does not match your license user? The password is usually obfuscated.
    Anyway, the "something" is likely external, an installation or configuration does not fall back or otherwise modify itself.

    Christian
    :57649
Unfiltered HTML