Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 23635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Event 1026 Patch Data Loader

BMTDT

Hi,

I have been getting the 1026 Data loader error in event viewer similar to this

https://www.sophos.com/en-us/support/knowledgebase/116495.aspx

The Sophos Patch Assessment - Event Viewer says its out of date.

The windows event viewer contains access to path 'C:\ProgramData\Sophos\Sophos Endpoint Management\4.0\Updates\Secure\SDFs\SophosPA\PSRVR' is denied.

I have attempted to give access to the Sophos account with NTFS permissions. This only works for a few hours before it is automatically removed from permissions.

---Resutls from your knowledgebase -----

When i check if the folder exist, it does except the number 5 is a 4, so it appears something hasn't updated properly.

C:\ProgramData\Sophos\Sophos Endpoint Management\5.0\Updates\Secure\SDFs\SophosPA\PSRVR

The Sophos Patch Feed is in the task scheduler. It runs after triggered, repeat every 1 hour for a duration of 1 day.

When i run this tasks and it is 'Running' It doesn't appear in the task manager.

In the PLS folder there is 256 folders from 00 to FF. Each of these contain multiple folders that then contain pls files.

Any help would be great

:57484


This thread was automatically locked due to age.
  • 0

    Hello BMTDT,

    5 is a 4

    which version of SEC? For versions 5.1 to 5.3 the folder is 5.1. (the value SDFRootPath under HKLM\SOFTWARE\Wow6432Node\Sophos\EE\Products should point there).

    Christian

    :57501
  • 0

    Hi QC,

    I am running 5.3

    The registry value points to 4.

    To fix this do I simply change the registry value to 5.1?

    Thanks

    :57508
  • 0

    Hello BMTDT,

    do I simply change the registry value to 5.1?

    probably not. [I wrote:] For versions 5.1 to 5.3 the folder is 5.1 - this is not the whole truth. On the server I checked the first SEC was 5.1. On another server which initially had SEC 4.5 the folder is 4.5. Seems that this structure isn't moved with later upgrades. Thus the path is probably correct (you can also find it in SUM's config.xml). 

    As you've already read 116495 - any useful error messages in the PatchDataLoader.log or just the Access denied? The permissions should be inherited from %ProgramData%\Sophos\Sophos Endpoint Management\. But anyway ... the PLS folder is where? PatchDataLoader runs under the "Database Account" and has normally only read access to \PSRVR. Patch data should be downloaded to %ProgramData%\Sophos\Patch\.

    Last but not least - when did it stop working?

    Christian

    :57513
  • 0

    Where can I find the SUM's Config.xml file?

    Bellow is the message that appears in the PatchDataLodaer.log. 


    I had reset permissions to the PDATA folder but after a few hours it removed the SOPHOS ACCOUNT from the permissions.

    %ProgramData%\Sophos\Sophos Endpoint Management\ does have read permissions for Sophos Console Service Users group. Which includes Sophos account

    The Inheritance for Sophos Console Service Users stops at %ProgramData%\Sophos\Sophos Endpoint Management\4.0\

    The updates folder inside 4.0\ is read only (and doesn't inherant permissions)

    It would have stoped working after i updated to 5.3. 

    The PLS folder is at 

    %ProgramData%\Sophos\Patch\PatchDataLoader\Download\PLS

    Matt

    ____________________________________________________________________

    2015-06-10 11:02:00 | PID 10204 | TID 1 | ID: 3001 | Severity: info | Begin Sophos Patch Data Loader processing.-- Evidence --

    2015-06-10 11:02:01 | PID 10204 | TID 1 | ID: 1026 | Severity: error | Fatal exception. Abort processing.-- Sophos Exception Details --
    Source Message: Fatal error.
    Source:
    Source Timestamp: 10/06/2015 11:02:01 AM
    Source Machine: <SERVER>
    Source Exception Type: Sophos.NAC.Core.ExceptionManagement.EndForceException
    Source:
    Source App Domain: PatchDataLoader.exe
    Source Thread Id: 1
    Source Thread Identity:
    Source Win Identity: <DOMAIN>\SophosAccount
    Help Link:
    --Runtime Evidence--
    -- System Exception Details --(Contained Exception)
    Message: Access to the path 'C:\ProgramData\Sophos\Sophos Endpoint Management\4.0\Updates\Secure\SDFs\SophosPA\PSRVR\PDATA' is denied.
    Type: UnauthorizedAccessException
    Source: mscorlib
    Target: Void WinIOError(Int32, System.String)
    Help Link:

    :57531
  • 0

    Hello BMTDT,

    Config.xml

    is in SUM's program folder which could be %ProgramFiles(x86)%\Sophos\Enterprise Console\SUM\ for installations upgraded from 4.x or %ProgramFiles(x86)%\Sophos\Update Manager where 5.x was the initial version.

    The permissions I see are:

    • explicitly set at  ...\Sophos Endpoint Management\ and propagated - Full control for SYSTEM and Administrators,  Read & execute for Users and SCSU
    • on the system using \4.5\ the above Full permissions are in addition explicitly set with propagation at ...\4.5\Updates\
    • for the PLS folder Full control for Sys&adm and Modify for SCSU are inherited from %ProgramData%\Sophos\Patch\ 

    Guess the explicit settings for ...\4.0\Updates\ aren't necessary so I'd set (and propagate) the permissions according to the first item in the list above. Then check if a) PatchDataLoader.exe works as it should and b) the permissions stick. Just curious - from which version did you upgrade to 5.3?

    Christian   

    :57543
  • 0

    Hi Christian

    The closest I get to one of these folders is 

    C:\Program Files (x86)\Sophos\Enterprise Console\SUMInstaller

    Which contains a config file in 

    \Update Manager\config.xml

    This only contians,  log settings, ID, Maxage and Max size

    Permissions

    1. Correct

    2 Full permission are kept for System and Admin and users and SCSU do not appear in permissions

    3 Correct

    I have set the .../4.0/update folder to inherent permissions from 1.

    In the mean time it has resolved the error. However it could take up to a day to revert

    I updated from 5.2 which has been updated in the past.

    :57556
  • 0

    Hello BMTDT,

    SUMInstaller

    is the folder shared as SUMInstallSet, used to install additional SUMs. The location of SUM's program directory (which also contains SUM_Status.xml) depends on the upgrading history.

    ... fingers crossed ...

    Christian

    :57557
Unfiltered HTML