Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 10081 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus secondary update location do not seem to work

registremblay lefrancois

Hello everyone,

I stumbled upon a problem that am not able to explain.

I configured new computers with Sophos clients reporting to RMS which should update from a primary location (unc share) and a secondary location (Sophos). 

Those computers were then moved to a remote location with no access whatsoever to the primary update location. For some reason, the client do not fall-back to the secondary update location and fail to update.

The message I get in SEC is Download of Sophos AutoUpdate failed from server <local share>

As anyone have any ideas?

Thank you,



This thread was automatically locked due to age.
  • 0

    Hello regis tremblay lefrancois,

    (First of all, on the endpoints you'll see after some time that updating failed because RMS can't be updated from Sophos - this is confusing but normal)

    no access whatsoever to the primary update location
    but RMS can connect to the management server?

    Update errors on the Primary are always be reported to the console. Normally if the Primary is a UNC-path it's supposed to work. If it can't be accessed because the endpoint is remote there's normally also no RMS connectivity and no error. When the endpoint checks in the error might be reported but should be cleared with the next successful (local) update.
    Failure of the Secondary location is shown as such - the last error in an update cycle makes it to the console, the last for a product to the computer details, thus if an error for the Primary is seen it implies that updating from the Secondary succeeded.

    Christian

  • 0 in reply to QC

    Thank you Christian,

    Yeah I king of exaggerated a little bit about the "no network" part.

    What I meant was, no VPN/MPLS, so they can't connect to the primary UNC update server. The only network available for the remote clients is the internet connection. They are configured to pass through a message relay which is located at our HQ.

    So if I understand correctly, it's normal that we see update errors since the clients can't report back the successful update from the Secondary Server?

    From what I see in SEC, those remote clients have version 10.3.15 of AV and my local clients all have 10.6.3, so it seems to me that the update did not worked.

    By the way, here's the doc I followed for MRS : www.sophos.com/.../50832.aspx

  • 0 in reply to registremblay lefrancois

    Hello r.t.lef.,

    a Primary error implies, as said, sucessful update from Secondary (if there's no Secondary defined there would be a different message).

    The endpoints updating from Sophos get 10.3 as long as it's available (or they haven't upgraded while "at home"). The warehouse can't tell which subscription is in use at your site.

    Christian

  • 0 in reply to registremblay lefrancois

    Hello regis tremblay lefrancois,

    don't mention it. Two additions and one more thing:

    If updating fails completely the error is 0x00000071 ERROR: Could not find a source for updated packages

    Endpoints updating from Sophos aren't upgraded to a new version as soon as it becomes available as their "home" site might use the Previous Recommended or a Fixed subscription. The endpoints would then upgrade when updating from Sophos only to subsequently downgrade when they're at home.

    If your "remote" endpoints' RMS can connect, have not yet upgraded to the latest (10.6) version and you have not also subscribed to the previous version (10.3.15) they'll show Unknown for Up to date as the console has no information about the current contents of this package.

    Christian

Unfiltered HTML