Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 45072 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM updating problem. Error code 80040401.

msavignac

Server OS: Windows 2008 x64
Enterprise Console version 5.4.0 (installed 22/06/2016), but the problems began before the update.

Screenshot of Update Managers : http://imgur.com/dLmFWyJ

Error code 80040401 in SOPHOS_SERVER update manager details with description "Software Update fails".
It links to : https://www.sophos.com/en-us/support/knowledgebase/66111.aspx... but it's not a problem with my licence.
The credentials haven't change and we are subscribed until 2020.

Searching for the problem on Google linked to :
https://community.sophos.com/products/endpoint-security-control/f/3/t/5932

I looked at the latest MSI log file in %windir% \temp and I foud this weird entry :

 Info 25051.Failed to load the security ID for username or group SophosUpdateMgr on logon domain SOPHOS_SERVER.

SOPHOS_SERVER isn't the name of our domain, but we have a domain account SophosUpdateMgr that serves as the account to update our endpoints.

--------------


My application log file is full of those events. Any advice on how to fix that problem? 

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:02 PM
Event ID: 16422
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
Sophos Update Manager failed to update from product release 'Payload-SDDM' with version 65.1 as the installer returned an error: 1603
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="57344">16422</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:02.000Z" />
<EventRecordID>453912</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
<Data>Payload-SDDM</Data>
<Data>65.1</Data>
<Data>1603</Data>
</EventData>
</Event>

-----

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:02 PM
Event ID: 29
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
An updated version of Sophos Update Manager has been installed successfully.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="8192">29</EventID>
<Level>0</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:02.000Z" />
<EventRecordID>453911</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

-----

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:02 PM
Event ID: 4097
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
Sophos Update Manager has started up.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="24576">4097</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:02.000Z" />
<EventRecordID>453910</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

-----

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:01 PM
Event ID: 16424
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
Failed to update Sophos Update Manager because the installer returned error code 1603. The Sophos Update Manager service will be restarted.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="57344">16424</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453909</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
<Data>1603</Data>
</EventData>
</Event>

------

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:42:01 PM
Event ID: 1042
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Ending a Windows Installer transaction: C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi.

Client Process Id: 19884.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1042</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453908</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi</Data>
<Data>19884</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

-----

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:42:01 PM
Event ID: 1035
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Windows Installer reconfigured the product. Product Name: Sophos Update Manager. Product Version: 1.6.0.2264. Product Language: 1033. Reconfiguration success or error status: 1603.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1035</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453907</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>Sophos Update Manager</Data>
<Data>1.6.0.2264</Data>
<Data>1033</Data>
<Data>1603</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>7B32433741383244422D363942432D343139382D414332362D4242383632463142453444307D</Binary>
</EventData>
</Event>

-----

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:42:01 PM
Event ID: 11729
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Product: Sophos Update Manager -- Configuration failed.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11729</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453906</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>Product: Sophos Update Manager -- Configuration failed.</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>7B32433741383244422D363942432D343139382D414332362D4242383632463142453444307D</Binary>
</EventData>
</Event>

-----

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:41:36 PM
Event ID: 1040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Beginning a Windows Installer transaction: C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi. Client Process Id: 19884.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1040</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:41:36.000Z" />
<EventRecordID>453905</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi</Data>
<Data>19884</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    I have basically the exact same problem, with the same cause and message in the MSI log ... SEC 5.4 on 2008R2 64-bits, and the SUM update fails with 1603.

    The reg key and the system.xml both were referring to the local machine name and a local user account that don't exist MACHINENAME\SophosUpdateMgr. Could be the local account was later deleted, but I suspect not ... I'm pretty sure I did this a while back ...

    I used the obfuscation tool and instructions to update system.xml with the correct domain\username (domainname\username, where username is NOT SophosUpdateMgr) and the obfuscated password. Restarted the SUM service, but no dice, still the same problem. Rebooted the machine, still nothing.

    The default updating policy for endpoints DOES have the correct credential, and endpoints are using that account without issue and getting definition files OK.

    The directory containing CIDs and Warehouse has the proper permission (read/execute) for the right user account.

    Current SUM version 1.5.8.11.

    Help?? Thanks!

Reply
  • 0

    Hello,

    I have basically the exact same problem, with the same cause and message in the MSI log ... SEC 5.4 on 2008R2 64-bits, and the SUM update fails with 1603.

    The reg key and the system.xml both were referring to the local machine name and a local user account that don't exist MACHINENAME\SophosUpdateMgr. Could be the local account was later deleted, but I suspect not ... I'm pretty sure I did this a while back ...

    I used the obfuscation tool and instructions to update system.xml with the correct domain\username (domainname\username, where username is NOT SophosUpdateMgr) and the obfuscated password. Restarted the SUM service, but no dice, still the same problem. Rebooted the machine, still nothing.

    The default updating policy for endpoints DOES have the correct credential, and endpoints are using that account without issue and getting definition files OK.

    The directory containing CIDs and Warehouse has the proper permission (read/execute) for the right user account.

    Current SUM version 1.5.8.11.

    Help?? Thanks!

Children
  • 0 in reply to Jean-FrançoisDoyon

    In desperation, I edited UserName and UserData under EE\Maintenance Tools in the registry, did not help.

    So I ended up editing the non-Sophos key, under Windows\CurrentVersion\... and lo and behold, it worked!

    Can't for the life of me figure how the localmachine and default username ended up in there ...

    I do note that I tried to reinstall the console, and it only asked me for a DB account, but not a SUM account (like the OP). I wonder if the last console upgrade did something funky/buggy?

  • 0 in reply to Jean-FrançoisDoyon

    Hello Jean-FrançoisDoyon,

    it only asked me for a DB account
    AFAIK this was always the case. Changing the DB account is possible because SQL uses the security group. The SUM account is used in the file system's ACLs and the updating policies and it's not evident what effects a change should have.
    the last console upgrade
    I didn't find a significant change in the MSI and I'd rather assume that the inconsistency has been introduced in the past - can't say why it surfaces just now though. Anyway, this is speculation. That only the \Uninstall\ key worked is no surprise as the error is raised in the Installer.

    The issue is murky, it doesn't seem to be a general problem though. So, thanks for reporting your incident a how you solved it.

    Christian 

Unfiltered HTML