Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 45072 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM updating problem. Error code 80040401.

msavignac

Server OS: Windows 2008 x64
Enterprise Console version 5.4.0 (installed 22/06/2016), but the problems began before the update.

Screenshot of Update Managers : http://imgur.com/dLmFWyJ

Error code 80040401 in SOPHOS_SERVER update manager details with description "Software Update fails".
It links to : https://www.sophos.com/en-us/support/knowledgebase/66111.aspx... but it's not a problem with my licence.
The credentials haven't change and we are subscribed until 2020.

Searching for the problem on Google linked to :
https://community.sophos.com/products/endpoint-security-control/f/3/t/5932

I looked at the latest MSI log file in %windir% \temp and I foud this weird entry :

 Info 25051.Failed to load the security ID for username or group SophosUpdateMgr on logon domain SOPHOS_SERVER.

SOPHOS_SERVER isn't the name of our domain, but we have a domain account SophosUpdateMgr that serves as the account to update our endpoints.

--------------


My application log file is full of those events. Any advice on how to fix that problem? 

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:02 PM
Event ID: 16422
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
Sophos Update Manager failed to update from product release 'Payload-SDDM' with version 65.1 as the installer returned an error: 1603
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="57344">16422</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:02.000Z" />
<EventRecordID>453912</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
<Data>Payload-SDDM</Data>
<Data>65.1</Data>
<Data>1603</Data>
</EventData>
</Event>

-----

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:02 PM
Event ID: 29
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
An updated version of Sophos Update Manager has been installed successfully.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="8192">29</EventID>
<Level>0</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:02.000Z" />
<EventRecordID>453911</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

-----

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:02 PM
Event ID: 4097
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
Sophos Update Manager has started up.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="24576">4097</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:02.000Z" />
<EventRecordID>453910</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
</EventData>
</Event>

-----

Log Name: Application
Source: SophosUpdateManager
Date: 6/22/2016 1:42:01 PM
Event ID: 16424
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SOPHOS_SERVER
Description:
Failed to update Sophos Update Manager because the installer returned error code 1603. The Sophos Update Manager service will be restarted.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="SophosUpdateManager" />
<EventID Qualifiers="57344">16424</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453909</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security />
</System>
<EventData>
<Data>1603</Data>
</EventData>
</Event>

------

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:42:01 PM
Event ID: 1042
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Ending a Windows Installer transaction: C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi.

Client Process Id: 19884.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1042</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453908</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi</Data>
<Data>19884</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

-----

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:42:01 PM
Event ID: 1035
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Windows Installer reconfigured the product. Product Name: Sophos Update Manager. Product Version: 1.6.0.2264. Product Language: 1033. Reconfiguration success or error status: 1603.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1035</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453907</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>Sophos Update Manager</Data>
<Data>1.6.0.2264</Data>
<Data>1033</Data>
<Data>1603</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>7B32433741383244422D363942432D343139382D414332362D4242383632463142453444307D</Binary>
</EventData>
</Event>

-----

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:42:01 PM
Event ID: 11729
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Product: Sophos Update Manager -- Configuration failed.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11729</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:42:01.000Z" />
<EventRecordID>453906</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>Product: Sophos Update Manager -- Configuration failed.</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>7B32433741383244422D363942432D343139382D414332362D4242383632463142453444307D</Binary>
</EventData>
</Event>

-----

Log Name: Application
Source: MsiInstaller
Date: 6/22/2016 1:41:36 PM
Event ID: 1040
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: SOPHOS_SERVER
Description:
Beginning a Windows Installer transaction: C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi. Client Process Id: 19884.
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">1040</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-06-22T17:41:36.000Z" />
<EventRecordID>453905</EventRecordID>
<Channel>Application</Channel>
<Computer>SOPHOS_SERVER</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi</Data>
<Data>19884</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>(NULL)</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>



This thread was automatically locked due to age.
  • 0 in reply to Jean-FrançoisDoyon

    In desperation, I edited UserName and UserData under EE\Maintenance Tools in the registry, did not help.

    So I ended up editing the non-Sophos key, under Windows\CurrentVersion\... and lo and behold, it worked!

    Can't for the life of me figure how the localmachine and default username ended up in there ...

    I do note that I tried to reinstall the console, and it only asked me for a DB account, but not a SUM account (like the OP). I wonder if the last console upgrade did something funky/buggy?

  • 0 in reply to Jean-FrançoisDoyon

    Hello Jean-FrançoisDoyon,

    it only asked me for a DB account
    AFAIK this was always the case. Changing the DB account is possible because SQL uses the security group. The SUM account is used in the file system's ACLs and the updating policies and it's not evident what effects a change should have.
    the last console upgrade
    I didn't find a significant change in the MSI and I'd rather assume that the inconsistency has been introduced in the past - can't say why it surfaces just now though. Anyway, this is speculation. That only the \Uninstall\ key worked is no surprise as the error is raised in the Installer.

    The issue is murky, it doesn't seem to be a general problem though. So, thanks for reporting your incident a how you solved it.

    Christian 

  • 0

    Has it been resolved?

    The location of the value that needs to be changed is in:

    HKLM\Software\wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\{2C7A82DB-69BC-4198-AC26-BB862F1BE4D0}

    Change the Userdata. (Format is Local\Domain ComputerName;UserDomain;UserName;0;)

    The UserDomain can be the ComputerName if the user is local. So a default install on a SEC server called "Sophos" would be:

    Sophos;Sophos;SophosUpdateMgr;0;

    Once modified trigger a SUM update to complete the upgrade.

    If it doesn't and assuming you still have the directory fetched by SUM to upgrade itself -

    MsiExec /i "C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi"  REINSTALLMODE=vdmus REINSTALL=ALL SELFUPDATE=1 REBOOT=ReallySuppress /l*v C:\VerboseSUMSelfUpdate.txt

    Let us know if this helps!

  • 0

    Everyone, 

     

    I was able to solve this issue by editing the username in C:\Program Files (x86)\Sophos\Update Manager\system.xml and re-running the update. This value apparently does NOT change if you rename the server after installing Update Manger.

  • 0 in reply to AustinPatterson

    Hi Austin,

    That is expected behavior because if you change the domain name, computer name, network type or OS when the Enterprise Console is installed, it becomes an unsupported scenario. 

    Reference - https://community.sophos.com/kb/en-us/119532

    Thanks,

    Vikas

Unfiltered HTML