This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.1

Hello all,

seems that SEC 5.5.1 is in the works already (though naturally I can't say when exactly later this year will be).

Christian



This thread was automatically locked due to age.
Parents
  • Hello all,

    thought the upgrade (from 5.5.0) would be simple enough to do it even on a Friday (it's was shortly before 10am so it didn't fall under the no changes on Friday afternoon rule).
    Second time in a row it failed miserably (but only on one of the servers) [:)]. This time with a 1923 for the Management Service - can't say (and didn't care) why, perhaps a missing restart (real programmers don't follow the advice of some piece of software, do they?). After the restart and a second attempt it failed immediately - Database 5.5.1, Console 5.5.0, Server not installed. Similar fix as last time (uninstall Console), install completed. Then - Management Service failed to start due to failed database upgrade. Manual upgrade - bingo!
    Done with both servers and the remote consoles - still some time before noon.

    Christian

  • Sweaaaaaaat !!! :) Like you said, It's Friday morning :)

    As usual ...

  • Hello ,

    As usual
    been there before? Can't remember what's supposed to happen after yo click Next, too long ago [;)].
    Seriously, I think I just leave it alone, doing something else checking in later to asses the progress and success or failure (this thing maybe doesn't like to be watched). It should record its progress in %ProgramData%\Sophos\Management Installer\Sophos_bootstrapper.... and potential MSI logs should also be there. There might be a prompt waiting hidden by some window. Clicking on the "correct" taskbar icon might bring it to front.

    Christian

  • Some feedback.

    I am logged as Domain Admin. After a very long time I had this on the install screen:

     

    The command "CheckDBConnection -l" yields this :

    C:\sec_551\ServerInstaller\CheckDBConnection>CheckDBConnection -l
    Sophos Connectivity Verifier
    5.5.1.955
    Copyright 2000-2018 Sophos Limited. All rights reserved.
    Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
    TestDatabaseConnectionWithConnectionString 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;'
    NewConnStr 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;;'
    TestDatabaseConnectionWithConnectionString 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;Encrypt=yes;'
    NewConnStr 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;Encrypt=yes;;'
    (/) Operating system is ready to use TLS 1.2
    (/) Installed .NET Framework supports TLS 1.2
    Connection to the SQL Server established
    (x) SQL Server instance does not support TLS 1.2
    (x) SQL Server TCP/IP protocol detection failed
    (/) There is a certificate installed that can be used with SQL Server
    (/) SQL Server Native Client library supports TLS 1.2
    Encrypted connection to the SQL Server cannot be established
    Windows Server 2012 R2 - Standard Server - 6.3.9600.0 - 6 -
    SOPHOS - 11.0.7462.6 - SP4-GDR -
    Corindon WSUS
    Client Library information:
    sm - SQLNCLI11 - 11.0.7462
    tcp - SQLNCLI11 - 11.0.7462
    np - SQLNCLI11 - 11.0.7462
    tcp - SQLNCLI11 - 11.0.7462.6
    C:\sec_551\ServerInstaller\CheckDBConnection>

    I still have both errors:

    (x) SQL Server instance does not support TLS 1.2
    (x) SQL Server TCP/IP protocol detection failed.

    Both of these errors are wrong.

    It was soooo easy to upgrade and maintain Symantec SEC.  Why I have done that ultra stupid decision to migrate to something else ?

  • Registery keys:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "Enabled"=dword:ffffffff
    "DisabledByDefault"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "Enabled"=dword:ffffffff
    "DisabledByDefault"=dword:00000000

  • I assume you have seen the KBA's for the individual checks, for example:

    You don't have sufficient database rights
    https://community.sophos.com/kb/en-us/124245



  • Thanks.  I seen that.  I am concentrating on the TLS issue first since solving it may also solve other issues ...

    But for now, in that KB they write :

    1. Launch a Command Prompt as the user who has the sysadmin Server Role

    2. Type the following and press return:

      sqlcmd -E -S .\sophos

      Note: This uses the default sophos instance on the local server. To confirm the instance you require see article 113030.

    3. At the prompt type the following to determine if the affected user has a Login, pressing Enter after each line:

      SELECT loginname FROM syslogins
      go

    4. Confirm whether the affected user is listed in the output

    5. If the user is listed go to step 7

    6. If the user is not listed type the following to add the user to the Logins, pressing Enter after each line:

    Well.  Nothing, but absolutely nothing in there works.

    I indeed have the registry key with (local)\SOPHOS registry key. (And not ".\SOPHOS key")

    sqlcmd -E -S .\sophos do not work

    sqlcmd -E -S (local)\sophos do not work

    Whatever the case, SELECT loginname FROM syslogins will not work either.  "syslogins" being wrong. Error near"-E"

    Another Sophos time sucker nightmare ...

  • Presence of .\sophos is proven here ...

Reply Children
No Data