Hello all,
seems that SEC 5.5.1 is in the works already (though naturally I can't say when exactly later this year will be).
Christian
This thread was automatically locked due to age.
Hello all,
seems that SEC 5.5.1 is in the works already (though naturally I can't say when exactly later this year will be).
Christian
Hello all,
thought the upgrade (from 5.5.0) would be simple enough to do it even on a Friday (it's was shortly before 10am so it didn't fall under the no changes on Friday afternoon rule).
Second time in a row it failed miserably (but only on one of the servers) [:)]. This time with a 1923 for the Management Service - can't say (and didn't care) why, perhaps a missing restart (real programmers don't follow the advice of some piece of software, do they?). After the restart and a second attempt it failed immediately - Database 5.5.1, Console 5.5.0, Server not installed. Similar fix as last time (uninstall Console), install completed. Then - Management Service failed to start due to failed database upgrade. Manual upgrade - bingo!
Done with both servers and the remote consoles - still some time before noon.
Christian
Some feedback.
I am logged as Domain Admin. After a very long time I had this on the install screen:
The command "CheckDBConnection -l" yields this :
C:\sec_551\ServerInstaller\CheckDBConnection>CheckDBConnection -l
Sophos Connectivity Verifier
5.5.1.955
Copyright 2000-2018 Sophos Limited. All rights reserved.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
TestDatabaseConnectionWithConnectionString 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;'
NewConnStr 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;;'
TestDatabaseConnectionWithConnectionString 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;Encrypt=yes;'
NewConnStr 'Server=.\SOPHOS;Database=master; Timeout=3; Trusted_Connection=Yes;Encrypt=yes;;'
(/) Operating system is ready to use TLS 1.2
(/) Installed .NET Framework supports TLS 1.2
Connection to the SQL Server established
(x) SQL Server instance does not support TLS 1.2
(x) SQL Server TCP/IP protocol detection failed
(/) There is a certificate installed that can be used with SQL Server
(/) SQL Server Native Client library supports TLS 1.2
Encrypted connection to the SQL Server cannot be established
Windows Server 2012 R2 - Standard Server - 6.3.9600.0 - 6 -
SOPHOS - 11.0.7462.6 - SP4-GDR -
Corindon WSUS
Client Library information:
sm - SQLNCLI11 - 11.0.7462
tcp - SQLNCLI11 - 11.0.7462
np - SQLNCLI11 - 11.0.7462
tcp - SQLNCLI11 - 11.0.7462.6
C:\sec_551\ServerInstaller\CheckDBConnection>
I still have both errors:
(x) SQL Server instance does not support TLS 1.2
(x) SQL Server TCP/IP protocol detection failed.
Both of these errors are wrong.
It was soooo easy to upgrade and maintain Symantec SEC. Why I have done that ultra stupid decision to migrate to something else ?
Registery keys:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
Thanks. I seen that. I am concentrating on the TLS issue first since solving it may also solve other issues ...
But for now, in that KB they write :
sqlcmd -E -S .\sophos
SELECT loginname FROM syslogins
go
Well. Nothing, but absolutely nothing in there works.
I indeed have the registry key with (local)\SOPHOS registry key. (And not ".\SOPHOS key")
sqlcmd -E -S .\sophos do not work
sqlcmd -E -S (local)\sophos do not work
Whatever the case, SELECT loginname FROM syslogins will not work either. "syslogins" being wrong. Error near"-E"
Another Sophos time sucker nightmare ...
So from the connections string it seems you're using the default SOPHOS named instance on the local computer.
Are you saying that, in a command prompt:
sqlcmd -E -S .\SOPHOS
does not connect and you get an error?
What about:
sqlcmd -E -S hostname\SOPHOS
Where you are changing "hostname" to the name of the computer.
I assume that the Windows service that backs the SQL instance is running?
Regards,
Jak
Any clue ? I posted a case two weeks ago now, and the only thing Sophos support have done so far is to send me the link for the instructions ... It is not because they did not have instructions on hand to guess easily I have been through those steps already ...