Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 27 replies
  • Answers 3 answers
  • Subscribers 7 subscribers
  • Views 44540 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.1

QC

Hello all,

seems that SEC 5.5.1 is in the works already (though naturally I can't say when exactly later this year will be).

Christian



This thread was automatically locked due to age.
Parents
  • 0

    Hello all,

    thought the upgrade (from 5.5.0) would be simple enough to do it even on a Friday (it's was shortly before 10am so it didn't fall under the no changes on Friday afternoon rule).
    Second time in a row it failed miserably (but only on one of the servers) [:)]. This time with a 1923 for the Management Service - can't say (and didn't care) why, perhaps a missing restart (real programmers don't follow the advice of some piece of software, do they?). After the restart and a second attempt it failed immediately - Database 5.5.1, Console 5.5.0, Server not installed. Similar fix as last time (uninstall Console), install completed. Then - Management Service failed to start due to failed database upgrade. Manual upgrade - bingo!
    Done with both servers and the remote consoles - still some time before noon.

    Christian

  • 0 in reply to QC

    Sweaaaaaaat !!! :) Like you said, It's Friday morning :)

    As usual ...

  • 0 in reply to Big_Buck

    Registery keys:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "Enabled"=dword:ffffffff
    "DisabledByDefault"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "Enabled"=dword:ffffffff
    "DisabledByDefault"=dword:00000000

  • 0 in reply to Big_Buck

    I assume you have seen the KBA's for the individual checks, for example:

    You don't have sufficient database rights
    https://community.sophos.com/kb/en-us/124245



  • 0 in reply to jak

    Thanks.  I seen that.  I am concentrating on the TLS issue first since solving it may also solve other issues ...

    But for now, in that KB they write :

    1. Launch a Command Prompt as the user who has the sysadmin Server Role

    2. Type the following and press return:

      sqlcmd -E -S .\sophos

      Note: This uses the default sophos instance on the local server. To confirm the instance you require see article 113030.

    3. At the prompt type the following to determine if the affected user has a Login, pressing Enter after each line:

      SELECT loginname FROM syslogins
      go

    4. Confirm whether the affected user is listed in the output

    5. If the user is listed go to step 7

    6. If the user is not listed type the following to add the user to the Logins, pressing Enter after each line:

    Well.  Nothing, but absolutely nothing in there works.

    I indeed have the registry key with (local)\SOPHOS registry key. (And not ".\SOPHOS key")

    sqlcmd -E -S .\sophos do not work

    sqlcmd -E -S (local)\sophos do not work

    Whatever the case, SELECT loginname FROM syslogins will not work either.  "syslogins" being wrong. Error near"-E"

    Another Sophos time sucker nightmare ...

  • 0 in reply to Big_Buck

    Presence of .\sophos is proven here ...

  • 0 in reply to Big_Buck

    So from the connections string it seems you're using the default SOPHOS named instance on the local computer.

    Are you saying that, in a command prompt:

    sqlcmd -E -S .\SOPHOS

    does not connect and you get an error?

    What about:

    sqlcmd -E -S hostname\SOPHOS

    Where you are changing "hostname" to the name of the computer.

    I assume that the Windows service that backs the SQL instance is running?

    Regards,

    Jak

     

     

     

  • 0 in reply to jak

    Hello. 

    First, domain admin account is really SA.

    Second, I tried the installer "As Administrator"

    Third, I did not tried with the server name, but I have tried with

    (local)\sophos
    .\sophos
    localhost\sophos
    127.0.0.1\sophos

  • 0 in reply to Big_Buck

    Any clue ? I posted a case two weeks ago now, and the only thing Sophos support have done so far is to send me the link for the instructions ... It is not because they did not have instructions on hand to guess easily I have been through those steps already ...

Reply
  • 0 in reply to Big_Buck

    Any clue ? I posted a case two weeks ago now, and the only thing Sophos support have done so far is to send me the link for the instructions ... It is not because they did not have instructions on hand to guess easily I have been through those steps already ...

Children
No Data
Unfiltered HTML