This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uninstalling the Sophos Management Server

Hi,

I'm attempting to uninstall the Sophos Management Server 5.2.1 from Windows Server 2012 R2 but the uninstaller only gets so far and then rolls back on itself.

I had been following: https://www.sophos.com/en-us/support/knowledgebase/116912.aspx

I realise this is intended for version 5.1 but I was just loosely following the order in which to uninstall the separate components.  However, when I get to the Management Server component it fails there and I'm just left with a some events in the Event Viewer saying the services like the sophos patch server communicator, sophos patch endpoint orchestrator, sophos patch endpoint communicator "were unable to log on as Domain\Sophosadmin with the currently configured password due to the following error: The user name or password is incorrect." with other associated events such as these services failed to start and terminated unexpectedly. 

I've attempted to reset the password for the SophosAdmin account and restart them, and they start again fine but when I run the uninstaller again the same things happen, they seem to forget the password and around in a loop it goes again.

I've looked around the various support documents but am unable to find any more detailed information on to try next.  Any help would be much appreciated.

Thanks

Tom



This thread was automatically locked due to age.
Parents
  • Just to add a little more on the configuration of this server. It's a virtual server running under VMware ESXi 5.5, and I did have a fair amount of trouble actually getting The Sophos Enterprise Console to work and login when I first installed it. I did spend some time on the phone with Sophos technical support, supplying the logs from the Sophos Diagnostic Utility and while they didn't actually manage to fix the problem for me directly and the support on the issue eventually seemed to slow down and dry up, in the end I did manage to get it working only after fiddling around with things for a number of days, it eventually decided to login correctly. At the time it did appear to be some sort of network issue. Perhaps something to do with the hypervisor.

    I guess it's also worth mentioning that they do advise that it's not recommended to install the enterprise console on the server.

    I have again run the SDU and it collects a huge amount of logging information. Perhaps someone could just give me a hint of where to start with that? What log to start looking at first?

    Again, thanks for any help anyone might be able to provide.

    Tom
Reply
  • Just to add a little more on the configuration of this server. It's a virtual server running under VMware ESXi 5.5, and I did have a fair amount of trouble actually getting The Sophos Enterprise Console to work and login when I first installed it. I did spend some time on the phone with Sophos technical support, supplying the logs from the Sophos Diagnostic Utility and while they didn't actually manage to fix the problem for me directly and the support on the issue eventually seemed to slow down and dry up, in the end I did manage to get it working only after fiddling around with things for a number of days, it eventually decided to login correctly. At the time it did appear to be some sort of network issue. Perhaps something to do with the hypervisor.

    I guess it's also worth mentioning that they do advise that it's not recommended to install the enterprise console on the server.

    I have again run the SDU and it collects a huge amount of logging information. Perhaps someone could just give me a hint of where to start with that? What log to start looking at first?

    Again, thanks for any help anyone might be able to provide.

    Tom
Children
  • Hello Tom,

    the (Un-)Installer should (haven't uninstalled lately and can't test right now) write a log - usually in your %TEMP% directory. The details of the error which causes the uninstall to fail would be logged there. MSIxxxx.log logs are not collected by SDU.

    Christian

  • I took a look through some of the MSI logs in the temp folder and they seemed to be pointing out that it was still the update manager that couldn't be uninstalled because its in use by the management server which is what I'm trying to uninstall. I was also looking around various program files directories and found a few where I needed to grant myself permission which I did. I ran the uninstaller again in order to see if I could get some updated log information but the particular MSI logs I'm looking at didn't seem to update at all so I'm not entirely sure I'm looking at the right ones. However, the uninstall process did seem to have progressed on slightly. I noticed that one service had been marked for deletion (The Sophos management service) and 2 others, ones I mentioned before (the patch endpoint communicator and the patch server communicator) have actually disabled themselves.

    I need to spend a bit more time looking for the correct logs that show the uninstaller info but I also have some other stuff pending on this server now and I'm waiting for a window to reboot it too. It will be a week or so until I can get to that.

    Hopefully I can just keep progressing with this slowly and eventually remove the software cleanly. As of now these 2 components aren't actually causing me problems, just something I'd like to remove as they aren't in use. Thanks for the help so far.
  • Hello, I had this problem too. Logging in as the 'administrator' account and then performing the uninstall worked for me. I guess that it was originally installed using that account.

    Hope that helps!
  • I ended up disabling all the services relating to Sophos restarting the servers and then it didn't say it was locked.. If you can restart the server this might be worth trying?