Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Hi, ime trying to install Sophos Endpoint for the first Time on a pretty fresh Installation of Win 10 1809.
The installation fails within a Second without showing the Gui or an Proper Error in the Logs
There is not Firewall or other AV installed.
Here is the Log and a Record of Proccess Monitor in multiply Formats showing everything the installer exe did > mega.nz/
Please copy paste the Cloud installer logs from the following location in this thread
In reply to AJ Singh:
Allready did so?
In reply to Playa Mizusy:
Apologies, I didn't noticed that you have uploaded the cloud installer logs as well. I checked the logs and it seems like endpoint is failing to connect to sophos servers
Please whitelist sophos domains as per below KB article https://community.sophos.com/kb/en-us/121936Also, for testing perspective, Please connect your endpoint to mobile hotspot and trying running the installer again
There are no Firewalls, UTMs or other mechanism that could interrupt the connection to the Servers. Ime only using the Cloudflare DNS but that shouldent be the Problem.
To be sure i tried it with a Mobile Hotspot (no vpns, proxys and stuff there aswell) but the Log showed exactly the same.
I cant imagine the Source of this Problem, the installer is Freshly downloaded from the Central.
For a test i even downloaded the Stage 2 installer manually to be sure that works.
Hello Playa Mizusy
Ensure that you have installed all of the current Windows updates on this server.
Another thing to check, as the new installer checks for certs:Open up mmc > File > Add Snap-in > Certificates > Computer account > OK.. OK... OK..Expand certificates > Trusted Root Certification Authorities and compare with a machine that does install. Add any certs that are missing.
Once added, try installing again.
In reply to DianneY:
>Up to Date
>Imported all Certs from the other PC
Dident work, everything is the same.
To be sure i deleted every File and Reg Entry containing "Sophos", but that dident help.
BTW, its an Desktop not a Server
Hello Playa Mizusy
Send us the newest CloudInstaller log, maybe something has changed in it since the last change you have made?
EDIT: Also check to see if UAC is set to HIGH. I've seen that that was the issue a couple of times.
UAC is set to the lowest Value.
Here is the Log, the last Lines seem identical
2019-06-12T19:21:57.3374465Z INFO : Stage 1 command-line options:
2019-06-12T19:21:57.3374465Z INFO : ---
2019-06-12T19:21:57.3374465Z INFO : Quiet mode on: 0
2019-06-12T19:21:57.3374465Z INFO : Automatic Proxy detection disabled: 0
2019-06-12T19:21:57.3374465Z INFO : No feedback mode on: 0
2019-06-12T19:21:57.3374465Z INFO : Dump feedback enabled: 0
2019-06-12T19:21:57.3374465Z INFO : Bypass competitor removal: 0
2019-06-12T19:21:57.3384449Z INFO : Using CRT catalog file path: --
2019-06-12T19:21:57.3384449Z INFO : Only register endpoint with Central: 0
2019-06-12T19:21:57.3394445Z INFO : Log messages between endpoint and Central: 0
2019-06-12T19:21:57.3394445Z INFO : Log command-line passed to executables: 0
2019-06-12T19:21:57.3394445Z INFO : Using custom server: --
2019-06-12T19:21:57.3394445Z INFO : Using custom stage 2 filename: --
2019-06-12T19:21:57.3394445Z INFO : Using cloud user: --
2019-06-12T19:21:57.3394445Z INFO : Using cloud group: --
2019-06-12T19:21:57.3394445Z INFO : Overriding computer name: --
2019-06-12T19:21:57.3394445Z INFO : Overriding computer description: --
2019-06-12T19:21:57.3394445Z INFO : Overriding domain name: --
2019-06-12T19:21:57.3394445Z INFO : Language will be set to: --
2019-06-12T19:21:57.3394445Z INFO : Using message relays: --
2019-06-12T19:21:57.3404434Z INFO : Proxy address: --
2019-06-12T19:21:57.3404434Z INFO : Proxy user name: --
2019-06-12T19:21:57.3404434Z INFO : Using custom customer token: --
2019-06-12T19:21:57.3404434Z INFO : Using specified products: --
2019-06-12T19:21:57.3404434Z INFO : Using certificates from the MCS app data folder: 0
2019-06-12T19:21:57.3404434Z INFO : ---
2019-06-12T19:21:57.3464405Z INFO : Sending HTTP 'GET' request to: full/central/windows/business/installer/latest.tar.gz
2019-06-12T19:21:57.3504365Z WARNING : WinHttpGetProxyForUrl returned: 12180
2019-06-12T19:21:57.3504365Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2019-06-12T19:21:57.3514369Z INFO : Set security protocol: 00000800
2019-06-12T19:21:57.3514369Z INFO : Opening connection to downloads.sophos.com
2019-06-12T19:21:57.3514369Z INFO : Request content size: 0
Just an Idea, can i maybe run the Stage 2 Installer without the Stage 1 Installer?
Downloading from http://downloads.sophos.com/full/central/windows/business/installer/latest.tar.gz works fine in my Bowser, just the installer seems to fail
That's probably not recommended since Stage 1 also gets information like Management Communications System (MCS) server instance it connects to, a registration token and where to get the stage 2 installer. You might want to check Application Event Logs to see if there are any crashes logged there. Please raise a Support case to have this issue reviewed further, and be ready to provide SDU logs (after gathering all requested logs), a Process Monitor Log (All Events, saved as PML), and possibly a Wireshark capture while running the installation.