Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 17 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 5954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

software update failed

Fiona Johnson

Hello

 

We have two update managers and both are reporting as Software update failed. I only noticed today but it seems to be there for a few weeks. When i check the log viewer it gives the following

 

06/02/2020 16:22:28 Error Sophos Update Manager failed to update from product release 'Payload-SDDM' with version 84.18 as the installer returned an error: 1603

 

In the %windir%temp% i find the following error messages in the MSI logs

 

Property(S): IS_NET_API_LOGON_USERNAME_TOKEN = SophosUpdateMgr
Property(S): InstallShieldTempProp = 0
MSI (s) (68:E8) [15:24:09:153]: Note: 1: 1729
MSI (s) (68:E8) [15:24:09:153]: Product: Sophos Update Manager -- Configuration failed.

MSI (s) (68:E8) [15:24:09:153]: Windows Installer reconfigured the product. Product Name: Sophos Update Manager. Product Version: 1.7.1.19. Product Language: 1033. Manufacturer: Sophos Limited. Reconfiguration success or error status: 1603.

MSI (s) (68:E8) [15:24:09:153]: Closing MSIHANDLE (1) of type 790542 for thread 3304
MSI (s) (68:E8) [15:24:09:185]: Deferring clean up of packages/files, if any exist
MSI (s) (68:E8) [15:24:09:185]: MainEngineThread is returning 1603
MSI (s) (68:0C) [15:24:09:185]: No System Restore sequence number for this installation.
=== Logging stopped: 06/02/2020 15:24:09 ===
MSI (s) (68:0C) [15:24:09:185]: User policy value 'DisableRollback' is 0
MSI (s) (68:0C) [15:24:09:185]: Machine policy value 'DisableRollback' is 0
MSI (s) (68:0C) [15:24:09:185]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (68:0C) [15:24:09:185]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (68:0C) [15:24:09:185]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (68:0C) [15:24:09:185]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (68:0C) [15:24:09:185]: Destroying RemoteAPI object.
MSI (s) (68:74) [15:24:09:185]: Custom Action Manager thread ending.
MSI (c) (D8:E4) [15:24:09:185]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (D8:E4) [15:24:09:185]: MainEngineThread is returning 1603
=== Verbose logging stopped: 06/02/2020 15:24:09 ===

 

I checked and the latest ides are there from today. Does anyone have any idea what could be causing this issue?

 

 

Thanks



This thread was automatically locked due to age.
  • 0

    Hello  

    Can  you please test if disabling Tamper Protection on the device resolves the issue?

    The error could be because of this -- Sophos Endpoint Defense: Enhanced tamper protection not supported on systems with Sophos Update Manager

  • 0 in reply to DianneY

    Hello,

     

    Thanks for the response. No tamper protection is not enabled as a feature.

     

    I am unsure of what the consequences of this are. As far as i can see the warehouse is still populating with ides. I am concerned about the clients connecting to it. Will they still be protected while i sort this out?

     

    Thanks,

    Fiona

  • 0 in reply to Fiona Johnson

    Hi  

    Are there any recent changes in your network? Would you please check and perform the steps listed here and see if it helps to resolve the issue. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi,

     

    Thanks for your response but no there were no recent changes to the network. I have checked with our networks team.

     

    I disabled the firewall on the box before and tried to push down an  update successfully but it still failed.

    I followed through all the steps listed above. I had already granted those permissions to the folders previously following another thread where someone was having the same issues. Anyway the steps did not work. The folders recreated fine but after i forced the update and it downloaded binaries it still says software update failed. I checked the logviewer and it is still reporting that error failed to update from product release "Payload-SSDM"

  • 0 in reply to Fiona Johnson

    Hi  

    Could you also confirm if the user account for SUM has been modified? Also please provide more details from the logs, by searching the value 3 under SUM MSI logs and check the exact error. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hello,

     

    Not the account has not been modfified since the server was created. I searched for Value 3 in the logs as requested and this is the output.

     

     

    MSI (s) (84!30) [23:57:28:995]: Creating MSIHANDLE (277) of type 790531 for thread 5168
    MSI (s) (84!30) [23:57:28:995]: Closing MSIHANDLE (277) of type 790531 for thread 5168
    MSI (s) (84!30) [23:57:28:995]: Creating MSIHANDLE (278) of type 790531 for thread 5168
    Info 25052.Failed to load the security descriptor for \\SOPHOSSRV5\SophosUpdate. The error returned by the API was 2114.
    MSI (s) (84!30) [23:57:28:995]: Closing MSIHANDLE (278) of type 790531 for thread 5168
    MSI (s) (84!30) [23:57:28:995]: Creating MSIHANDLE (279) of type 790531 for thread 5168
    Info 25052.Failed to load the security descriptor for \\SOPHOSSRV5\SophosUpdate. The error returned by the API was 2114.
    MSI (s) (84!30) [23:57:28:995]: Closing MSIHANDLE (279) of type 790531 for thread 5168
    Info 25041.Could not modify permissions for user or group SOPHOSSRV5\SophosUpdateMgr on share SophosUpdate. An error occurred and it is probably explained above.
    MSI (s) (84:A4) [23:57:28:995]: Closing MSIHANDLE (276) of type 790536 for thread 1896
    CustomAction CA_CallModifyObjectPermissions01 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (84:68) [23:57:28:995]: Note: 1: 2265 2: 3: -2147287035
    MSI (s) (84:68) [23:57:28:995]: User policy value 'DisableRollback' is 0
    MSI (s) (84:68) [23:57:28:995]: Machine policy value 'DisableRollback' is 0
    Action ended 23:57:28: InstallFinalize. Return value 3.
    MSI (s) (84:68) [23:57:28:995]: Note: 1: 2318 2:
    MSI (s) (84:68) [23:57:28:995]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1347075885,LangId=1033,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (84:68) [23:57:28:995]: Executing op: DialogInfo(Type=0,Argument=1033)
    MSI (s) (84:68) [23:57:28:995]: Executing op: DialogInfo(Type=1,Argument=Sophos Update Manager)
    MSI (s) (84:68) [23:57:28:995]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
    MSI (s) (84:68) [23:57:28:995]: Executing op: RegisterBackupFile(File=C:\Config.Msi\11d1b782.rbf)
    MSI (s) (84:68) [23:57:28:995]: Executing op: RegisterBackupFile(File=C:\Config.Msi\11d1b783.rbf)
    MSI (s) (84:68) [23:57:28:995]: Executing op: RegisterBackupFile(File=C:\Config.Msi\11d1b784.rbf)
    MSI (s) (84:68) [23:57:28:995]: Executing op: RegisterBackupFile(File=C:\Config.Msi\11d1b785.rbf)
    MSI (s) (84:68) [23:57:28:995]: Executing op: RegisterBackupFile(File=C:\Config.Msi\11d1b786.rbf)
    MSI (s) (84:68) [23:57:28:995]: Executing op: RegisterBackupFile(File=C:\Config.Msi\11d1b787.rbf)

     

    SI (s) (84:68) [23:57:31:278]: Executing op: ComponentRegister(ComponentId={9BCE06D3-11F9-43B5-9628-B361C081EF5C},KeyPath=C:\Program Files (x86)\Sophos\Update Manager\SUMAdapter.dll,State=3,ProductKey={2C7A82DB-69BC-4198-AC26-BB862F1BE4D0},,SharedDllRefCount=0,BinaryType=0)
    MSI (s) (84:68) [23:57:31:278]: WIN64DUALFOLDERS: Substitution in 'C:\Program Files (x86)\Sophos\Update Manager\SUMAdapter.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).
    MSI (s) (84:68) [23:57:31:278]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (84:68) [23:57:31:278]: Error in rollback skipped. Return: 5
    MSI (s) (84:68) [23:57:31:278]: No System Restore sequence number for this installation.
    MSI (s) (84:68) [23:57:31:278]: Unlocking Server
    MSI (s) (84:68) [23:57:31:278]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
    Action ended 23:57:31: INSTALL. Return value 3.
    Property(S): DiskPrompt = [1]
    Property(S): SourcedirProduct = {2C7A82DB-69BC-4198-AC26-BB862F1BE4D0}
    Property(S): SOURCEDIR = C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\
    Property(S): SUM_INSTALLSOURCE = C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\
    Property(S): SUM_SHARE_EXISTS = 2
    Property(S): UpgradeCode = {D02E89AC-F27B-4BFA-8327-BE980F821C73}
    Property(S): PrimaryVolumeSpaceRemaining = 0
    Property(S): PrimaryVolumeSpaceRequired = 0
    Property(S): PrimaryVolumeSpaceAvailable = 0
    Property(S): OutOfNoRbDiskSpace = 0
    Property(S): OutOfDiskSpace = 0
    Property(S): CostingComplete = 1
    Property(S): Installed = 2019/11/11 14:32:58
    Property(S): ROOTDRIVE = C:\
    Property(S): IS_NET_API_TOKEN_WS = 1
    Property(S): IS_NET_API_TOKEN_VALID = 1
    Property(S): IS_NET_API_LOGON_SERVER_TOKEN = SOPHOSSRV5
    Property(S): ACTION = INSTALL
    Property(S): Preselected = 1
    Property(S): QFEUpgrade = 1
    Property(S): UILevel = 2
    Property(S): OriginalDatabase = C:\ProgramData\Sophos\Update Manager\Working\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1\SUM.msi
    Property(S): DATABASE = C:\Windows\Installer\11d1b77f.msi
    Property(S): USERNAME = Windows User

     

     

     

     

  • 0 in reply to Fiona Johnson

    Hello Fiona Johnson,

    Info 25052.Failed to load the security descriptor for \\SOPHOSSRV5\SophosUpdate. The error returned by the API was 2114.
    Can't say which API and the code doesn't ring a bell. Both SUMs report this error (with the applicable server name of course)?

    Christian

  • 0 in reply to QC

    Hi Stephen,

     

    Yes both consoles are failing to do a software update and reporting the same API error code.

  • 0 in reply to Fiona Johnson

    Hello Fiona Johnson,

    to make sure there's no misinterpretation of your issue:
    These are two SUMs managed by the same SEC server and both additional SUMs, or? Also, one share is on SOPHOSSRV5 and the other on a different server?

    Christian 

  • 0 in reply to QC

    Hi Christian,

     

    I have two update managers running on 2 different servers SophosSrv5 and 6 and both are encountering this issue. They did work fine originally but i am not sure when this issue started to occur because once the clients are updating fine, i don't check. I only noticed last week when i was looking at something else.

Unfiltered HTML