This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoints Failing to Install New Update

Hello,

After receiving the new update (10.3.7 3.51) I have 100+ endpoints that are failing to uninstall the new software.  During the install process the old versions of the software are uninstalled, then when the install is starting they error out.  I'm receiving either an "Installation of Sophos AutoUpdate Failed [0x00000008]" error or an "A runtime error occurred. [0x00000062]" error.

From my testing, when this error occurs it's because the AutoUpdate folder that's created in either of the following locations has messed up permissions.  Basically, it won't allow anyone or anything to access it or delete it.  Those locations are:

C:\Program Files (x86)\Sophos\AutoUpdate  -or-  C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir

If I restart the PC with this problem and boot into Safe Mode, log in then out, the bad file is automatically deleted, restart into normal Windows and try the install again.  At that point everything installs correctly and there are no problems.  

I don't want to have to restart 100+ computers into safe mode if I don't have to, we need a better solution and soon because these computers with this problem are unprotected right now.  Thanks for anyone's help!

:50144


This thread was automatically locked due to age.
  • Hi,

    We're having the same problem.  At first I thought the problem may be related to UAC being disabled on our workstations because I toggled it on and was able to re-protect some broken computers.  I've found a couple PCs that already had UAC enabled that still had issues, however.

    I have a support ticket open and they said it was an issue with the 10.3.7 version and they are working on it, but that we could re-protect the computers and it should fix the problem.  When I try and re-protect I get errors like you mentioned, but sometimes I can get the AV and the AutoUpdate to install but not the Remote Management components.

    If I get anywhere with support I will share my findings but I'd be interested to here what other people are experiencing.

    :50146
  • Hello!

    Exactly!  We have gone through the same things with UAC.  Let me share where we're at with you and maybe it'll help a little more:

    For some reason, we're noticing that either the C:\Program Files (x86)\Sophos\ AutoUpdate folder or the C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir folder will get messed up permissions and lock themselves out.  And believe it or not, rebooting into safe mode automatically deletes those folders.  Then after a boot into regular normal windows you can successfully push Sophos.  I wouldn't recommend this as a permanent solution especially because it requires a lot of time, but it does help for now.

    So here's the steps we're doing specifically to resolve this:

    1. Fresh computer, did not receive full update from Sophos server, only firewall installed.
    2. Attempt to push Sophos from Console, failed with Runtime error [0x00000062].
    3. No folders in either C:\Program Files (x86)\Sophos\ or C:\ProgramData\Sophos\ with locked permissions/access denied.
    4. Restart into Safe Mode, did not log in.
    5. Restart into normal boot.
    6. Attempt to push Sophos from Console, failed with AutoUpdate failed installation [0x00000008].
    7. C:\Program Files (x86)\Sophos\AutoUpdate folder locked permissions/access denied.
    8. Restart into Safe Mode, did not log in.
    9. Restart into normal boot.
    10. C:\Program Files (x86)\Sophos\AutoUpdate folder is deleted.
    11. Attempt to push Sophos from Console, Success!!!  All components of SAV and Firewall installed and run correctly!
    :50148
  • Thanks for the reply.  I tried booting one into safemode, then restarting and re-protecting and it failed (well, install AV and AutoUpdate but NOT remote management) but I am going to do some more testing.  One thing I did notice while working with Sophos is that permissions on C:\ProgramData\Sophos\AutoUpdate\Cache only had READ allowed for users.  They asked me to run the Sophos Diagnostic Utility which is in a subfolder and I couldn't do it until I added READ & EXECUTE on the Cache folder.  It looked as though it was not inheriting properly because I checked some folders above and they did have the inheritance from the base folder.  I suspect some of these same permissions issues are causing protections to fail or certain components not to install.  If I find a procedure that works any easier, I'll share.  I am currently running SDU logs to send to Sophos with my case.

    :50152
  • Yep that sounds familiar, I just ran the SDU from the server share.  This is all related to permissions issues, we made sure that the "Everyone" group was added to the share and had read/execute permissions.  We also noticed sometimes that a couple attempts at rebooting and pushing the install were needed before we could get safe mode to clean the bad folder and get it to install successfully.

    Tell me if you've noticed this one too:  

    We have a production floor that we are careful with when it comes to upgrades, so to prevent them from updating and inheriting the same nightmare as the rest of the company we created a separate updating policy and gave it the wrong credentials so it would fail, and disabled location roaming and a secondary location.  We assigned that policy to the production groups only, now here's the crazy part:  All of the computers that get the new version of the Sophos software fail their updates from the primary location because they're trying to use that bad policy we set up.  So if we look at the policy assigned to a group, say "HR", it's the correct main updating policy that's working just fine, if we open the software on the machine "HR-1" (just examples these aren't really our PC names) the PC HR-1 reports in the updating policy that it's using the correct policy.  But when you go look at the failure logs it says it tried the bad policy.  I have 135 PC's with just that problem right now...

    I hope you won't run into that like we have.  :)

    :50154
  • Sandy,

    I have already contacted support and have been in contact with them for a few days now as we go through things.  Thank you for checking though!

    :50186
  • Where to begin... This has been a nightmare for us since the 20th when the updater started attempting to update 1000+ clients and failing on the vast majority, leaving each computer unprotected.  We only use Sophos AV, no other tools of theirs.

    I had the EXACT same symptoms as you, PostQ, however I haven't tried the "Safe Mode" fix, because a) we can't automate that for this quantity of clients, and b) we use bitlocker which means we'd have to look up and provide all the users with their keys to unlock their drives to get into safe mode (not going to happen).

    Here has been my experience:

    Since we are trying to find a way to automate the fix, I've been working with a package to install the software using KACE and/or AD for deployment.  Before automating the fix though, I've been testing the package on broken clients and this is what I found.

    Client attempted to upgrade to 10.3.7, failed

    RMS component was the only piece of Sophos software left on the client.

    1st install: Reboot, run Sophos Package with 2 possible results: 1) AV installed, AutoUpdater installed, no RMS; or 2) All three components install

    2nd install: If the first (missing RMS) occurs, we reboot, and run the Sophos Package again.  This time it will remove the AutoUpdater, leaving just AV.

    3rd install: Reboot, run Sophos Package with 2 possible results : 1) AV installed, AutoUpdater installed, no RMS; or 2) All three components install

    4th install: If the first (missing RMS) occurs, we reboot, and run the Sophos Package again.  This time it will remove the AutoUpdater, leaving just AV.

    From here, the pattern repeats, where odd attempts may or may not resolve our client configuration, and even attempts remove the AutoUpdater.

    At this point, we have gone over 3 full days since this was first detectected to today working with Sophos support still w/out resolution.  Since we NEED to get clients protected again, this is what I'm now looking to do:

    Install the package on all computers that KACE detects as not having v10.3.7.  On the first try, it should at the very least give us AV and AutoUpdater, likely won't give us the RMS component.  I'm willing to accept that at this point.  I'm now investigating what missing RMS is going to do to us in the future, but I'm banking on some fix being developed at some point, where I can hopefully deploy with KACE and restore full client/server functionality.

    Hope this helps someone, or finds someone that can share brain power to hopefully come to the best solution.

    :50202
  • I'm seeing similar things as tsachen.  I've tried multiple combinations of rebooting, safe mode, toggling UAC, uninstalling, reinstalling and using the M$ windows installer cleanup utility/troubleshooter.  Some computers have RMS, but when you try to re-deploy it disappears and they receive a combination of the AV and AutoUpdate, but no matter what I do I can't get it to deploy RMS from the console.  I've also tried manually running setup.exe from the distribution point and I get the same result.  I have an open case with Sophos support who confirmed that RMS was not deploying based on the logs I sent them.  They escalated my case on Friday, but I haven't heard back since then so I sent a follow up email today.  I've also tried creating an update manager with a slightly older version than 10.3.7 but had the same results.  I am not sure what else to try, so for now I'm playing the waiitng game.

    :50276
  • You guys are so spot on!  Same things here too by the way.  My case was "escalated" too last week however after multiple emails asking for an update on my case they have yet to write me back.  We have over 370 endpoints with this problem.

    I noticed you have the Dell KACE appliance, we do too, I'm wondering if the KACE agent is causing problems.  Here's the intersting tidbit of info, I installed Sophos on a brand-new out of the box laptop with the original Dell OS on it.  The only thing I did was join it to our domain network, and the install worked perfectly time and time again.  I'm going to slowly install one piece of software after another to see if that breaks it.  And I'm going to try that KACE agent first.

    :50284
  • We have a Dell KACE appliance as well.  I'll be interested to see if you find a link.

    :50292
  • I will be able to tell you soon!  I'm wondering if that's the key...

    :50294