Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 14763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No longer updating - SSL Cert not trusted?

BC68

I have been making a switch on my home network from Avast to Sophos since I'm using the Sophos UTM 9 and it includes enough licenses for me to cover all my systems. I was testing and everything seemed fine, but today I noticed that update's weren't working on any systems when I was checking on status in the UTM after installing on a new system. I got a message about the new install not being able to register. So I've been searching online and trying to troublehoot, and I suspect I've found the issue? The SSL Cert on *.broker.sophos.com isn't trusted by any of my systems. Any time I try to update

 

Attaching screen shots for reference

 

 

Here's some log info:

SophosUpdate.log -
2017-11-25T17:27:42.079Z [ 5092] INFO  WinMain =========================
2017-11-25T17:27:42.079Z [ 5092] INFO  WinMain SophosUpdate is starting.
2017-11-25T17:27:42.079Z [ 5092] INFO  WinMain AutoUpdate version      : 5.1.1.1
2017-11-25T17:27:42.079Z [ 5092] INFO  WinMain SophosUpdate version    : 5.1.1.1
2017-11-25T17:27:42.080Z [ 5092] INFO  WinMain Build                   : 100004
2017-11-25T17:27:42.080Z [ 5092] INFO  WinMain =========================
2017-11-25T17:27:42.080Z [ 5092] INFO  Environment::Print Platform ID: WIN_10_X64
2017-11-25T17:27:42.080Z [ 5092] INFO  Environment::Print Platform upgraded:0
2017-11-25T17:27:42.080Z [ 5092] INFO  Environment::Print Subscription: cd2a5386-f08c-42b1-8d98-{OMITTED FOR PUBLIC UPLOAD BY ME} RECOMMENDED 1
2017-11-25T17:27:42.080Z [ 5092] INFO  Environment::Print Features:
2017-11-25T17:27:42.080Z [ 5092] INFO  WinMain Set process security
2017-11-25T17:27:42.080Z [ 5092] INFO  WinMain Initialise COM.
2017-11-25T17:27:42.080Z [ 5092] INFO  WinMain Load config.
2017-11-25T17:27:42.081Z [ 5092] INFO  `anonymous-namespace'::ReadFileContents Slurping file of size 930 bytes.
2017-11-25T17:27:42.081Z [ 5092] INFO  WinMain Create registry reporter.
2017-11-25T17:27:42.081Z [ 5092] INFO  WinMain Create platform reporter.
2017-11-25T17:27:42.082Z [ 5092] INFO  WinMain Load state.
2017-11-25T17:27:42.082Z [ 5092] INFO  StatePersister::Load Loading state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2017-11-25T17:27:42.082Z [ 5092] INFO  WinMain Create progress reporter.
2017-11-25T17:27:42.095Z [ 5092] INFO  WinMain Create language neutral logger.
2017-11-25T17:27:42.095Z [ 5092] INFO  WinMain Create downloader.
2017-11-25T17:27:42.095Z [ 5092] INFO  WinMain Create installer.
2017-11-25T17:27:42.096Z [ 5092] INFO  WinMain Create adapter writer.
2017-11-25T17:27:42.096Z [ 5092] INFO  IPCBase::IPCBase IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
2017-11-25T17:27:42.096Z [ 5092] INFO  WinMain Create completion reporter.
2017-11-25T17:27:42.096Z [ 3200] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread started.
2017-11-25T17:27:42.096Z [ 5092] INFO  WinMain Create update logic.
2017-11-25T17:27:42.096Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend started
2017-11-25T17:27:42.096Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-11-25T17:27:42.096Z [ 5092] INFO  WinMain Performing update.
2017-11-25T17:27:42.096Z [ 5092] INFO  UpdateLogic::Update Reporting update start.
2017-11-25T17:27:42.097Z [ 5092] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
2017-11-25T17:27:42.097Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
2017-11-25T17:27:42.097Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-11-25T17:27:42.128Z [ 5092] INFO  UpdateLogic::SyncAndInstall Syncing products.
2017-11-25T17:27:42.128Z [ 5092] INFO  SDDSDownloader::SyncInternal Adding Sophos Location: dci.sophosupd.com/cloudupdate
2017-11-25T17:27:42.128Z [ 5092] INFO  SDDSDownloader::SyncInternal Adding Sophos Location: dci.sophosupd.net/cloudupdate
2017-11-25T17:27:42.129Z [ 5092] INFO  SDDSDownloader::SyncInternal Username: {OMITTED FOR PUBLIC UPLOAD BY ME}
2017-11-25T17:27:42.130Z [ 5092] INFO  SDDSDownloader::SyncInternal No manually configured proxy.
2017-11-25T17:27:42.130Z [ 5092] INFO  WindowsProxyDiscoveryWrapper::GetDefaultProxyConfiguration WinHttp default proxy not set
2017-11-25T17:27:42.138Z [ 5092] WARN  WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.
2017-11-25T17:27:44.549Z [ 5092] ERROR SDDSDownloader::ReportSyncFailure Failed to read remote metadata.
2017-11-25T17:27:44.550Z [ 5092] INFO  UpdateLogic::SyncAndInstall Saving state.
2017-11-25T17:27:44.551Z [ 5092] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2017-11-25T17:27:44.552Z [ 5092] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
2017-11-25T17:27:45.575Z [ 5092] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server dci.sophosupd.com/.../Config>
2017-11-25T17:27:45.575Z [ 5092] INFO  WinMain SophosUpdate has completed with the result 0.
2017-11-25T17:27:45.575Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>cd2a5386-f08c-42b1-8d98-40240059e361</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of cd2a5386-f08c-42b1-8d98-40240059e361 failed from server dci.sophosupd.com/.../Config>
2017-11-25T17:27:45.575Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-11-25T17:27:46.576Z [ 3200] INFO  IPCSender::ProcessSend IPCSender::ProcessSend exiting
2017-11-25T17:27:46.576Z [ 3200] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread finished.
2017-11-25T17:27:46.577Z [ 5092] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml

ACL.LOG

0x4 SophosUpdate 0x32 0x1a1c 0x1 0x6 0x3fd4 0x5a1998a2
0x4 Update 0x32 0x1a1c 0x1 0x6b 0x3fd4 0x5a1998a5 EndpointSecurityandControl Sophos
0x4 Update 0x32 0x1a1c 0x1 0x52 0x3fd4 0x5a1998a5
0x4 SophosUpdate 0x32 0x1a1c 0x1 0x7b 0x3fd4 0x5a1998a5
0x4 SophosUpdate 0x32 0x1188 0x1 0x6 0x3cc4 0x5a19990c
0x4 Update 0x32 0x1188 0x1 0x6b 0x3cc4 0x5a19990e EndpointSecurityandControl Sophos
0x4 Update 0x32 0x1188 0x1 0x52 0x3cc4 0x5a19990e
0x4 SophosUpdate 0x32 0x1188 0x1 0x7b 0x3cc4 0x5a19990e
0x4 SophosUpdate 0x32 0x2fa4 0x1 0x6 0x3484 0x5a19991d
0x4 Update 0x32 0x2fa4 0x1 0x6b 0x3484 0x5a19991f EndpointSecurityandControl Sophos
0x4 Update 0x32 0x2fa4 0x1 0x52 0x3484 0x5a19991f
0x4 SophosUpdate 0x32 0x2fa4 0x1 0x7b 0x3484 0x5a19991f
0x4 SophosUpdate 0x32 0x37d8 0x1 0x6 0x268 0x5a19a119
0x4 Update 0x32 0x37d8 0x1 0x6b 0x268 0x5a19a11c EndpointSecurityandControl Sophos
0x4 Update 0x32 0x37d8 0x1 0x52 0x268 0x5a19a11c
0x4 SophosUpdate 0x32 0x37d8 0x1 0x7b 0x268 0x5a19a11c
0x4 SophosUpdate 0x32 0x2ef4 0x1 0x6 0x13e4 0x5a19a80e
0x4 Update 0x32 0x2ef4 0x1 0x6b 0x13e4 0x5a19a810 EndpointSecurityandControl Sophos
0x4 Update 0x32 0x2ef4 0x1 0x52 0x13e4 0x5a19a810
0x4 SophosUpdate 0x32 0x2ef4 0x1 0x7b 0x13e4 0x5a19a810
0x4 SophosUpdate 0x32 0x137c 0x1 0x6 0x3f74 0x5a19a8eb
0x4 Update 0x32 0x137c 0x1 0x6b 0x3f74 0x5a19a8ed EndpointSecurityandControl Sophos
0x4 Update 0x32 0x137c 0x1 0x52 0x3f74 0x5a19a8ed
0x4 SophosUpdate 0x32 0x137c 0x1 0x7b 0x3f74 0x5a19a8ed

 

Here is a screen shot from a system that's been running for a while, it appears on the 15th something changed



This thread was automatically locked due to age.
  • 0

    Hi  

    Can you try installing the certificate manually?

    Download the certificate to your local machine

    1. Go to Certificates then click the Certificate Authorities tab and click on the download icon next to SecurityAppliance_SSL_CA under the Manage column to download the Certificate.
    2. The certificates SecurityAppliance_SSL_CA and SecurityApplianceSelfSignedCA are shipped with the device. Alternatively, administrators can also import their custom CA.
    3. Save this certificate in your local machine.

    Install the certificate in your web browser

    Internet Explorer

    1. In the Menu Bar, click Tools > Internet Options to display the Internet Options window.
    2. Switch to the Content tab and, under the Certificates section, click Certificates to display the Certificates Window.
    3. Switch to the Trusted Root Certification Authorities tab and click the Import button to start Certificate Import Wizard.
    4. Import the Certificate downloaded in step 1 using this wizard.


    Firefox

    1. In the Menu Bar, click Tools > Options to display the Options window.
    2. Switch to the Advanced tab and then select the Certificates tab.
    3. Click View Certificate to display the Certificate Manager window.
    4. Switch to the Authorities tab and click Import.
    5. Select the Certificate downloaded in step 1 and click Open.
    6. In the Downloading Certificate window, select Trust this CA to identify websites and click OK.


    Google Chrome

    1. To the right of the Address Bar, click on Customize and control Google Chrome button and click Settings.
    2. Click Show advanced settings and scroll down to HTTPS/SSL.
    3. Click Manage Certificates... to display the Certificates window.
    4. Switch to the Trusted Root Certification Authorities tab and click the Import button to start Certificate Import Wizard.
    5. Import the Certificate downloaded in step 1 using this wizard.


    Safari

    1. Download the SSL CA Certificate as shown in step 1.
    2. Once downloaded, double-click the Certificate. This launches Keychain Access and displays a Certificate Not Trusted warning.
    3. Click Always Trust to import the certificate into Login Keychain.

    Opera

    1. Click the Opera button on the top left corner of the screen and click Settings.
    2. Switch to the Privacy & Security tab.
    3. Under HTTPS/SSL, click Manage Certificates…to display the Certificates window.
    4. Switch to the Trusted Root Certification Authorities tab and click the Import button to start the Certificate Import Wizard.
    5. Import the Certificate downloaded in step 1 using this wizard.

     

    Install the Certificate in the local machine’s Trusted Root Authority container

    Windows

    1. Open the Microsoft Management Console by typing "MMC" in the "Run" box.
    2. Open Add or Remove Snap-ins by selecting FILE > ADD/REMOVE SNAP-IN...
    3. Select Certificates from the list and click Add to display the Certificates Snap-in window.
    4. Select the Computer Account and click Next.
    5. Click Finish and close the list of snap-ins.
    6. Click OK to add the certificates snap-in, which should now be visible in the Add/Remove Snap-ins window.
    7. Expand the list of certificate containers, right click Trusted Root Authorities and choose All Tasks > Import to start Certificate Import Wizard.
    8. Import the Certificate downloaded in step 2 using this wizard.


    Macintosh

    1. Download the SSL CA Certificate as shown in step 1.
    2. Once downloaded, double-click the Certificate. This launches Keychain Access and displays a Certificate Not Trusted warning.
    3. Click Always Trust to import the certificate into Login Keychain.

     

    Refer Sophos Firewall: SSL CA Certificate Installation Guide for additional details.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Thanks for the response Unfortunately that CA seems to be missing? I recently added a new * SSL cert, is it possible when I did this and changed it deleted something, as I know I personally didn't delete it.

  • 0 in reply to BC68

    Hi BC68, 

    Could you please check if there 2 certificates on the location c://programdata\sophos\certificates\Manag...... , it would seem the certificate should be stored under trusted root authorities as per the snapshot below. Remove the certificate from other locations. 

    Run > certmgr

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hello - those two cert's are not in any of the systems I've checked, in any location.

  • 0 in reply to Aditya Patel

    OK, sorry I was traveling for work last week and didn't have the time, nor brain power to correctly decipher what you said, the 'c://programdata\sophos\certificates\Manag......' wasn't clear to me, but I got it figured out and followed the rest of the instructions. Unfortunately it didn't resolve the issue. It's entirely possible the SSL cert really isn't the issue, and that was a bad path I went down.

    I'm wondering if the issue is really the "User name and Password" that the agent is using for connecting to the update servers? Based on installing that above listed certs, and rebooting not resolving the issue I decided to do a complete uninstall, reboot and full install. Upon doing so I am getting this message:

     

    Just because I even disabled Windows Defender to see if it was causing an issue, and there is not change. I'm not able to update (or now register) the AV.

     

  • 0 in reply to Gowtham Mani

    Bump - any suggestions or help? Unfortunately I'm kinda between a rock and a hard place with out this working. I did a tcpdump on the UTM this morning to watch the traffic and it's the server that's throwing out a 404 error after attempting to login

     

    7:14:26.996385 IP XXX.XXX.XXX.XXX.7252 > 208.111.158.173.80: Flags [P.], seq 1157:1446, ack 1589, win 256, length 289
            0x0000:  4500 0149 7845 4000 8006 5140 c0a8 0064  E..IxE@...Q@...d
            0x0010:  d06f 9ead 1c54 0050 fa63 90db 829f a1b1  .o...T.P.c......
            0x0020:  5018 0100 70e7 0000 4745 5420 2f63 6c6f  P...p...GET./clo
            0x0030:  7564 7570 6461 7465 2f37 2f32 352f 3732  udupdate/7/25/72
            0x0040:  3563 3632 6435 6337 3531 3535 6233 3034  5c62d5c75155b304
            0x0050:  3363 3530 3736 3661 3434 3634 3464 2e64  3c50766a44644d.d
            0x0060:  6174 2048 5454 502f 312e 310d 0a43 6f6e  at.HTTP/1.1..Con
            0x0070:  6e65 6374 696f 6e3a 204b 6565 702d 416c  nection:.Keep-Al
            0x0080:  6976 650d 0a41 6363 6570 743a 2074 6578  ive..Accept:.tex
            0x0090:  742f 2a2c 2061 7070 6c69 6361 7469 6f6e  t/*,.application
            0x00a0:  2f2a 0d0a 5573 6572 2d41 6765 6e74 3a20  /*..User-Agent:.
            0x00b0:  536f 7068 6f73 5570 6461 7465 2f35 2e31  SophosUpdate/5.1
            0x00c0:  2e31 2e31 2053 4444 532f 322e 3020 2875  .1.1.SDDS/2.0.(u
            0x00d0:  3d22 564f 4847 484f 5532 3657 2220 633d  ="VOHGHOU26W".c=
            0x00e0:  2233 6132 3536 6466 3637 3332 6132 3864  "3a256df6732a28d
            0x00f0:  3838 6236 6265 3233 6539 3164 3636 3537  88b6be23e91d6657
            0x0100:  3822 2069 3d22 3130 3135 3131 3835 2d34  8".i="10151185-4
            0x0110:  6633 332d 6630 3934 2d34 3630 612d 3466  f33-f094-460a-4f
            0x0120:  6532 3237 3839 3464 6534 2229 0d0a 486f  e227894de4")..Ho
            0x0130:  7374 3a20 6463 692e 736f 7068 6f73 7570  st:.dci.sophosup
            0x0140:  642e 636f 6d0d 0a0d 0a                   d.com....
    07:14:27.025620 IP 208.111.158.173.80 > XXX.XXX.XXX.XXX.7252: Flags [.], ack 1446, win 4088, length 0
            0x0000:  4500 0028 0000 4000 3506 15a7 d06f 9ead  E..(..@.5....o..
            0x0010:  c0a8 0064 0050 1c54 829f a1b1 fa63 91fc  ...d.P.T.....c..
            0x0020:  5010 0ff8 a25d 0000                      P....]..
    07:14:27.025892 IP 208.111.158.173.80 > XXX.XXX.XXX.XXX.7252: Flags [P.], seq 1589:2004, ack 1446, win 4106, length 415
            0x0000:  4500 01c7 0000 4000 3506 1408 d06f 9ead  E.....@.5....o..
            0x0010:  c0a8 0064 0050 1c54 829f a1b1 fa63 91fc  ...d.P.T.....c..
            0x0020:  5018 100a c65e 0000 4854 5450 2f31 2e31  P....^..HTTP/1.1
            0x0030:  2034 3034 204e 6f74 2046 6f75 6e64 0d0a  .404.Not.Found..
            0x0040:  5365 7276 6572 3a20 4170 6163 6865 0d0a  Server:.Apache..
            0x0050:  5661 7279 3a20 4163 6365 7074 2d45 6e63  Vary:.Accept-Enc
            0x0060:  6f64 696e 670d 0a43 6f6e 7465 6e74 2d54  oding..Content-T
            0x0070:  7970 653a 2074 6578 742f 6874 6d6c 3b20  ype:.text/html;.
            0x0080:  6368 6172 7365 743d 6973 6f2d 3838 3539  charset=iso-8859
            0x0090:  2d31 0d0a 4167 653a 2031 0d0a 4461 7465  -1..Age:.1..Date
            0x00a0:  3a20 5475 652c 2030 3520 4465 6320 3230  :.Tue,.05.Dec.20
            0x00b0:  3137 2031 343a 3134 3a32 3720 474d 540d  17.14:14:27.GMT.
            0x00c0:  0a45 7870 6972 6573 3a20 5475 652c 2030  .Expires:.Tue,.0
            0x00d0:  3520 4465 6320 3230 3137 2031 343a 3434  5.Dec.2017.14:44
            0x00e0:  3a32 3620 474d 540d 0a43 6f6e 7465 6e74  :26.GMT..Content
            0x00f0:  2d4c 656e 6774 683a 2031 3335 0d0a 436f  -Length:.135..Co
            0x0100:  6e6e 6563 7469 6f6e 3a20 6b65 6570 2d61  nnection:.keep-a
            0x0110:  6c69 7665 0d0a 4361 6368 652d 436f 6e74  live..Cache-Cont
            0x0120:  726f 6c3a 2073 2d6d 6178 6167 653d 3630  rol:.s-maxage=60
            0x0130:  2c20 6d61 782d 6167 653d 3630 0d0a 0d0a  ,.max-age=60....
            0x0140:  3c21 444f 4354 5950 4520 4854 4d4c 2050  <!DOCTYPE.HTML.P
            0x0150:  5542 4c49 4320 222d 2f2f 4945 5446 2f2f  UBLIC."-//IETF//
            0x0160:  4454 4420 4854 4d4c 2032 2e30 2f2f 454e  DTD.HTML.2.0//EN
            0x0170:  223e 3c68 746d 6c3e 3c68 6561 643e 3c74  "><html><head><t
            0x0180:  6974 6c65 3e34 3034 204e 6f74 2046 6f75  itle>404.Not.Fou
            0x0190:  6e64 3c2f 7469 746c 653e 3c2f 6865 6164  nd</title></head
            0x01a0:  3e3c 626f 6479 3e3c 6831 3e4e 6f74 2046  ><body><h1>Not.F
            0x01b0:  6f75 6e64 3c2f 6831 3e3c 2f62 6f64 793e  ound</h1></body>
            0x01c0:  3c2f 6874 6d6c 3e                        </html>

  • 0 in reply to Gowtham Mani

    Still need some help and or advice. Still doesn't work.

Unfiltered HTML