Failed to update SAVNT error 0000006b

Hello

I have an issue updating a Windows 2012 server named \\Janus. \\Janus hosts the Enterprise Console.

The following message appears in the console for the host server:
Code: 0000006b
Description: Download of SAVNT failed from server \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\

These are the last few entries in the ALC.log file:
0x4 ALUpdate 0x32 0x15bc 0x1 0xc0 0x1498 0x5d511ef6
0x4 ALUpdate 0x32 0xbd4 0x1 0x6 0x1e10 0x5d512074
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512074 SAVNT \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
0x4 CIDUpdate 0x32 0xbd4 0x1 0x8 0x1e10 0x5d512074
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512075 SophosEndpointDefense \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
0x4 CIDUpdate 0x32 0xbd4 0x1 0x23 0x1e10 0x5d512075
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512075 SophosAutoUpdate \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
0x4 CIDUpdate 0x32 0xbd4 0x1 0x23 0x1e10 0x5d512075
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512076 SophosSystemProtection \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
0x4 CIDUpdate 0x32 0xbd4 0x1 0x23 0x1e10 0x5d512076
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512077 SophosNetworkThreatProtection \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
0x4 CIDUpdate 0x32 0xbd4 0x1 0x23 0x1e10 0x5d512077
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512078 SophosHitmanProAlert \\JANUS\SophosUpdate\CIDs\S000\OPMHMPA
0x4 CIDUpdate 0x32 0xbd4 0x1 0x23 0x1e10 0x5d512078
0x4 CIDUpdate 0x32 0xbd4 0x1 0x55 0x1e10 0x5d512079 SophosClean \\JANUS\SophosUpdate\CIDs\S000\OPMHMPA
0x4 CIDUpdate 0x32 0xbd4 0x1 0x23 0x1e10 0x5d512079
0x4 ALUpdate 0x32 0xbd4 0x1 0x52 0x1e10 0x5d51207a
0x4 ALUpdate 0x32 0xbd4 0x1 0x53 0x1e10 0x5d51207a SophosSystemProtection
0x4 ALUpdate 0x32 0xbd4 0x1 0x53 0x1e10 0x5d51207a SophosEndpointDefense
0x4 ALUpdate 0x32 0xbd4 0x1 0x53 0x1e10 0x5d51207a SophosHitmanProAlert
0x4 ALUpdate 0x32 0xbd4 0x1 0x53 0x1e10 0x5d51207a SophosClean
0x4 ALUpdate 0x32 0xbd4 0x1 0x53 0x1e10 0x5d51207a SophosNetworkThreatProtection
0x4 ALUpdate 0x32 0xbd4 0x1 0x53 0x1e10 0x5d51207a SophosAutoUpdate
0x4 ALUpdate 0x32 0xbd4 0x1 0xc0 0x1e10 0x5d51207b

The ALUpdate log contains the following lines. I have highlighted the errors with >>>:
Trace(2019-Aug-12 09:10:23): No file expired_credential.dat.
Trace(2019-Aug-12 09:10:23): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\ProductID.dat
Trace(2019-Aug-12 09:10:23): Synchronised file ProductID.dat (Local).
Trace(2019-Aug-12 09:10:23): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\order.xml
Trace(2019-Aug-12 09:10:23): Synchronised file order.xml (Local).
Trace(2019-Aug-12 09:10:23): ParseCustomerIDFile: completed: 0
Trace(2019-Aug-12 09:10:23): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {7998C326-2CA5-4830-B7D2-B792D2460975}
Trace(2019-Aug-12 09:10:23): CIDUpdateLocation::SyncProduct - Updating Product: SAVNT
Trace(2019-Aug-12 09:10:23): CIDUpdate(SyncProduct.Start): Downloading product SAVNT from server \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2019-Aug-12 09:10:23): CIDUpdateLocation::Sync - Updating from local CID: \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\sav
Trace(2019-Aug-12 09:10:23): CIDSync(CidSyncMessage): Starting LAN connection
Trace(2019-Aug-12 09:10:23): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2019-Aug-12 09:10:23): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\sav.map
>>>Trace(2019-Aug-12 09:10:23): CIDSync(CidSyncMessage): A file or folder matching \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\sav could not be found.
>>>Trace(2019-Aug-12 09:10:23): CIDUpdateLocation::SyncProduct: Failed to update product (SAVNT) from "\\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
Trace(2019-Aug-12 09:10:23): CIDUpdate(CIDDownloadFailed): Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
Trace(2019-Aug-12 09:10:24): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
Trace(2019-Aug-12 09:10:24): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
Trace(2019-Aug-12 09:10:24): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
Trace(2019-Aug-12 09:10:24): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2019-Aug-12 09:10:24): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2019-Aug-12 09:10:24): Calling package_source_init
Trace(2019-Aug-12 09:10:24): TrySyncProduct, Calling BeginSync
Trace(2019-Aug-12 09:10:24): Logging on network access user
Trace(2019-Aug-12 09:10:24): Attempting to make a connection to remote machine \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\
Trace(2019-Aug-12 09:10:24): Connection to remote machine \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\ successful
Trace(2019-Aug-12 09:10:24): Custom certificate already present.
Trace(2019-Aug-12 09:10:24): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\escdp.dat

The line stating:
Trace(2019-Aug-12 09:10:23): CIDSync(CidSyncMessage): A file or folder matching \\JANUS\SophosUpdate\CIDs\S000\SAVSCFXP\sav could not be found.

is correct as a sub folder named sav does not exist on \\Janus:

Directory of C:\ProgramData\Sophos\Update Manager\Update Manager\CIDs\S000\SAVSCFXP

12/08/2019 09:55 <DIR> .
12/08/2019 09:55 <DIR> ..
15/03/2016 12:13 1,131 cac.dat
15/03/2016 12:13 1,131 cac.pem
12/08/2019 08:49 79,753 cidsync.upd
12/08/2019 08:49 118,085 cidsync2.upd
16/07/2019 15:28 <DIR> crt
19/05/2016 13:07 34 customer_ID.txt
23/11/2016 12:10 479 escdp.dat
12/08/2019 09:55 0 listdir.txt
12/08/2019 08:49 470 master.upd
12/08/2019 08:49 817 master2.upd
15/03/2016 12:13 542 mrinit.conf
28/05/2019 12:33 <DIR> ntp
28/05/2019 12:33 <DIR> ntp64
03/08/2018 14:12 1,502 order.xml
28/05/2019 13:15 83 ProductID.dat
28/05/2019 12:33 <DIR> rms
12/08/2019 08:49 470 root.upd
12/08/2019 08:49 918 root2.upd
16/07/2019 14:57 <DIR> sau
12/08/2019 08:49 <DIR> savxp
23/08/2018 15:23 <DIR> scf
14/09/2018 10:21 1,072 sdf.xml
28/05/2019 12:33 <DIR> sed
28/05/2019 12:33 <DIR> sed64
04/04/2019 16:05 1,266,496 setup.exe
04/04/2019 16:05 394,192 SetupChs.dll
04/04/2019 16:05 394,704 SetupCht.dll
04/04/2019 16:05 405,120 SetupDeu.dll
04/04/2019 16:05 403,016 SetupEnu.dll
04/04/2019 16:05 405,632 SetupEsp.dll
04/04/2019 16:05 405,632 SetupFra.dll
04/04/2019 16:05 405,632 SetupIta.dll
04/04/2019 16:05 397,832 SetupJpn.dll
28/05/2019 12:33 <DIR> spa
28/05/2019 12:33 <DIR> spa64
28/05/2019 12:33 <DIR> ssp
30/04/2015 17:11 322 web.config
25 File(s) 4,685,065 bytes
14 Dir(s) 411,505,508,352 bytes free

I have tried right-clicking the Sophos icon in the Notiification Area and initiating an update, and have also tried updating from the Enterprise Console but both methods fail.

All other clients and servers are updating successfully. Note that I presently have a support case open with the Sophos escalation team regarding system freezes so I don't know if that may have abearing on this (but \\Janus has not experienced these freezes).

Does anyone have any suggestions I might try to remedy this, please?

Thanks

Mark

  • Hi Mark,

    My suspicion is that the machine is attempting to install Sophos Anti-virus for Windows NT based on the error.  What we want is the machine to pull down Sophos Anti-Virus for Windows XP/2000+ instead.  Try the following:
    1. Turn off Tamper Protection on the machine.

    2. Navigate to C:\ProgramData\Sophos\AutoUpdate\Config\

    3. Make a backup of iupd.cfg

    4. Open up an administrative notepad and modify iupd.cfg

    5. Swap the value of Action for the following:

    ;SAV 2k =
    [iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311}]
    AllowLocalConfig = 1
    Action = 0x400007

    ;SAV NT4
    [iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975}]
    AllowLocalConfig = 1
    Action = 0x400000

    6. Force an update on the machine.

  • In reply to MEric:

    Hello MEric and thank you for replying.

    Apologies for the late response.

    I made the changes you suggested and ran an update and it now seems to have worked.

    The cfg file was edited as follows:

    Change from:
    ;SAV NT4
    [iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975}]
    AllowLocalConfig = 1
    Action = 0x400007

    Change to:
    ;SAV NT4
    [iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975}]
    AllowLocalConfig = 1
    Action = 0x400000

    As soon as I forced an update Sophos requested a restart to finish the update.

    Thank you very much for your help.