Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 13944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help I cannot upgrade

jason norris

Okay I am a Domain Admin I am trying to upgrade to 5.5.0 first I didn't have permission fixed that issue ...sorta

then the db needed upgraded... fine updated mssql ... no more updates found

ran the installer DB needs upgraded ok so I scour the web ... nothing except build the db by hand ... really by hand? ... really?

start running the cmds

don't have permission ... made myself the OWNER of every db in the system

try again still don't have permission

I have spent all day trying to upgrade this junk because my renewed license wont work and my stuff is "off" because I cant get this system to upgrade

simplifying security... what a joke this is by far the most complex upgrade I have ever seen even SharePoint upgrades easier than this why am I messing with the db anyway this isn't smart or simple but as I am out of ideas any suggestions would be greatly appreciated thanks



This thread was automatically locked due to age.
Parents
  • +1

    When you are getting the message about the database needing to be upgraded first I assume it's this message:
    https://community.sophos.com/kb/en-us/113945#ServerUpgradeChecks

    Is that correct?

    This isn't about the SQL instance version but more about the Database component of the SEC installation.  

    You have 3 main components to a SEC install: The Database, the Management Console and the Management services.

    I assume that all components are on the same computer so you have a compact installation where all 3 roles should be installed locally.  If you look in Programs and Features you should see the 3 components, Console+Database+Management Server.  

    If you don't have the Sophos Database component despite having a local database this could be the problem during the upgrade.

    Whatever your current install version of SEC is, I would suggest adding the database component of that version if you don't have it.  Of course you already have the underlying SQL database, so you just need to add the same version of the database component back so it appears installed to the new installer.

    The commands to install the Database component without 'touching' the database are in this article:
    https://community.sophos.com/kb/en-us/118900

    I.e.

    32-bit Computer
    msiexec /i"C:\sec_52\ServerInstaller\Database32.msi" DATABASE_SERVERNAME="(local)\SOPHOS" DATABASE_USERNAME="SophosManagement" DATABASE_USERNAMEDOMAIN="Domain" INSTALLDIR="C:\Program Files\Sophos" CREATE_DATABASES=0

    64-bit Computer
    msiexec /i"C:\sec_52\ServerInstaller\Database64.msi" DATABASE_SERVERNAME="(local)\SOPHOS" DATABASE_USERNAME="SophosManagement" DATABASE_USERNAMEDOMAIN="Domain" INSTALLDIR="C:\Program Files (x86)\Sophos" CREATE_DATABASES=0

    Note the CREATE_DATABASES property tells the MSI not to worry about the database and really just unpacks the files and registers the install with the system.

    I'm not sure what version you are starting with but adjust the MSI path accordingly to the current version install files.  I assume you still have the install directory of the current installed version in the root of the C drive.  If not you will have to download the SFX for the installed version from Sophos.com

    Hopefully this might explain the problem you have but I've made some assumptions.

    Regards,

    Jak

  • 0 in reply to jak

    now my db is 5.5.0 but the error is they don't match I uninstalled the management console and the updater but the management server wont uninstall it is 5.3.1 and the db is 5.5.0 so no match and no install this is ridiculous how is it even possible to pass this check if they can never match until the install is done?

     

    The Enterprise Console components installed on this computer are not the same version. Please follow the instructions in http://mgminst-01.p.link.sophos.com/a/en/118083 to fix this issue.

     

    its bad because I can compile squid in a shell but Sophos is insane

  • 0 in reply to jason norris

    I'm not sure if you're sorted but if you had, for example, the components:

    • Sophos Enterprise Console 5.4
    • Sophos Management Server 5.4
    • But no Sophos Database of 5.4

    Then you try and upgrade to 5.5, you would need to install the 5.4 database component first to ensure all components are 5.4 before running the 5.5 installer.  

    To do so, it should be the case of just obtaining the SEC 5.4 SFX again from Sophos.com Downloads or hopefully the unpacked files maybe still in the root of say, C from when 5.4 was initially installed.  

    Running the single MSI command above using the 5.4 Database MSI to just add the Database component before running the 5.5 installer (setup.exe) should do it.

    Regards,

    Jak

     

     

  • 0 in reply to jak

    Thanks Jak

    I ended up just starting over with a new server a little history this system was installed before I started here and was never actually fully functional, the entire system was improperly installed and configured.  so I was working with a system where I had zero admin privilege despite being a domain admin then every part I tried to work on failed you know how frustrating it is when you are told to talk to yourself to resolve an issue repeatedly by a software system that you are simply trying to upgrade. After spending 6 days waiting for a response from Sophos helpdesk and many hours of frustration I decided I could continue fighting and waiting for help or just start over I spent 6 days with no protection fighting a loosing battle when I got wise and just rebuilt the server I had the installer and a license just no cooperation from the server and had it up and running in just over 12 hours last night our Sophos server said its first words I love the features and the power of Sophos just not the support services and this issue has opened my eyes a bit I installed Bitdefender free on a couple of critical systems just to be safe and it started Finding and quarantining files all over the network even the upgraded Sophos system does not see these files as malicious even when I directly scan these files I do not believe Sophos is as secure as I originally thought and if something does not change this will be our last year on Sophos it has shaken my trust, support is lax, the appliance is hard to upgrade, the Sophos management server, and Sophos enterprise console cannot be fixed by anyone but me if they are ever damaged and with new threats evolving everyday for example "WannaCry" it is very concerning that a free av will find things Sophos overlooks. Thanks again for all you tried to help me with its good to know there are still people out there willing to help.

  • +1 in reply to jason norris

    Glad you're up and running and at least you know it's working and how.

    Do you have any desire to move to a Cloud based solution?  The Sophos Central managed client does now seem to be getting most of the attention, certainly when it comes to integrating the next best thing. Plus you get mobile management.

    Sophos semi-recently acquired Surfright, the company behind Hitman Pro. The focus on that software being exploit mitigation (signature-less) and anti-ransomeware, the Cryptoguard feature spots files being encrypted, shredded, etc, and recover those that were before the threat is terminated - https://www.youtube.com/watch?v=3KGVqKrRZo0.  

    The are both available in Central and SEC managed on-premise.  One benefit of Central is that it has Root Cause Analytics (RCA) to describe how the malware was detected and what files were touched, etc.. https://www.youtube.com/watch?v=AOsjUjp4P7Q.  It has a little more management over the SEC solution.

    The next thing on the cards (I assume by the end of the year) will most likely be the machine learning technology of Invincea https://www.invincea.com/2017/02/sophos-to-acquire-invincea-to-add-industry-leading-machine-learning-to-its-next-generation-endpoint-protection-portfolio/.  This should do great things for pre-execution detection of malware.

    So with the more traditional signature AV feature as backup lets say, the mitigation runtime work of HitmanPro (including Cryptoguard) and then the pre-execution machine learning of Invincea,  I think that the Sophos Endpoint, along with all the control feature to add layers will be up there with anyone when it comes to detection.

    I'm pretty optimistic.

    Regards,

    Jak

Reply
  • +1 in reply to jason norris

    Glad you're up and running and at least you know it's working and how.

    Do you have any desire to move to a Cloud based solution?  The Sophos Central managed client does now seem to be getting most of the attention, certainly when it comes to integrating the next best thing. Plus you get mobile management.

    Sophos semi-recently acquired Surfright, the company behind Hitman Pro. The focus on that software being exploit mitigation (signature-less) and anti-ransomeware, the Cryptoguard feature spots files being encrypted, shredded, etc, and recover those that were before the threat is terminated - https://www.youtube.com/watch?v=3KGVqKrRZo0.  

    The are both available in Central and SEC managed on-premise.  One benefit of Central is that it has Root Cause Analytics (RCA) to describe how the malware was detected and what files were touched, etc.. https://www.youtube.com/watch?v=AOsjUjp4P7Q.  It has a little more management over the SEC solution.

    The next thing on the cards (I assume by the end of the year) will most likely be the machine learning technology of Invincea https://www.invincea.com/2017/02/sophos-to-acquire-invincea-to-add-industry-leading-machine-learning-to-its-next-generation-endpoint-protection-portfolio/.  This should do great things for pre-execution detection of malware.

    So with the more traditional signature AV feature as backup lets say, the mitigation runtime work of HitmanPro (including Cryptoguard) and then the pre-execution machine learning of Invincea,  I think that the Sophos Endpoint, along with all the control feature to add layers will be up there with anyone when it comes to detection.

    I'm pretty optimistic.

    Regards,

    Jak

Children
No Data
Unfiltered HTML