This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update Manager stuck at Downloading Binaries

 I've noticed that my Update manager (only 1 server) has been stuck at Downloading Binaries since Aug 15th. It's showing Version 1.6.1.124, and there are no errors/alerts showing on that Dashboard screen. 

I've look this issue online, and tried a few things, Delete folders, restart services, restarted server and so on... nothing worked. I even have a ticket open with Sophos, and I'm currently not impressed with their support... i've had better service from TrendMicro.

I've upgraded the Enterprise Console back in May from 5.2.2 to 5.5.0, and haven't had a problem since. Looks like my Endpoints are still getting updates via the manager, and they seem current, but when doesn't the Console show it?

I've tried to reinstall the update manager, as per support, and it seemed to go through... i didn't get any errors, it just went by quick.

Only thing I've noticed different was that there seemed to have been an update to the Update Manager on that same day, and it hasn't worked since.

Any ideas on what I should do next? Since support isn't too helpful....



This thread was automatically locked due to age.
Parents
  • First check for me is if SUM can report status into the management server.

    You could check the last message time of the SUM computer in the endpoint view - Computer Details column is fine.  This should be pretty recent and this will prove if RMS is working gernerally.  I.e. RMS on the SUM computer is able to send in a status or event message - either contribute to this timestamp.  

    This status may not however include data about the SUM.  For this reason, it would be good to prove that status info about SUM can be returned.

    One quick check - in the registry on the SUM server you can change the version of SUM, just temporarily. It is returned from this value: 

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\UpdateManager
    Product Version
    e.g: 1.6.2.186

    If you change it to say, 1.6.2.1861 and restart the "Sophos Agent" service, within 20 seconds, the UI of the Console should reflect this new string.

    You should shortly after revert the value in the registry and restart the Sophos Agent to return the value.

    This test will prove that the Sophos Agent service is able to load the SUM adapter DLL and is able to return a SUM status to the management server.

    Also can I check - is the SUM server in this state on the management server or is it remote?

    Regards,

    Jak

  • Hi Jak,

    Thanks for the info... 

    I did what you mentioned, and when I check the last message time it lists Aug 15th, thats for all my endpoints along with the SUM... I noticed that the SUM has an IP of 169.254.X.X, while all my endpoints have their respective ips... don't know if that's an issue, never noticed it before.

    as for the Registry temp change, it didn't reflect at all in the UI... So I switched it back.

    I have sent more info to Sophos support yesterday and today, and haven't heard anything yet. I'm almost at the point of reinstalling the Enterprise Console to see if that would fix this issue.

    Thanks

    Denis

  • Of the 5 IPs on the server, there are 3 169 addresses in the router and 2 other IPs. Of those 2 IPs, is the server managing computers via both those interfaces or could all the clients you're managing just use one?

    If the IP is static you could explicitly define it by editing:

    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SophosMessageRouter" changing the value for 'ImagePath' from (for example):

    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194

    to

    "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://192.168.15.1:8193/ssl_port=8194

    The IP address should be the one that the clients can connect to.

    Then Edit "HKEY_LOCAL_MACHINE\SOFTWARE\sophos\Messaging System\Router", changing the value for ''ServiceArgs" from (for example):

    "-ORBListenEndpoints iiop://:8193/ssl_port=8194"

    to

    "-ORBListenEndpoints iiop://192.168.15.1:8193/ssl_port=8194"
    Again the IP address should be the one that the clients can connect to and the same as above.

    If you restart the Sophos Message Router service then and check the IOR it will be shorter and only have reference to the one IP.  This way, after clients read this IOR string they will come straight back to the right IP and port 8194.

    Once done.  I would be interested to see some logs of the messaging system.

    Restart the Sophos Router and Agent service on a client, wait 1 minute (to guarantee a status message has been generated). Can we see the new Agent and Router log file that has been created?


  • Hi Jak,

     

    Thanks for the help... after looking at your suggestions, I looked on my Sophos server, and I don't have this in the registry

     Edit "HKEY_LOCAL_MACHINE\SOFTWARE\sophos\Messaging System\Router"

    I only have ManagementServer, Patch and ServerSecurity under Sophos.

  • Sorry, those paths should be under:
    hklm\software\wow6432node\sophos\....
    ...as they are all 32-bit applications.

    You're seeing the 64-bit components under the 'other' Sophos key.

    Regards,

    Jak

  • Hi Jak,

    After doing what you suggested, now my Update Manager finally reported and it's saying its up to date.

    I checked the Sophos-Management-Services.log, and it seems to be back as it was before, the same pattern i mean. :-)

    That seemed to have solved the issue... but how did that issue start i'm wondering...

    Thanks for all the Help!!!!

  • Glad it's sorted.

    I assume those 169 addresses have always been there and hence the IOR string always had the 5 profiles?

    Also, in the event log of the server, or the SUM, etc.. at the same as the time was frozen.  Did the RMS package get installed, there should be an event from MSI?  If so, what version was it?

  • They might've been, I'm not certain as I never looked at those logs before. But now that I know how, if any other similar issue comes up, I'll know where to start.

    Thanks again!

     

    Denis

  • I'm having this same problem.  I followed these instructions and this registry change fixed it.

  • Hi Support team,

    I have the same issue and following this topic but i'm not sure about your IP address mention in the instruction here: 192.168.15.1 

    Is that the IP address of Sophos Enterprise Console server ?

     

    My Enterprise Console had been stuck in downloading binaries

    And also can't access by the credentials. Of course my license still active.

    I had tried with the KB below

    https://community.sophos.com/kb/en-us/111428

    My connections to Sophos Update Website still works but the virus definition still not be updated.

    So please help to advise/suggest for my case.

    Thanks you !

  • On the management server can you restart the Sophos Message Router and Sophos Agent service - leave it about 2 minutes then attach the last log of the Router and Agent.

    \programdata\sophos\remote management system\3\router\logs\

    \programdata\sophos\remote management system\3\agent\logs\

    Probably best to zip the two files up and then drag the zip onto the text editor when you reply.

    Regards,

    Jak

  • Hi Jak,

    Thanks for your email,

    I tried to fill my Server IP in registry and Enterprise Console had run back.

    So follow this topic and your instruction had resolved my problem.

    Best Regards,

    Hoan Nguyen

Reply Children
No Data