This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

windows 2003 not updating

i have tried the following but server will still not update. i get a error to say the "this installation package could not be opened. verify that the package exist and that you can access it, or contact the application vendor to verify that this is a valid windows install package"

community.sophos.com/.../16187



This thread was automatically locked due to age.
Parents Reply Children
  • Hello paul foley1,

    ...\Sophos Anti-Virus\Cache is SAV's cache that serves a different purpose. The article is referring to ...\AutoUpdate\Cache. The SAV log you've posted suggests that AutoUpdate is installed and running, so the cache should be there. Can't say if this article (written for 7.6) still applies and anyway uninstall and reinstall should have done some cleanup.

    Christian

  • Hi QC

     

    yes i think the autoupdate is working ok but the cache folder is not there. server is not showing up to date. i have uninstalled and reinstalled but still no joy. i have compared another server 2003 and it looks as if folders are missing

    the non updated server folder

    up to date server folders

  • Hello paul foley1,

    as said, I think the folders should have been moved (at least on the XP I had running until sowm months ago they have). If AutoUpdate (on the "non" server) is running it should write somewhere, and it should write a log. Is there an AutoUpdate\Logs\ folder under All Users and if, is there a recent ALUpdate log? Or perhaps search the whole drive for it. The dates of the files are different on the two servers - are the files otherwise identical?
    Can you open the Sophos GUI on the "non" server and does it provide the detailed Product Information?

    Christian 

  • Hi QC the non updating server has a ALUpdate20171002T165304.7147670.log date modified 03/10/2017 11:06

    some info from the log if that helps

    Trace(2017-Oct-03 11:06:07): Null update
    Trace(2017-Oct-03 11:06:07): ALUpdate(Action.Skipped): SAVXP
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate...
    Trace(2017-Oct-03 11:06:07): CustomFileMap::CustomFileMap. CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: Subfolder = savxp productID = {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\savxp.custom
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File exists and appears valid.
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2017-Oct-03 11:06:07): Updating plugin cache for SAVXP
    Trace(2017-Oct-03 11:06:07): Successfully updated plugin cache for SAVXP
    Trace(2017-Oct-03 11:06:07): SimpleProduct::DoAction isLater==false skipAction==false isUninstall==false m_lastUpdateSucceeded==true numfilestocahce 1 Actiontype SetupNot preinstalled product
    Trace(2017-Oct-03 11:06:07): Null update
    Trace(2017-Oct-03 11:06:07): ALUpdate(Action.Skipped): Sophos AutoUpdate
    Trace(2017-Oct-03 11:06:07): Updating subscription information from product ID data.
    Trace(2017-Oct-03 11:06:07): Rigid name: E3D9A230-334F-44DC-8FF6-B4AF383B4FD9
    Trace(2017-Oct-03 11:06:07): Version: 10.7.2.2.3692.1
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate...
    Trace(2017-Oct-03 11:06:07): CustomFileMap::CustomFileMap. CachePath = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File path = C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\cache\sau.custom
    Trace(2017-Oct-03 11:06:07): CustomFileMap::Read: File exists and appears valid.
    Trace(2017-Oct-03 11:06:07): CIDUpdateLocation::OnNullUpdate complete.
    Trace(2017-Oct-03 11:06:07): Updating plugin cache for Sophos AutoUpdate
    Trace(2017-Oct-03 11:06:07): Successfully updated plugin cache for Sophos AutoUpdate
    Trace(2017-Oct-03 11:06:07): RMSMessageHandler: ALUpdateEnd
    Trace(2017-Oct-03 11:06:07): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2017-Oct-03 11:06:07): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2017-Oct-03 11:06:07): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2017-Oct-03 11:06:07): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2017-Oct-03 11:06:07): Telemetry::LoadTelemetrySupplement 300: Telemetry Interval set to 86400 seconds
    Trace(2017-Oct-03 11:06:07): Telemetry::LoadDocument 174: C:\Documents and Settings\All Users\Application Data\Sophos\AutoUpdate\\Config\TelemetryConfig.json loaded
    Trace(2017-Oct-03 11:06:07): Telemetry::LoadTelemetrySupplement 341: Telemetry Interval updated to 86400 seconds
    Trace(2017-Oct-03 11:06:07): Telemetry::CalculateLastTelemtryTime 89: Telemetry last ran at 2017-10-02 10:01:09, Offset 6705, Offset Time 2017-10-02 11:52:54
    Trace(2017-Oct-03 11:06:07): Telemetry::HasTelemetrySchedulePeriodElapsed 113: Telemetry schedule has not elapsed.
    Trace(2017-Oct-03 11:06:08): IPCSender::ProcessSend exiting
    Trace(2017-Oct-03 11:06:08): ALUpdate finished

     

    sophos console screen shot. i have blanked out the server name

  • Hello paul foley1,

    it clearly mentions the cache path and from the messages the cache should be populated (and the .msi in the \savxp subfolder). The differs and unknown stem from the fact that SAV fails to initialize with this "handle" error.
    Virus data are loaded from the SAV Program Files directory by SAVService.exe. The handle problem should be transient, wonder if Process Monitor could give a hint where it fails.

    Christian

  • Hi QC

    would you like me to run the process monitor then reinstall sophos?

  • Hello paul foley1,

    no installation, update or the like. I'd run it just for the SAVService.exe process, in case the Sophos Anti-Virus service is running stop it, start Process Monitor and define the appropriate filter, then start the service. Guess the error is issued almost immediately (recorded both in SAV.txt and the Event log). 

    Christian   

  • A couple of thoughts:

    1. Can you run SAV32CLI, does this load the virus data OK?
    CMD running as admin:
    CD \Program Files\Sophos\Sophos Anti-Virus\
    SAV32CLI

    Does it error or scan?

    2. I've also seen such errors if there is an issue with the config files of SAV, specifically permissions.

    Can you check the permissions on the config directory and xml files (specifically machine.xml) under:
    \documents and settings\all users\application data\sophos\sophos anti-virus\config\.
    Can the SAVService.exe read/write to the config files OK given the account it is running as.  LocalService on 2003 I think.
    Maybe if you have a working XP/2003 server you can check the permissions match up.

    Hope it helps.

    Regards,

    Jak

  • Hi Jak

     

    1. scanning

     

    2. permissions all look ok

  • In that case maybe verbose trace logging of SAVService will indicate the issue.  Can you follow:

    https://community.sophos.com/kb/en-us/38027

    to get an enhanced SAV.txt when the SAV Service starts.

    Don't forget to disable it once you have a SAV.txt that covers the startup issue.

    Regards,

    Jak