Sophos Central Endpoint Protection failed... Failed to retrieve policy within 900 seconds

English/German!?

 

I've setuped several Endpoints with "SophosSetup Endpoint.exe" successfully... last weekend i migrated my Sophos SG to an Sophos XG Firewall... now i got a Client with "non-compliant policys" and so i tried to reinstall the Endpoint...

 

But the installer allways stuck on:

2019-09-04T14:30:53.4936137Z INFO : Attempt to retrieve policy.
2019-09-04T14:30:53.4936137Z INFO : Sending HTTP 'GET' request to: sophos/management/ep/install/commands/applications/APPSPROXY;ALC/endpoint/f5c799e1-df9e-4461-7b0b-3cd3a4ce8710
2019-09-04T14:30:53.4936137Z INFO : Request content size: 0
2019-09-04T14:30:53.4936137Z INFO : ValidateFileCertificateCheck: Validate certificate against file on WINHTTP_CALLBACK_STATUS_SENDING_REQUEST
2019-09-04T14:30:53.4936137Z INFO : Certificate check succeeded
2019-09-04T14:30:53.5087486Z INFO : ValidateFileCertificateCheck: Ignore WINHTTP_CALLBACK_STATUS_REQUEST_SENT
2019-09-04T14:30:53.5248557Z INFO : Response status code: 200
2019-09-04T14:30:53.5248557Z INFO : Response data size: 140
2019-09-04T14:30:53.5248557Z INFO : No policy assignment command; wait for policy to render
2019-09-04T14:30:58.5406682Z ERROR : RegisterCommand::onRun standard exception: Failed to retrieve policy within 900 seconds

Even, with Internetconnection from outside our Corporate Network (without XG firewall) it doesnt work!?

cleaned_SophosCloudInstaller_20190904_141536.log

  • Hi  

    Could you try to download the fresh installer and then try to re-run the same on one of the endpoints. Also please make sure these domains and ports which are required for successful installations and communication of endpoint to Sophos central and vice versa are allowed in your environment. 

  • Hi PatricBlass,

    I liked your troubleshooting step of trying this outside the network to rule out your firewall as part of the problem.

    Was this machine previously on Sophos Central?  One thing I would suggest trying out is to rename the Windows machine and try the install again.  You can rename it back after.  

  • Thanks for your comments... i've tried today with same (old) installer, from our normal LAN (behind the new XG firewall). And all works just fine... So as often... just wait some hours - and everything is working !? ;)

    I dont know, what was wrong.