This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto update Failed

Hi all, 

I have some sophos endpoint and protection problem, the client cant download the antivirus database.

The error message " Download of Windows Cloud Next Gen failed from server http://dci.sophosupd.com/cloudupdate. "

It happened from 12 Oct 2015 until now?

Anyone have a same problem?

Regards,

Arthur



This thread was automatically locked due to age.
Parents
  • We have this issue on several clients, a temporary solutions seems to just uninstall/restart/install Sophos, what is honestly, ridiculous! Even rolling out a newer Sophos Clientinstall version through the Logonscript/GPO isn't solving the issues.

    More weird, it's not on every Client, we have clients within the same LAN segment (using the same internet connection etc.) that are having this issue, others just don't and are working fine.

    Sounds like a big joke to me.

    We need a solution for this, asap! Didn't contact support yet, but reading here that several people have the issue and the support never came back to them isn't a good sign, or is there anything new on this issue?

    The KB is a joke about this! I can PING the server, I can connect to it without the /cloudupdate or /update path... this isn't funny at all!
  • What does it say for the last failed update attempt in the AutoUpdate log file?

    It might be easiest to rename the current log file:

    C:\ProgramData\Sophos\AutoUpdate\Logs\sophosupdate.log

    Then initiate an update to generate a new log just containing the last update.

    Can someone paste the contents here or link to it?

    Are the clients going through a proxy performing caching?
    Is there a common web proxy in the mix here?

    Regards,
    Jak
  • It is interesting, we started a support request over our Cloud-Login and never got an reply, but we got one here...

    The Log looks like the following, a few things to mention:
    - no proxy
    - several clients on the same IP segment, some update, some don't
    - Clients are all Win7 and configured all the same
    - if I remember it right, some Sophos have been manually uninstalled and re-installed and worked for a bit but also tend to show the same issues again
    - in the end we have several sites, even mobile clients, some update (or at least seem to) and some don't - what makes me really think is that they are still able to talk to the cloud and tell the cloud, hey, I couldn't download the files... if there would be a configuration error or what so ever, why doesn't the cloud just fix it? I don't see a reason that so many clients have issues and are totally out of date, that's no protection at all...

    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain =========================
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain SophosUpdate is starting.
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain AutoUpdate version : 4.0.5.39
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain SophosUpdate version : 4.0.5.16
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Build : 98074
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain =========================
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Set process security
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Initialise COM.
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Load config.
    2016-02-23T18:03:28.675Z [ 8660] INFO `anonymous-namespace'::ReadFileContents Slurping file of size 868 bytes.
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Create registry reporter.
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Load state.
    2016-02-23T18:03:28.675Z [ 8660] INFO StatePersister::Load Loading state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2016-02-23T18:03:28.675Z [ 8660] INFO WinMain Create progress reporter.
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Create language neutral logger.
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Create downloader.
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Create installer.
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Create adapter writer.
    2016-02-23T18:03:28.690Z [ 8660] INFO IPCBase::IPCBase IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Create completion reporter.
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Create update logic.
    2016-02-23T18:03:28.690Z [10076] INFO `anonymous-namespace'::SenderThreadFn::operator() Sender thread started.
    2016-02-23T18:03:28.690Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend started
    2016-02-23T18:03:28.690Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
    2016-02-23T18:03:28.690Z [ 8660] INFO WinMain Performing update.
    2016-02-23T18:03:28.690Z [ 8660] INFO UpdateLogic::Update Reporting update start.
    2016-02-23T18:03:28.690Z [ 8660] INFO IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    2016-02-23T18:03:28.690Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    2016-02-23T18:03:28.690Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
    2016-02-23T18:03:28.690Z [ 8660] INFO UpdateLogic::SyncAndInstall Syncing products.
    2016-02-23T18:03:28.690Z [ 8660] INFO SDDSDownloader::SyncInternal Adding Sophos Location: dci.sophosupd.com/cloudupdate
    2016-02-23T18:03:28.690Z [ 8660] INFO SDDSDownloader::SyncInternal Adding Sophos Location: dci.sophosupd.net/cloudupdate
    2016-02-23T18:03:28.690Z [ 8660] INFO SDDSDownloader::SyncInternal Username: W6PF9X7CJA
    2016-02-23T18:03:28.690Z [ 8660] INFO SDDSDownloader::SyncInternal No manually configured proxy.
    2016-02-23T18:03:28.690Z [ 8660] INFO WindowsProxyDiscoveryWrapper::GetDefaultProxyConfiguration WinHttp default proxy not set
    2016-02-23T18:03:30.999Z [ 8660] WARN WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.
    2016-02-23T18:03:31.140Z [ 8660] INFO ProgressReporter::UpdateDetails Product: {E17FE03B-0501-4aaa-BC69-0129D965F311}, updateSize = 0
    2016-02-23T18:03:31.155Z [ 8660] INFO SUL-Log [I96736] Looking for package cd2a5386-f08c-42b1-8d98-40240059e361 RECOMMENDED 1
    2016-02-23T18:03:31.155Z [ 8660] INFO SUL-Log [I19463] Syncing product cd2a5386-f08c-42b1-8d98-40240059e361 418
    2016-02-23T18:03:31.155Z [ 8660] ERROR SDDSDownloader::ReportSyncFailure Failed to distribute product
    2016-02-23T18:03:31.155Z [ 8660] INFO UpdateLogic::SyncAndInstall Saving state.
    2016-02-23T18:03:31.155Z [ 8660] INFO StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2016-02-23T18:03:31.155Z [ 8660] INFO UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
    2016-02-23T18:03:31.171Z [ 8660] INFO IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>ESHSXP</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR: Download of ESHSXP failed from server dci.sophosupd.com/.../Config>
    2016-02-23T18:03:31.171Z [ 8660] INFO WinMain SophosUpdate has completed with the result 0.
    2016-02-23T18:03:31.171Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>ESHSXP</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR: Download of ESHSXP failed from server dci.sophosupd.com/.../Config>
    2016-02-23T18:03:31.171Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
    2016-02-23T18:03:32.185Z [10076] INFO IPCSender::ProcessSend IPCSender::ProcessSend exiting
    2016-02-23T18:03:32.185Z [10076] INFO `anonymous-namespace'::SenderThreadFn::operator() Sender thread finished.
    2016-02-23T18:03:32.185Z [ 8660] INFO StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
  • These lines look odd, I would have thought rather than the GUID - cd2a5386-f08c-42b1-8d98-40240059e361
    that should be the friendly name for the package.

    2016-02-23T18:03:31.155Z [ 8660] INFO SUL-Log [I96736] Looking for package cd2a5386-f08c-42b1-8d98-40240059e361 RECOMMENDED 1
    2016-02-23T18:03:31.155Z [ 8660] INFO SUL-Log [I19463] Syncing product cd2a5386-f08c-42b1-8d98-40240059e361 418

    If you look under the registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\Service\CloudSubscription
    Does it look like this:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\Service\CloudSubscription]
    "RigidName"="WindowsCloudNextGen"
    "Tag"="RECOMMENDED"
    "BaseVersion"="11"

    Regards,
    Jak
  • No, those are the entries:

    (Default)=(value not set)
    BaseVersion=1
    RigidName=cd2a5386-f08c-42b1-8d98-40240059e361
    Tag=RECOMMENDED

    So the Version as well as the RigidName are totally different to what you write...

    I checked it on my own machine and found it looks like your version, but this can't have to do with any GPO or other settings. We have several clients that aren't even connected to our ActiveDirectory Domain, they run as stand-a-lone clients, and they have similar issues. If there is something wrong, it is because Sophos itself has issues, and sorry - we can't just overwrite those Registry settings, for that we would need all the clients to be connected to the AD besides that those are specific Sophos values.

    And yes, it is odd - the Cloud itself tells us that the client doesn't have a current update, we can't do much in the Admin-Console, we don't get a lot information there either. The client shows as still communicating with the Admin-Console, so the issue is somewhere else. And asking Google brings forward that many people seem to experience similar issues.

    We need a solution for this, and quick.

    Btw. the Admin-Console should rather send out information about this like daily summaries etc. - instead we need to log on and do a review that also is pretty complicated compared to other vendors. Worse, we barely realized that 1/3 of our clients isn't up to date anymore, that's horrible. A working Antivirus solution is essential!
  • A week later, support answer and revers to this link: www.sophos.com/.../121174.aspx

    Well - it's not that we didn't look into that already a long time ago. We have way to many clients that don't update, this is not caused by a GPO nor anyhow explainable. It is not a Proxy or anything else. We talk even about separate Internet Connections etc...

    So far, I got the better support here - still I will reply to them with the SDU.log they requested.

    Any other ideas what is going on here?
  • Hello,  

    Did the message I sent you help?

    Regards,

    Jak

Reply Children