Thread Info
  • Locked Locked
  • Replies 296 replies
  • Subscribers 52 subscribers
  • Views 742916 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

Bianson

**Update 9** Root cause analysis KBA has been published: see knowledge base article for the latest.

**Update 8** As part of a routine database maintenance task customers may notice a few intermittent install and policy rendering failures. Please retry before contacting support. 7/17/2017 8:00 AM PST

**UPDATE 7** Some customers may notice a few intermittent install failures, please retry before contacting Sophos Support. 7/14/2017 2:00 PM PST

**UPDATE 6** Installations are being processed normally, service is restored. Please re-download installer from Central. 7/14/2017 9:00 AM PST

**UPDATE 5** Installations are now working as of July 13, 2017 19:00 UTC-5. See knowledge base article for the latest.

**UPDATE 4** New installs likely to still fail. http://centralstatus.sophos.com/#!/ has latest update. 

**UPDATE 3** System is now processing backlogs. Please see last updates here.

**UPDATE 2** Issue is ongoing, apologies. Impacts all areas within Central that rely on MCS communication between client and Central. 7/13/2017 8:00 AM PST

**UPDATE** Development has identified root cause and is working on a fix. 

Hello,

We are seeing delays with policy changes and enforcement in Sophos Central (US-West region) as well as installation failures due to inability of new endpoint installations to initially register. Our engineers are working to restore latency. Please note your endpoints remain protected. Updates will be provided on this thread.

KBA: https://community.sophos.com/kb/en-us/126477

Thank you,

Bob



This thread was automatically locked due to age.
Parents

  • Why am I seeing the "One or more Sophos services are missing or not running" error message so often now?  I would really like a reason for this. 

    Is this message accurate? and if so, why are these services 'missing or not running'? I've checked on occasion and services 'appear' to be running.

     

     

     

  • in reply to LRB

    Lance, if you go into services on your Windows machine, you will probably find that the Sophos Antivirus service has disappeared (90% of this issue) - or that all the Sophos services have been set to disabled , but you can't set them to manual or automatic (you get a denied message) even if you are an admin on the box. You can't uninstall as tamper protection is enabled but you can't update the machines policy to disable tamper protection because it won't connect to the cloud to update the policies, which don't work all the well even when all the services are enabled and not missing

  • in reply to Karlos

    Re: Services running / not running - honestly I get so many now, I would just checking all day long to see if services are running or not. 

     

    Yesterday I found a Intercept X (HMPro) service not running on a couple computers - Why? Who knows. This leaves me unprotected and its not good enough. 

  • in reply to Karlos

    No...they are NOT MISSING.

    That IS the problem right there. Sophos Central has no idea......which would seem to indicate a major communication problem.

    And to add insult to injury....I got emailed about a released product update yesterday and to push out to my Test Machine. Did that yesterday.

    32 hours later......still not there.

     

    You SERIOUSLY CANNOT expect us to stand by while you guys work the problem?? I paid thousands of dollars for this.......:(

    I need a product that works, thats the bottom line here. If I push an Update, it better get installed a few min later, not hours or days later.

    How do you sleep at night because I can't.  I just wasted a whole bunch of my companies money on a product that can't perform.

     

    Today I have my job, tomorrow I may not be so lucky. 

     

  • in reply to Howiedog

    This simple truth is this:  We are locked into multi-year contracts with their garbage beta software and there is nothing we can do.  So while we fret and worry about security, their execs are laughing and partying on our dime.  I have already steered several potential customers away and I will continue to do so as long as this product fails to do what it claims.

  • in reply to K_M

    Just performed a fresh install of Sophos Endpoint and when I go into the About section I see my client is in a Warning (Yellow Exclamation Point) state.

    The Management Communication is reporting: Failed with error 'WinHttpSendRequest failed:12007' at 11:40:39 Nov 16, 2017 [UTC-5:00]

    All the other areas are Green Check marks except my Policy section is a Blue i so I'm not confident this client has received a Policy.

     

    Anyone else having Management Communication problems? I can confirm I am not blocking traffic to the Management Server.

  • in reply to Jan Vincent Agay

    Haven't had any Management errors today.....yet.

    MID November...a patch is coming?? Soon? or Wishful thinking..stringing us along!! We'll see.

     

    Uninstalling Sophos...seems to be another thorn in my side. 

    1) Disable Tamper Proof (Cloud Console)

    2) remove Sophos software from client

    3) Tamper Proof must be turned off.......wait....wait....wait...for 20 min.

    4) Try uninstall again: Attempting to stop AutoUpdate. Failed Reboot required

    5) reboot

    6) Try uninstalling again. Attempting to stop AutoUpdate (again) Failed. reboot required (what..I just did that?)

    7) reboot

    8) try again......AutoUpdate is Updating...please wait.

    9) wait for 5 min......uninstall fails again...reboot required

    10) Uninstall for the 4th attempt....finally it uninstalls...but guess what...ANOTHER REBOOT.

    So....4 reboots to get this abomination removed.

    In between all this...Console shows...:Failed to install Unknown   

    The amount of concise reporting is mind boggling. So what the hell failed that is UNKNOWN??

     

    IMPORTANT & URGENT:

     

    WISH LIST: The Console MUST have the ability to remove client software, pure and simple. Access to a users PC and 4 reboots is unacceptable. (meaning this can ONLY be done after hours)

    Worst purchase I have ever made.

     

     

     

     

     

     

     

     

     

     

     

     

  • in reply to Howiedog

    I am guessing that "unknown" is related to "nothinging":

     

  • in reply to K_M

     

    Ok..I guess I will need to open yet another Ticket.

    None of the Updates are happening today and haven't since Nov 8th, so no protection for the same amount of time.

    ****

    Download of WindowsCloudServer failed from server http:∕∕dci.sophosupd.com∕update.

    ****

    GARBAGE...GARBAGE...GARBAGE...

  • in reply to Howiedog

    "Download of WindowsCloudServer failed from server http:∕∕dci.sophosupd.com∕update"

     

    Is a "normal" error message; this is a message indicating there is no newer version of the endpoint agent / engine, not the pattern updates.  They really should clarify this message, but that's what it is.  You'll see a similar one on endpoints.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • in reply to BrucekConvergent

    Sophos......A normal error message, well thats unique.

    But not thinking that is true. I removed the Cache Server, re-deployed and now it seems to be working..Updating....that is. It was OUT OF DATE, but no longer is. So if there was no new Endpoint or Pattern updates...what got updated?

    Who knows right...I don't even think Sophos knows. 

    Not going to dig in at this point because still unsure if we will continue on with Sophos. So far its a full time baby sitting job and I am not impressed at all.

  • in reply to Howiedog

    I wanted to post this here just because of the readership numbers and see if anyone may know this scenario. Will also create a NEW POST.

    With regards to the Cache Server, the one that I had...is now gone. I had to do this to make sure it was indeed that Server that was creating an large amount of traffic.

    It appears it was the cause as my traffic is back to normal. (my normal)

    Scenario: It seems that each Endpoint when it attempts to contact the Cache Srvr, broadcasts to 192.168.2.0 specifically. (ip for example only)

    This is worse when its across a VPN.

    Anyone have any ideas why its going to like the Root Subnet IP??

Reply
  • in reply to Howiedog

    I wanted to post this here just because of the readership numbers and see if anyone may know this scenario. Will also create a NEW POST.

    With regards to the Cache Server, the one that I had...is now gone. I had to do this to make sure it was indeed that Server that was creating an large amount of traffic.

    It appears it was the cause as my traffic is back to normal. (my normal)

    Scenario: It seems that each Endpoint when it attempts to contact the Cache Srvr, broadcasts to 192.168.2.0 specifically. (ip for example only)

    This is worse when its across a VPN.

    Anyone have any ideas why its going to like the Root Subnet IP??

Children
No Data
Unfiltered HTML