Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 18 subscribers
  • Views 34683 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nearly half of our endpoints unable to update and present "The security health cannot be reported at the moment" WHY?!!!

rozrohan

Hi All,

Over the last few months more and more of our endpoint clients are failing to update with "Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.com∕update."
along with "The security health cannot be reported at the moment" under the endpoint Status.

Why has this started happening? It is probably 50-60 of our 100+ agents doing it. 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Could be check if the below list of Domains and ports are allowed in the network.

    • *.sophos.com 
    • *.sophosupd.com
    • *.sophosupd.net
    • *.sophosxl.net
    • ocsp2.globalsign.com
    • crl.globalsign.com
    • 80 (HTTP)
    • 443 (HTTPS)

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Please also read this thread: Updating failed because WindowsCloudClean is missing

     

    This is happening to others as well. No changes have been made with our clients, so why would we want to look at what you have suggested?

  • 0 in reply to Ron Foster

    Hi  

    The reason that i asked you to check is that it could even happen if there is any change in the network, preventing the client from getting the updates. Since are sure that no changes are made, could you share the details from C:\ProgramData\Sophos\AutoUpdate\logs\Sophosupdate.log

    Search for any lines which contain “Error” or “Fail” and share the logs here so that we can get a clear idea on it.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Firstly, my apologies if I "sounded" brusque, that was not my intention.

    Anyway, here is a sample from one of the affected PCs log as you have suggested, I am not sure if there is enough information, but I can get more if required.

    Not sure if that is legible!

  • 0 in reply to Ron Foster

    Hi  

    Could you please you please upload the log here, the screenshot contain's generic entries. 

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    So does anyone know what is happening?

    I have uploaded a sample, I have sent via PM a full log to Gowtham and there is no further feedback.

    There are multiple people who have the issue, clients are not being updated.

    Do we need to call support?

  • 0 in reply to Ron Foster

    I can help decipher some of the log but I don't have an answer I'm afraid. From the attached sophosupdate log file and these lines:

    2017-10-19T12:09:08.150Z [ 7564] INFO SDDSDownloader::SyncInternal Username: 21Z6OI7G4Z
    2017-10-19T12:09:08.150Z [ 7564] INFO SDDSDownloader::SyncInternal Filename: 5babb97aed8d182b0debfbfd5a9475b2

    This is your customer file: http://dci.sophosupd.com/update/5/ba/5babb97aed8d182b0debfbfd5a9475b2.dat

    From that update log it has been the same throughout so no change there.

    The list of warehouses you can access or are pointed at currently are therefore:
    sdds.CEP_11014.2
    sdds.CEPNG_1156.1
    sdds.CloudEnc_1-2-11.1
    sdds.CloudVirt-VS21113692.2
    sdds.Cloud-SVE1103692.6
    sdds.CloudOSX_965_972.3
    sdds.CIX_369Rec_371716Beta.1

    The features you have (as sent down from Central) are unchanged include CLEAN:
    Environment::Print Features: AV CLEAN CORE EFW HBT NTP SAV SDU XPD
    These are listed under: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\Service\PolicyFeatures!Features

    You are using the Recommended of each, i.e. not part of a Early Access Program (EAP) where at least some of these would show up as BETA:
    Print Subscription: WindowsCloudNextGen RECOMMENDED 11
    Print Subscription: WindowsCloudClean RECOMMENDED 1
    Print Subscription: WindowsCloudAV RECOMMENDED 11
    Print Subscription: WindowsCloudHitmanProAlert RECOMMENDED 1

    These Rigidnames are listed under: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\Service\CloudSubscriptions 

    These are the errors:

    ERROR SUL-Log [E75373] Failed to download: sdds.CloudHMP_3-7-0.4
    ERROR SDDSDownloader::SyncInternal Product is missing: WindowsCloudClean

    But given all of the above, I would have thought it should be OK. 

    If I have any further thoughts I'll update this.

  • 0 in reply to jak

    Thanks Jak, that's about where I was.

    I also mentioned to Gowtham that I have just set up a brand new PC (straight out of DELLs box, never seen Sophos) and it has the same problem. So to me the problem would appear to be at the cloud end, not locally.

    R

  • 0 in reply to Ron Foster

    Out of interest, if you log into the Sophos Central.  Click on your username at the top right and choose Early Access Programs, which takes you to:

    https://cloud.sophos.com/manage/eap

    Do you have:

    "Intercept X New Features"

    You could subscribe to.  Once subscribed, under the manage page:

    https://cloud.sophos.com/manage/eap/WINDOWS_Q3_2017

    You could try adding that new computer you mention.  This will send down a different updating policy and subscribe you to the BETA of some of the components:

    Print Subscription: WindowsCloudNextGen RECOMMENDED 11 
    Print Subscription: WindowsCloudClean RECOMMENDED 1 
    Print Subscription: WindowsCloudAV RECOMMENDED 11 
    Print Subscription: WindowsCloudHitmanProAlert RECOMMENDED 1 

    might then become:

    INFO Subscription: WindowsCloudNextGen BETA 11
    INFO Subscription: WindowsCloudClean BETA 1
    INFO Subscription: WindowsCloudAV BETA 11
    INFO Subscription: WindowsCloudHitmanProAlert BETA 1

    Does that suffer the same problem with Clean?

    Regards,

    Jak

Reply
  • 0 in reply to Ron Foster

    Out of interest, if you log into the Sophos Central.  Click on your username at the top right and choose Early Access Programs, which takes you to:

    https://cloud.sophos.com/manage/eap

    Do you have:

    "Intercept X New Features"

    You could subscribe to.  Once subscribed, under the manage page:

    https://cloud.sophos.com/manage/eap/WINDOWS_Q3_2017

    You could try adding that new computer you mention.  This will send down a different updating policy and subscribe you to the BETA of some of the components:

    Print Subscription: WindowsCloudNextGen RECOMMENDED 11 
    Print Subscription: WindowsCloudClean RECOMMENDED 1 
    Print Subscription: WindowsCloudAV RECOMMENDED 11 
    Print Subscription: WindowsCloudHitmanProAlert RECOMMENDED 1 

    might then become:

    INFO Subscription: WindowsCloudNextGen BETA 11
    INFO Subscription: WindowsCloudClean BETA 1
    INFO Subscription: WindowsCloudAV BETA 11
    INFO Subscription: WindowsCloudHitmanProAlert BETA 1

    Does that suffer the same problem with Clean?

    Regards,

    Jak

Children
Unfiltered HTML