This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint won't update, register or even delete from the UTM 9.506-2

I have been fighting with an issue with using Endpoint Protection, and I'm convinced that the issue isn't on my end so I really need some help in resolving this.

 

Almost 2 weeks ago I discovered that the agent's weren't getting updates, so I began working through the issue and I thought it my be Cert related, and I attempted a few fixes but to no avail. So after further troubleshooting it appears that the updates/registration requests are being denied by Sophos servers - If you'd like to review everything up to this point it's https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/98271/no-longer-updating---ssl-cert-not-trusted

 

So today since I was getting no response and no support I decided forget it, I'm going to just start from scratch and completely delete everything and start over, as I only have it on a few systems as I was testing going from Avast to Sophos for my home network. Well, I can't even do that the UTM won't delete all data and allow me to start over.

Here's a copy of the log from the UTM for Endpoint Protection.

 

2017:12:06-11:38:27 utm epsecd[44070]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2017:12:06-11:38:27 utm epsecd[44070]: W id="4205" severity="warn" sys="System" sub="epsecd" name="Computer needs to register in Confd" mcs_id="829566d7-4c8e-0c7a-f724-6349ba9e39a4"
2017:12:06-11:38:27 utm epsecd[44070]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2017:12:06-11:38:28 utm epsecd[44070]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2017:12:06-11:38:31 utm epsecd[44070]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2017:12:06-11:38:31 utm epsecd[44070]: I id="4222" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect"
2017:12:06-11:43:09 utm epsecd[44070]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2017:12:06-11:43:12 utm epsecd[44070]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Endpoint log collector started"
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="No private key available yet: /var/epsecd/resources/client.pem"
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="No certificate available yet: /var/epsecd/resources/client.crt"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="curl_base_url: 2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com/.../"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Loaded download history file"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Download endpoint logs"
2017:12:06-11:45:49 utm epsecd[6498]: >=========================================================================
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="Listing [https://2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com//2099210c-e01b-3421-871a-c97d38074414/] failed with return code 6: Couldn't resolve host name Couldn't resolve host '2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com'
2017:12:06-11:45:49 utm epsecd[6498]: "
2017:12:06-11:45:50 utm epsecd[6492]: I id="4201" severity="info" sys="System" sub="epsecd" name="Epsecd starting"
2017:12:06-11:45:53 utm epsecd[6492]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Unable to get ip for sss1-e01b.broker.sophos.com: Resource temporarily unavailable"
2017:12:06-11:45:53 utm epsecd[6492]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Error creating socket. " syscall_error="Resource temporarily unavailable"
2017:12:06-11:45:53 utm epsecd[6492]: >=========================================================================
2017:12:06-11:45:53 utm epsecd[6492]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: No internet connection. at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 148." effect="Can't talk to Sophos LiveConnect"
2017:12:06-11:45:53 utm epsecd[6492]:
2017:12:06-11:45:53 utm epsecd[6492]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:45:53 utm epsecd[6492]:  2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:45:53 utm epsecd[6492]:  3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:45:53 utm epsecd[6492]:  4. main::top-level:63() client.pl
2017:12:06-11:45:53 utm epsecd[6492]: <=========================================================================
2017:12:06-11:45:53 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2017:12:06-11:49:00 utm epsecd[6492]: >=========================================================================
2017:12:06-11:49:00 utm epsecd[6492]: E id="4286" severity="crit" sys="System" sub="epsecd" name="Unknown report data received from Sophos LiveConnect" data="$VAR1 = {
2017:12:06-11:49:00 utm epsecd[6492]:           'operation' => 'Unauthorized'
2017:12:06-11:49:00 utm epsecd[6492]:         };"
2017:12:06-11:49:00 utm epsecd[6492]:
2017:12:06-11:49:00 utm epsecd[6492]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:49:00 utm epsecd[6492]:  2. Epsec::Logic::Client::_receive_reports:447() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  3. Epsec::Logic::Client::_request:1261() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  4. Epsec::Logic::Client::_start:288() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  5. Epsec::Logic::Client::on_load:43() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  6. (eval):53() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:49:00 utm epsecd[6492]:  7. Epsec::Logic::Base::run:52() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:49:00 utm epsecd[6492]:  8. main::top-level:63() client.pl
2017:12:06-11:49:00 utm epsecd[6492]: <=========================================================================
2017:12:06-11:49:00 utm epsecd[6492]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-11:49:00 utm epsecd[6492]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-11:49:00 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
2017:12:06-11:52:32 utm epsecd[6492]: I id="420X" severity="info" sys="System" sub="epsecd" name="Epsecd stoping"
2017:12:06-11:52:32 utm epsecd[6492]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status "
2017:12:06-11:52:32 utm epsecd[6492]: I id="4234" severity="info" sys="System" sub="epsecd" name="Disabled Sophos Web Control sub-feature"
2017:12:06-11:52:32 utm epsecd[6492]: >=========================================================================
2017:12:06-11:52:32 utm epsecd[6492]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: Can't use an undefined value as a symbol reference at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 1295." effect="Can't talk to Sophos LiveConnect"
2017:12:06-11:52:32 utm epsecd[6492]:
2017:12:06-11:52:32 utm epsecd[6492]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:52:32 utm epsecd[6492]:  2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:52:32 utm epsecd[6492]:  3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:52:32 utm epsecd[6492]:  4. main::top-level:63() client.pl
2017:12:06-11:52:32 utm epsecd[6492]: <=========================================================================
2017:12:06-11:52:32 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2017:12:06-11:55:16 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Endpoint log collector started"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="curl_base_url: 2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com/.../"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Loaded download history file"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Download endpoint logs"
2017:12:06-11:55:17 utm epsecd[6365]: >=========================================================================
2017:12:06-11:55:17 utm epsecd[6365]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="Listing [https://2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com//2099210c-e01b-3421-871a-c97d38074414/] failed with return code 6: Couldn't resolve host name Couldn't resolve host '2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com'
2017:12:06-11:55:17 utm epsecd[6365]: "
2017:12:06-11:57:44 utm epsecd[8240]: I id="4201" severity="info" sys="System" sub="epsecd" name="Epsecd starting"
2017:12:06-11:57:50 utm epsecd[8240]: I id="4229" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy"
2017:12:06-11:57:50 utm epsecd[8240]: I id="4230" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Resources"
2017:12:06-11:57:54 utm epsecd[8240]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status 1"
2017:12:06-12:08:28 utm epsecd[8240]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-12:08:28 utm epsecd[8240]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-12:08:28 utm epsecd[8240]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
2017:12:06-12:13:30 utm epsecd[8240]: >=========================================================================
2017:12:06-12:13:30 utm epsecd[8240]: E id="4286" severity="crit" sys="System" sub="epsecd" name="Unknown report data received from Sophos LiveConnect" data="$VAR1 = {
2017:12:06-12:13:30 utm epsecd[8240]:           'operation' => 'Unauthorized'
2017:12:06-12:13:30 utm epsecd[8240]:         };"
2017:12:06-12:13:30 utm epsecd[8240]:
2017:12:06-12:13:30 utm epsecd[8240]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-12:13:30 utm epsecd[8240]:  2. Epsec::Logic::Client::_receive_reports:447() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  3. Epsec::Logic::Client::_request:1261() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  4. Epsec::Logic::Client::_start:288() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  5. Epsec::Logic::Client::_receive_reports:442() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  6. Epsec::Logic::Client::on_run:320() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  7. (eval):55() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-12:13:30 utm epsecd[8240]:  8. Epsec::Logic::Base::run:52() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-12:13:30 utm epsecd[8240]:  9. main::top-level:63() client.pl
2017:12:06-12:13:30 utm epsecd[8240]: <=========================================================================
2017:12:06-12:13:30 utm epsecd[8240]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-12:13:30 utm epsecd[8240]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-12:13:30 utm epsecd[8240]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"



This thread was automatically locked due to age.
Parents
  • For Windows 7, use the following to completely delete an Endpoint install.

    @Echo Off
     net stop "Sophos AutoUpdate Service"
     net stop "Sophos Anti-Virus"
     net stop "Sophos Anti-Virus status reporter"
     net stop "Sophos Device Control Service"
     net stop "Sophos MCS Agent"
     net stop "Sophos MCS Client"
     net stop "Sophos Web Control Service"
     net stop "Sophos Web Intelligence Update"
     net stop "swi_service"
     net stop "swi_update_64"
    REM Sophos Management Communications system - DELETE for V11 - KEEP for V10 -
     MsiExec.exe /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt
    REM Sophos Management Communications system - DELETE for V10 - KEEP for V11 -
     MsiExec.exe /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}
    REM Sophos Anti-Virus
     MsiExec.exe /X{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt
    REM Sophos AutoUpdate
     MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt

    There's a KnowledgeBase article if you have other Windows versions.

    Although you can't get support with a home-use license for UTM Endpoint, you can get a paid license on Sophos Central, the cloud-based solution.  There are different versions as well as an offering of Intercept X.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks, but unfortunately that's not relevant to the current issues as uninstalling from the endpoint isn't an issue.

    Also, the reason for changing from a paid version of Avast to Sophos is the UTM integration, otherwise I'd prefer to use dual AV's for increased protection (one at the network layer, one at the endpoint).

  • Sometimes, a re-install of Endpoint will fix this type of problem.  In your first post, you said that you were unable to completely uninstall Endpoint and it's not possible to re-install it correctly unless all traces of the initial install are gone.  There's a KB detailing how to do a partial integration of cloud-based Endpoint with UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Sometimes, a re-install of Endpoint will fix this type of problem.  In your first post, you said that you were unable to completely uninstall Endpoint and it's not possible to re-install it correctly unless all traces of the initial install are gone.  There's a KB detailing how to do a partial integration of cloud-based Endpoint with UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children