This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint won't update, register or even delete from the UTM 9.506-2

I have been fighting with an issue with using Endpoint Protection, and I'm convinced that the issue isn't on my end so I really need some help in resolving this.

 

Almost 2 weeks ago I discovered that the agent's weren't getting updates, so I began working through the issue and I thought it my be Cert related, and I attempted a few fixes but to no avail. So after further troubleshooting it appears that the updates/registration requests are being denied by Sophos servers - If you'd like to review everything up to this point it's https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/98271/no-longer-updating---ssl-cert-not-trusted

 

So today since I was getting no response and no support I decided forget it, I'm going to just start from scratch and completely delete everything and start over, as I only have it on a few systems as I was testing going from Avast to Sophos for my home network. Well, I can't even do that the UTM won't delete all data and allow me to start over.

Here's a copy of the log from the UTM for Endpoint Protection.

 

2017:12:06-11:38:27 utm epsecd[44070]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2017:12:06-11:38:27 utm epsecd[44070]: W id="4205" severity="warn" sys="System" sub="epsecd" name="Computer needs to register in Confd" mcs_id="829566d7-4c8e-0c7a-f724-6349ba9e39a4"
2017:12:06-11:38:27 utm epsecd[44070]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2017:12:06-11:38:28 utm epsecd[44070]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2017:12:06-11:38:31 utm epsecd[44070]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2017:12:06-11:38:31 utm epsecd[44070]: I id="4222" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect"
2017:12:06-11:43:09 utm epsecd[44070]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2017:12:06-11:43:12 utm epsecd[44070]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Endpoint log collector started"
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="No private key available yet: /var/epsecd/resources/client.pem"
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="No certificate available yet: /var/epsecd/resources/client.crt"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="curl_base_url: 2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com/.../"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Loaded download history file"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Download endpoint logs"
2017:12:06-11:45:49 utm epsecd[6498]: >=========================================================================
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="Listing [https://2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com//2099210c-e01b-3421-871a-c97d38074414/] failed with return code 6: Couldn't resolve host name Couldn't resolve host '2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com'
2017:12:06-11:45:49 utm epsecd[6498]: "
2017:12:06-11:45:50 utm epsecd[6492]: I id="4201" severity="info" sys="System" sub="epsecd" name="Epsecd starting"
2017:12:06-11:45:53 utm epsecd[6492]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Unable to get ip for sss1-e01b.broker.sophos.com: Resource temporarily unavailable"
2017:12:06-11:45:53 utm epsecd[6492]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Error creating socket. " syscall_error="Resource temporarily unavailable"
2017:12:06-11:45:53 utm epsecd[6492]: >=========================================================================
2017:12:06-11:45:53 utm epsecd[6492]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: No internet connection. at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 148." effect="Can't talk to Sophos LiveConnect"
2017:12:06-11:45:53 utm epsecd[6492]:
2017:12:06-11:45:53 utm epsecd[6492]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:45:53 utm epsecd[6492]:  2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:45:53 utm epsecd[6492]:  3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:45:53 utm epsecd[6492]:  4. main::top-level:63() client.pl
2017:12:06-11:45:53 utm epsecd[6492]: <=========================================================================
2017:12:06-11:45:53 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2017:12:06-11:49:00 utm epsecd[6492]: >=========================================================================
2017:12:06-11:49:00 utm epsecd[6492]: E id="4286" severity="crit" sys="System" sub="epsecd" name="Unknown report data received from Sophos LiveConnect" data="$VAR1 = {
2017:12:06-11:49:00 utm epsecd[6492]:           'operation' => 'Unauthorized'
2017:12:06-11:49:00 utm epsecd[6492]:         };"
2017:12:06-11:49:00 utm epsecd[6492]:
2017:12:06-11:49:00 utm epsecd[6492]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:49:00 utm epsecd[6492]:  2. Epsec::Logic::Client::_receive_reports:447() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  3. Epsec::Logic::Client::_request:1261() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  4. Epsec::Logic::Client::_start:288() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  5. Epsec::Logic::Client::on_load:43() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]:  6. (eval):53() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:49:00 utm epsecd[6492]:  7. Epsec::Logic::Base::run:52() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:49:00 utm epsecd[6492]:  8. main::top-level:63() client.pl
2017:12:06-11:49:00 utm epsecd[6492]: <=========================================================================
2017:12:06-11:49:00 utm epsecd[6492]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-11:49:00 utm epsecd[6492]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-11:49:00 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
2017:12:06-11:52:32 utm epsecd[6492]: I id="420X" severity="info" sys="System" sub="epsecd" name="Epsecd stoping"
2017:12:06-11:52:32 utm epsecd[6492]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status "
2017:12:06-11:52:32 utm epsecd[6492]: I id="4234" severity="info" sys="System" sub="epsecd" name="Disabled Sophos Web Control sub-feature"
2017:12:06-11:52:32 utm epsecd[6492]: >=========================================================================
2017:12:06-11:52:32 utm epsecd[6492]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: Can't use an undefined value as a symbol reference at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 1295." effect="Can't talk to Sophos LiveConnect"
2017:12:06-11:52:32 utm epsecd[6492]:
2017:12:06-11:52:32 utm epsecd[6492]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:52:32 utm epsecd[6492]:  2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:52:32 utm epsecd[6492]:  3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:52:32 utm epsecd[6492]:  4. main::top-level:63() client.pl
2017:12:06-11:52:32 utm epsecd[6492]: <=========================================================================
2017:12:06-11:52:32 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2017:12:06-11:55:16 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Endpoint log collector started"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="curl_base_url: 2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com/.../"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Loaded download history file"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="Download endpoint logs"
2017:12:06-11:55:17 utm epsecd[6365]: >=========================================================================
2017:12:06-11:55:17 utm epsecd[6365]: W main::_log:435() =>  severity="warn" sys="System" sub="eplog" name="Listing [https://2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com//2099210c-e01b-3421-871a-c97d38074414/] failed with return code 6: Couldn't resolve host name Couldn't resolve host '2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com'
2017:12:06-11:55:17 utm epsecd[6365]: "
2017:12:06-11:57:44 utm epsecd[8240]: I id="4201" severity="info" sys="System" sub="epsecd" name="Epsecd starting"
2017:12:06-11:57:50 utm epsecd[8240]: I id="4229" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy"
2017:12:06-11:57:50 utm epsecd[8240]: I id="4230" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Resources"
2017:12:06-11:57:54 utm epsecd[8240]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status 1"
2017:12:06-12:08:28 utm epsecd[8240]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-12:08:28 utm epsecd[8240]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-12:08:28 utm epsecd[8240]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
2017:12:06-12:13:30 utm epsecd[8240]: >=========================================================================
2017:12:06-12:13:30 utm epsecd[8240]: E id="4286" severity="crit" sys="System" sub="epsecd" name="Unknown report data received from Sophos LiveConnect" data="$VAR1 = {
2017:12:06-12:13:30 utm epsecd[8240]:           'operation' => 'Unauthorized'
2017:12:06-12:13:30 utm epsecd[8240]:         };"
2017:12:06-12:13:30 utm epsecd[8240]:
2017:12:06-12:13:30 utm epsecd[8240]:  1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-12:13:30 utm epsecd[8240]:  2. Epsec::Logic::Client::_receive_reports:447() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  3. Epsec::Logic::Client::_request:1261() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  4. Epsec::Logic::Client::_start:288() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  5. Epsec::Logic::Client::_receive_reports:442() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  6. Epsec::Logic::Client::on_run:320() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]:  7. (eval):55() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-12:13:30 utm epsecd[8240]:  8. Epsec::Logic::Base::run:52() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-12:13:30 utm epsecd[8240]:  9. main::top-level:63() client.pl
2017:12:06-12:13:30 utm epsecd[8240]: <=========================================================================
2017:12:06-12:13:30 utm epsecd[8240]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-12:13:30 utm epsecd[8240]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-12:13:30 utm epsecd[8240]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"



This thread was automatically locked due to age.
Parents
  • This will delete the Endpoint Protection configuration on your UTM:

    Management -> System settings -> Reset configuration or passwords -> Reset UTM ID now

    If it fails, at least it tells you for what reason. You should fix this and try to Reset UTM ID again until it works.

    If done you can enabel Endpoint Protection and install clients with the new created Endpoint Agent - Installation Package link in Computer Management section.

Reply
  • This will delete the Endpoint Protection configuration on your UTM:

    Management -> System settings -> Reset configuration or passwords -> Reset UTM ID now

    If it fails, at least it tells you for what reason. You should fix this and try to Reset UTM ID again until it works.

    If done you can enabel Endpoint Protection and install clients with the new created Endpoint Agent - Installation Package link in Computer Management section.

Children
  • Thanks Tom. I did try, and I don't recall the exact issue I had when trying this but things still failed. Unfortunately this ship has sailed and I went back to Avast and purchased a license. For what ever reason Sophos let me down on this - I would have liked to have integrated my AV into my UTM but now I'm using a competing product so it's probably best to have multiple AV's watching on my network anyways.

  • Thanks Tom,

    I followed your advise, and it seems to work. Had almost given up hope too.
    One Win7 and one Win10 install are updating now, no errors

    I will wait to mark this as answer until others have the same result.