Golden Image problems

Hi,
i have installed Sophos on my Golden Image (Citrix Terminalserver) and followed this instruction:
https://support.sophos.com/support/s/article/KB-000035040?language=en_US

Some machines get errors, see attachments........
But the Gold Image (CTXVAAT-MAINT) is green in my console.
How can i solve that?

Regards
Dennis

Parents Reply
  • Sorry I think I misunderstood slightly. So the issues you have are with existing installed computers rather than new installs.

    If new installs are working for fresh computers, the --traillogging switch to SophosSetup.ee, which will log more info to the Sophos Central installer log, found here:

    %ProgramData%\Sophos\CloudInstaller\Logs\SophosCloudInstaller_[date]_[time].log

    May not help but it is useful for failing new installs.

    If there are deployed clients with issues, the problem might lie with the file "Endpoint.jwt" under: "C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\"

    Note: Tamper will need to be disabled to browse to that location in Explorer if UAC is on, you can navigate to the location with an admin prompt if Tamper is still enabled.

    This jwt file is used by AutoUpdate to update and needs a valid tenant ID and the endpoint id should be that of the client.

    So part of identity strip steps so "childs" of the image, that file should ideally be removed I suspect so when MCS requests a new jwt the endpoint id is correct.

    So the MCSClient.log might be of most interest here, you did provide one which shows:

    \Logs\McsClient.log

    Line 43: 2022-05-17T08:06:25.153Z [ 8548: 8580] E Authentication token file is invalid, error: No such node (features)

    Line 51: 2022-05-17T08:06:25.916Z [ 8548: 8656] I POST mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../endpoint

    Line 56: 2022-05-17T08:06:26.258Z [ 8548: 8656] I Authentication token expires at 2022-05-18T08:05:26Z

    The first time the jwt was checked by mcsclient.exe the token didn't have any features, these would be required that would cause a problem as you are seeing.

    I think you should see at least every hour, lines:
    Authentication token expires
    in the mcsclient.log as the new jwt is requested as they only last 24 hours.

    I would try initially:
    1. disable Tamper on a failing client.
    2. delete the .jwt file.
    3. restart the MCS client service.
    4. hopefully a new jwt file is created.
    5. try "update now", do you still get the 403 errors?


    If so I suspect there is something wrong with the contents of the jwt, either the features are wrong or the endpoint id doesn't match.  

Children
  • Thanks.
    Yesterday i deleted all my terminalserver from the Sophos console and after that i reinstalled Sophos on my Gold Image CTXVABDF-Maint.
    After the installation the status of the Gold Image was green. Then i run the Gold Image skript.....
    Today i have the following:
    Some terminalservers are ok, some not. All servers bootet from the same Gold Image via provisioning.

    Errors:

    18.05.2022 02:49
    Server konnte nicht geschützt werden: ctxvabdf01
    Letzte Agent-Aktualisierung
    vor 3 Tagen Aktualisierung fehlgeschlagen Jetzt aktualisieren
    I don't understand that some servers are ok and some not. All servers bootet from the same image.......

    Regards
    Dennis