Scheduled Update - Not working

Hi Sophosians,

this morning I was suprised that central now offers scheduled updating.

I decided to try this immeadetly and the surprise quickly turned into frustration.

2 1/2 hours after the scheduled time the update is still pending.

What could be the reason for this? How can this be troubleshooted?

When looking onto the firewall I still see the old firmware versions in the two slots. Check for new firmware doesn't show the latest MR-1 release and one can see that it is also not downloaded to the firewall.

However the new firmware showed up in Central (Sceenshot from another firewall)

Another Sophos disappointment - truly sad :-(

Parents
  • Is the time zone correct? 

    __________________________________________________________________________________________________________________

  • Your timezone is reporting Singapour, is this correct? 

    Could you check the logs of the firewall? 

    Do you see following entries: 

    ERROR Aug 29 11:45:35Z [u2d_fw_i_job_CM:22147]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh VI-19.0.1_MR-1.AZU-365.sig
    MESSAGE Aug 29 11:46:35Z [worker:22328]: {"request":{"method":"nopcode","name":"u2d_fw_i_job_CM","version":"1.2","type":"text","length":26,"data":VI-19.0.1_
    MR-1.AZU-365.sig}}

    Is this a Azure Appliance? 

    __________________________________________________________________________________________________________________

  • The firewall I am talking about is in Germany and has Berlin timezone.
    The screenshot above is another firewall in Singapore to show how it looked like before I started the process (can't repeat this for the other firewall in Germany which is already scheduled).


    In which log should I find the above entry? A quick looktrough did not reveal anything but I might have looked in the wrong places.


    I noticed that an hour ago 5 firewalls were still ready for update and now only 3 are left? Did you/Sophos change anything. Looks like all XG135 have gone away and (in my case) only XG210 and XG550 can be updated. Or only the HA firewalls which are in our case XG210 and XG550.

    I also noticed that the last firewall that is running on 18.5 MR-3 can only be updated to 19.0 GA although a direct update to 19 MR-1 Build 365 should be possible according to the readme.





  • Currently MR1 is in staging phase to be rolled out.

    The Message should /could be in csc.log in /log/ 

    __________________________________________________________________________________________________________________

  • No Azure Appliance involved.

    Output of last lines of fgrep "Failed Command:" csc.log | tail

    ERROR Aug 30 15:37:51Z [u2d_fw_i_job_CM:29188]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 30 15:38:52Z [u2d_fw_i_job_CM:29631]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 30 15:39:53Z [u2d_fw_i_job_CM:30070]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 30 15:40:52Z [u2d_fw_i_job_CM:30453]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig

    XG135w_XN03_SFOS 19.0.0 GA-Build317# date
    Tue Aug 30 17:42:13 CEST 2022

  • Seems like this is a issue, which is currently under investigation. Seems like this is related to an issue with the U2D Server, which does not offer the correct file / no file to the firewall. Hence - Central is doing the right job, FW is trying to upgrade but the up2date server is not offering the FW the file. 

    Could you please raise a Support case with the reference to: 

    NC-102533

    __________________________________________________________________________________________________________________

Reply
  • Seems like this is a issue, which is currently under investigation. Seems like this is related to an issue with the U2D Server, which does not offer the correct file / no file to the firewall. Hence - Central is doing the right job, FW is trying to upgrade but the up2date server is not offering the FW the file. 

    Could you please raise a Support case with the reference to: 

    NC-102533

    __________________________________________________________________________________________________________________

Children
  • Great. No need and no time to raise support case.
    We will wait until this is working.

    Please write into this thread when it is resolved. Thanks.

  • Did you change anything? I did an unscheduled (!) update around 15:29 (MESZ) today and this worked.

    No sure whether this is because of "immediate" instead of scheduled or whether Sophos fixed this.

    I guess it is the "immediate" as the error is in the log until the immediate update happened (Time in log is UTC). 

    XG135w_XN03_SFOS 19.0.1 MR-1-Build365# fgrep "Failed Command: /scripts" csc.log
    | tail
    ERROR Aug 31 13:17:09Z [u2d_fw_i_job_CM:11265]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:18:09Z [u2d_fw_i_job_CM:11715]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:19:09Z [u2d_fw_i_job_CM:12151]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:20:09Z [u2d_fw_i_job_CM:12627]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:21:09Z [u2d_fw_i_job_CM:13063]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:22:09Z [u2d_fw_i_job_CM:13497]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:23:09Z [u2d_fw_i_job_CM:13937]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:24:09Z [u2d_fw_i_job_CM:14388]: log_exec: Failed Command: /scripts/u2d/u2d_is_fw_downloaded.sh HW-19.0.1_MR-1.SF300-365.sig
    ERROR Aug 31 13:31:29Z [u2d_pt_installer:11524]: log_exec: Failed Command: /scripts/u2d/u2d_pt_dload_checker.sh
    ERROR Aug 31 13:31:54Z [czt_start:14471]: log_exec: Failed Command: /scripts/wwan/czt.sh

    Maybe this helps to find the issue with the scheduled (?) update ...