Unable to install firmware - new install of Sophos XG

Hi dilbert,

I am seeing this exact same issue, with a very similar build, using a Ryzen 3 2200g and 8gb memory + 240gb SSD.  I'm curious if you ever found a solution?  Out of curiosity, what motherboard are you using?

After the aborted install, I dropped into busybox and could see that there is an ioctl error, but I'm stuck as to where to go next as well.

I fought with it for a while after I posted the original message but never found a solution.  I had found a few messages that it could be the XG software and that Sophos UTM would probably work fine with the same thumb drive, but I haven't tried it yet.

My motherboard is the Asus ROG Strix B450 and I also have the Ryzen 3 2200g CPU.

I used the same thumb drive and same computer, but installed Sophos UTM 9.5 today instead of Sophos XG and had no problems.  I thought I had seen another thread that the XG installer had problems still, which seems to be the case for me.  I was able to restore the backup I made on my old UTM firewall and the new one is good to go.

Bumping this :

I have had this unable to load firmware for over the last 15 months or so for the XG train.  I try every new version thats published but I can not get past the firmware loading error. I have used several USB thumb drivers. Added a usb cd/DVD driver and thats replicates the issue. Played with the bios settings. Followed all the hints and tips for this issue over the years. All to no avail.

Once it failes you can boot of the internal SSD drive and it brings you to a diagnostic screen. Tajking the advanced diags I obtain shell access. However im not familiar with the structure of the XG  directories.  Its 30 years plus since I used Unix in anger although some of the commands do come back to me.

I am wondering where the instller log file resides so I can examine this  (vi) and try to obtain a hint of whats failing.

Can anyone point me to the location of the installer log file written to the SSD whilst the XG software installs onto the SSD?

Thanks

Don

Hi,

if you want yo use the XG try installing the free copy of VMware 6.x and then install XG.

ian

Hi Ian

Thanks for the tip. However, I'm  not so hot on VMware. I did try this once before.

Out of sheer doggedness I would like to find the underlying issue. Its why I was asking about the location of the Installer log files. Even wondered is there is a verbose mode for the install.

Whilst the hardware is Intel at the core, the Nic's are realtec. I have seen some mention of performance issues but not anything that says they just don't work.  I may try and edit the installer.cfg and remove "quiet" however that requires some more thought.

I found this https://community.sophos.com/kb/en-us/125209

This I can almost do ….  however,  I have no access to the .pgp firmware. Its embedded in the install disk and have no access to it.  This is normal of course.

Seen some mention of log files "u2d.log and "csc.log"  … I can not see these on the SSD and with no "find" command its longhand "ls -laR | grep csc "   no matching files found though.

The threads I have seen in the forum  usually just peter out with people just jiving up.

Regards

Don

Maybe you tried this already but I was unable to install XG Home until I used balena Etcher (https://www.balena.io/etcher/) to create the installer flash drive from the iso-file. Rufus and other tools didn't work for me even when I followed the hints from the community.

Good afternoon Jelle

I whole heartedly agree with you . BalenaEtcher is my goto app for writing most things of an ISO  format to any USB stick.

I have also tried :-

Rufus3.3.exe

Win32diskimager

Hopefully someone will be able to give me the correct name and location on the installer log file/s so I can make sense of what is happening.

Regards

Don

Thank you so much for sharing your thoughts contributors.

an Update

I have now added a new SSD as SDA, the original drive was SDB. I wondered if that may have anything to do with it ……. No change in behaviours

I legitimately obtained the firmware .gpg file from MySophos. I booted the SF Loader and went through adding or updating firmware. I opted to upload the firmware via my browsers (Edge and chrome)  I see a completed message on the Browser and I see a count up to 100% on the appliance console port. After a short wait, the appliance displays a failure message.

I am wondering if the installer is correctly addressing the drives.( the installer appear to only recognise the first drive) I do see the messages indicating it is making area and formatting them. However when I boot from a Ubuntu mem stick and look at the Primary disk I can see no structure on the drive. I have even copied the gpg firmware to the drive in the naive hope this would be recognised.   No Its not.

The SF Loader is installed on SDA , but worryingly  I see no structure like swap or reporting.

I remember with earlier version of the UTM you had to escape to the shell and mount the drive then let the installer complete. I can see no options within the SF Loader to perform a similar function.

Does anyone have an understanding of what can be amended in the Install Script or indeed make its output be verbose in nature.

all feedback welcome

Don

Hi Don,

there appears to be something strange with your bios. Normal bios does not call a drive SDA or SDB and the installer will identify the drive regardless of name.

Ian

Morning Ian

Thank you for your ongoing assistance.

The XG installer is the only "Linux" versions that fails to see the drives. Its strange it gives progress indicators when the install is being progressed. If XG base system cant see the drives I an wondering why are thereprogress indicators.   The SF Loader is installed on the correct drive so it has been recognised at some part of the Install.

Looking through the Forum I cant definatively ascertain the version of Linux it uses. There is talk of Suse and  that its no longer used. CyberoamOS, Astaro Security Linux are also mentioned but no definate statement.   I have seen outputs of "uname" but a generic GNU/Linux message is provided. I would install the native version of the base OS to check the drive status.

I have used Untagle, Pfsense,IPfire,  ubunto, linux mint (both flavours) and  windows on this and all install correctly. So Im thinking what is unique about XG and the way it recognises SATA drives or the way it performs the Initial install.

Many tahnks

Don

Morning Ian

Thank you for your ongoing assistance.

The XG installer is the only "Linux" versions that fails to see the drives. Its strange it gives progress indicators when the install is being progressed. If XG base system cant see the drives I an wondering why are thereprogress indicators.   The SF Loader is installed on the correct drive so it has been recognised at some part of the Install.

Looking through the Forum I cant definatively ascertain the version of Linux it uses. There is talk of Suse and  that its no longer used. CyberoamOS, Astaro Security Linux are also mentioned but no definate statement.   I have seen outputs of "uname" but a generic GNU/Linux message is provided. I would install the native version of the base OS to check the drive status.

I have used Untagle, Pfsense,IPfire,  ubunto, linux mint (both flavours) and  windows on this and all install correctly. So Im thinking what is unique about XG and the way it recognises SATA drives or the way it performs the Initial install.

Many tahnks

Don

I can confirm the disk has been set up. When rebooted the SF Loader is presented. Take the options to escape to sh.

A directory structure is present and in the /bin,  I can execture  "df"  "fdisk -l" and strangely in this directorty a file called "gpg" exists at 918980 bytes which looks to me to be the appliance firmware.

I played with the "loadfw" command but could not  accomplish extraction of the firmware.

Regards

Don

Fixed up and running.

I take my hat of to Sophos customer support. They are an excellent bunch of professionals. The went way past my expectations.

Solution was to load vers16.x GA code which installed first time,  and them, migrate up to the current 17 version.

The downside is I think the CPU in my appliance may be under spec for the XG flavour of software. 

Closed ...

Where can we download the version 16 installer?  I can only find the most recent v17 version of it for download.

Hi,

Any idea what the issue is? - I'm having the same issue at boot, and did talk with Sophos support as well but no luck on fixing it. 

They talking about hardware or bios issues, They want me to fix that first, but I don't know what the issue is!?

I have been running the UTM9 for years now on that hardware, I just want to run XG instead..

The UTM9 runs without any issues, I have a 500/500 mbit/s internet connecting and have no performance issues on that.. - so I don't think there is any issues with the hardware.

Thanks,

Henrik