Since 9.705-7 is enabled for up2date auto rollout, already manually 9.705-7 patched systems showing updates available for download

Hi, since 2-3 days when the 9.705-7 was enabled to auto-download via up2date by Sophos all of our already manually patched 9.705-7 (two weeks ago) systems are showing new updates available but when accessing it it is empty. My assumption is, that the 9.705-7 enabled for auto update is slightly different which may confuse up2date. Or is this purely cosmetic? Any ideas? Any statement from Sophos? Will also open a ticket. Thanks, Joerg



-
[edited by: JoergRiether at 11:36 AM (GMT -7) on 9 Jun 2021]
  • I'm seeing the same symptoms, and the following messages in my up2date log every time it tries to check.  It seems that the update servers are all returning a 403 for the latest update:

    2021:06:09-10:08:01 astaro-1 audld[28106]: Starting Up2Date Package Downloader
    2021:06:09-10:08:04 astaro-1 audld[28106]: disabling patch up2dates (confd hint)
    2021:06:09-10:08:04 astaro-1 audld[28106]: Using static update server list in HA mode
    2021:06:09-10:08:17 astaro-1 audld[28106]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2021:06:09-10:08:17 astaro-1 audld[28106]: Using static download server list in HA mode
    2021:06:09-10:08:17 astaro-1 audld[28106]: Deleted lingering download files: u2d-sys-9.705007-706009.tgz.gpg.defe9cc57a64e66fd10254c5d1a37200.tmp
    2021:06:09-10:08:18 astaro-1 audld[28106]: >=========================================================================
    2021:06:09-10:08:18 astaro-1 audld[28106]: us1.utmu2d.sophos.com/.../u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
    2021:06:09-10:08:18 astaro-1 audld[28106]: us2.utmu2d.sophos.com/.../u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
    2021:06:09-10:08:18 astaro-1 audld[28106]: sg1.utmu2d.sophos.com/.../u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
    2021:06:09-10:08:19 astaro-1 audld[28106]: eu1.utmu2d.sophos.com/.../u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
    2021:06:09-10:08:19 astaro-1 audld[28106]: eu2.utmu2d.sophos.com/.../u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
    2021:06:09-10:08:19 astaro-1 audld[28106]: Tried all 5 Servers: Download unsuccessful
    2021:06:09-10:08:19 astaro-1 audld[28106]: id="3706" severity="error" sys="system" sub="up2date" name="Failed to synchronize fileset" status="failed" action="download" package="sys"
    
  • This hasn't been new to me for quite some time.  For whatever reason, my UTM had skipped every other auto update since about 9.3-ish.

    I just go and download it manually then upload it to the UTM.

    However getting a 403 error (Forbidden) would tell me that the UTM is behind some other appliance that isn't allowing access.  At least, that would be the first assumption.  Second one would be just a common Sophos issue.  Your URL there shows something that I don't believe my UTM does access, but clicking that URL gives me the same Access Denied, with an XML page (I'm in the U.S.).

    UTM - 9.706 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Check it out. My guess is it is a global problem. Many customers I phoned today see it. We opened a ticket. In the meanwhile here is a manual try: 

    xx:/var/up2date/sys # ls -alh
    total 8.0K
    drwxr-xr-x  2 root root 4.0K Jun 10 20:09 .
    drwxr-xr-x 33 root root 4.0K Jun 10 20:28 ..
    -rw-r--r--  1 root root    0 Jun 10 20:09 u2d-sys-9.705007-706009.tgz.gpg.defe9cc57a64e66fd10254c5d1a37200.tmp
    xx:/var/up2date/sys # rm u2d-sys-9.705007-706009.tgz.gpg.defe9cc57a64e66fd10254c5d1a37200.tmp
    xx:/var/up2date/sys # ls -al
    total 8
    drwxr-xr-x  2 root root 4096 Jun 10 20:37 .
    drwxr-xr-x 33 root root 4096 Jun 10 20:28 ..
    xx:/var/up2date/sys # audld.plx
    no HA system or cluster node
    Starting Up2Date Package Downloader
    patch up2date possible
    Using static update server list in HA mode
    Authenticating ...
    Authentication successful!
    Using static download server list in HA mode
    Starting Up2Date Download
    Starting sync mode for 'sys'
      Downloading Up2Date Package http://us1.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg
    http://us1.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
      Downloading Up2Date Package http://us2.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg
    http://us2.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
      Downloading Up2Date Package http://sg1.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg
    http://sg1.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
      Downloading Up2Date Package http://eu1.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg
    http://eu1.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
      Downloading Up2Date Package http://eu2.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg
    http://eu2.utmu2d.sophos.com/asg/v9/sys/u2d-sys-9.705007-706009.tgz.gpg Protocol Error code=403
    Tried all 5 Servers: Download unsuccessful
    Fileset couldn't be made synchronous
    xx:/var/up2date/sys #
    

  • But this is a manual attempt to use Up2Date, correct?  Have you tried manually downloading the actual .gpg file to your computer, then uploading the file manually to the UTM?

    UTM - 9.706 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Seeing the exact same behaviour on 2 of my SG's, (the up2date logs also mention 403 when trying to download the update)..

    there are however 17 other SG's under our care which have not detected the 706.9 update.

  • Same behavior for me until yesterday when finally went to 9.706-9.

  • Yep, the auto-roll-up2date release was enabled on sophos servers yesterday. Error is gone since then.