UTM 9 version information is show Last Check "never". What does this mean? How do I fix this?
This thread was automatically locked due to age.
Hello all,
I have the same issue. My UTM Home HA cluster with release 9.407-3 doesn't get updates. Here is the Up2Date log:
2016:11:07-20:18:01 node-2 audld[12593]: running on HA master system or cluster node
2016:11:07-20:18:01 node-2 audld[12593]: Starting Up2Date Package Downloader
2016:11:07-20:18:06 node-2 audld[12593]: patch up2date possible
2016:11:07-20:18:06 node-2 audld[12593]: Using static update server list in HA mode
2016:11:07-20:18:41 node-2 audld[12593]: Could not connect to Server us1.utmu2d.sophos.com (status=500 proxy connect failed: alarm).
2016:11:07-20:19:16 node-2 audld[12593]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 proxy connect failed: alarm).
2016:11:07-20:19:51 node-2 audld[12593]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 proxy connect failed: alarm).
2016:11:07-20:20:31 node-2 audld[12593]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
2016:11:07-20:21:11 node-2 audld[12593]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
2016:11:07-20:21:51 node-2 audld[12593]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
2016:11:07-20:21:51 node-2 audld[12593]: >=========================================================================
2016:11:07-20:21:51 node-2 audld[12593]: All 3 Authentication Servers failed
2016:11:07-20:21:51 node-2 audld[12593]:
2016:11:07-20:21:51 node-2 audld[12593]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
2016:11:07-20:21:51 node-2 audld[12593]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
2016:11:07-20:21:51 node-2 audld[12593]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
2016:11:07-20:21:51 node-2 audld[12593]: 4. main::main:174() audld.pl
2016:11:07-20:21:51 node-2 audld[12593]: 5. main::top-level:40() audld.pl
2016:11:07-20:21:51 node-2 audld[12593]: |=========================================================================
2016:11:07-20:21:51 node-2 audld[12593]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
2016:11:07-20:21:51 node-2 audld[12593]:
2016:11:07-20:21:51 node-2 audld[12593]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
2016:11:07-20:21:51 node-2 audld[12593]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
2016:11:07-20:21:51 node-2 audld[12593]: 3. main::main:174() audld.pl
2016:11:07-20:21:51 node-2 audld[12593]: 4. main::top-level:40() audld.pl
Ping to us1/sg1/eu1.utmu2d.sophos.com is working:
PING us1.utmu2d.sophos.com (54.214.16.252) 56(84) bytes of data.
64 bytes from ec2-54-214-16-252.us-west-2.compute.amazonaws.com (54.214.16.252): icmp_seq=1 ttl=35 time=212 ms
64 bytes from ec2-54-214-16-252.us-west-2.compute.amazonaws.com (54.214.16.252): icmp_seq=2 ttl=35 time=207 ms
64 bytes from ec2-54-214-16-252.us-west-2.compute.amazonaws.com (54.214.16.252): icmp_seq=3 ttl=35 time=205 ms
64 bytes from ec2-54-214-16-252.us-west-2.compute.amazonaws.com (54.214.16.252): icmp_seq=4 ttl=35 time=203 ms
64 bytes from ec2-54-214-16-252.us-west-2.compute.amazonaws.com (54.214.16.252): icmp_seq=5 ttl=35 time=211 ms
PING sg1.utmu2d.sophos.com (175.41.132.12) 56(84) bytes of data.
64 bytes from v8up2date3.astaro.com (175.41.132.12): icmp_seq=1 ttl=52 time=381 ms
64 bytes from v8up2date3.astaro.com (175.41.132.12): icmp_seq=2 ttl=52 time=380 ms
64 bytes from v8up2date3.astaro.com (175.41.132.12): icmp_seq=3 ttl=52 time=381 ms
64 bytes from v8up2date3.astaro.com (175.41.132.12): icmp_seq=4 ttl=52 time=380 ms
64 bytes from v8up2date3.astaro.com (175.41.132.12): icmp_seq=5 ttl=52 time=380 ms
PING eu1.utmu2d.sophos.com (79.125.21.244) 56(84) bytes of data.
64 bytes from v8up2date1.astaro.com (79.125.21.244): icmp_seq=1 ttl=49 time=48.1 ms
64 bytes from v8up2date1.astaro.com (79.125.21.244): icmp_seq=2 ttl=49 time=47.6 ms
64 bytes from v8up2date1.astaro.com (79.125.21.244): icmp_seq=3 ttl=49 time=47.6 ms
64 bytes from v8up2date1.astaro.com (79.125.21.244): icmp_seq=4 ttl=49 time=47.3 ms
64 bytes from v8up2date1.astaro.com (79.125.21.244): icmp_seq=5 ttl=49 time=47.4 ms
And audld.plx to these servers doesn't work. Here is an example:
audld.plx --server v8up2date3.astaro.com:443
running on HA master system or cluster node
Starting Up2Date Package Downloader
patch up2date possible
Could not connect to Server v8up2date3.astaro.com (status=500 proxy connect failed: alarm).
Authenticating ...
Could not connect to Authentication Server v8up2date3.astaro.com (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
All 1 Authentication Servers failed
Authentication failed, no valid answer from Authentication Servers
How can I fix this issue?
Kind Regards
TheExpert
As root, run:
grep '_Ip' /etc/up2date/servers.sorted.rpmsave
Replace v8up2date3.astaro.com in the command above with one of those IPs. Did any IP work?
Cheers - Bob
When runnning grep '_Ip' /etc/up2date/servers.sorted.rpmsave I get the following output:
grep: /etc/up2date/servers.sorted.rpmsave: No such file or Directory
Doing ls -lh on /etc/up2date:
total 52K
-rw-r--r-- 1 root root 6 Oct 10 02:27 global_pattern_revision
-rw-r--r-- 1 root root 15K Jan 18 2016 progress.tmpl
-rw-r--r-- 1 root root 113 Oct 10 03:05 proxy.conf
-rw-r--r-- 1 root root 180 Jan 18 2016 proxy.conf-default
-rw-r--r-- 1 root root 1018 Jan 18 2016 srvrstrn.ph
-rw-r--r-- 1 root root 10 Sep 27 14:48 system_version
-rw-r--r-- 1 root root 3.8K Oct 10 03:05 up2date.conf
-rw-r--r-- 1 root root 4.1K Jan 18 2016 up2date.conf-default
-rw-r--r-- 1 root root 738 Oct 10 03:05 up2date_status
Kind Regards
TheExpert
I just did:
utm:/home # grep '_Ip' /etc/up2date/servers.sorted.rpmsave
'Fallback_Ip' => '79.125.21.244'
'Fallback_Ip' => '175.41.132.12'
'Fallback_Ip' => '184.72.238.199'
utm:/home #
Cheers - Bob
As you can see in my last post there's no such a file. Should I create it? What's in this file?
Trying audld.plx with the IP instead of the FQDN doesn't work:
audld.plx --server 79.125.21.244:443
running on HA master system or cluster node
Starting Up2Date Package Downloader
patch up2date possible
Could not connect to Server 79.125.21.244 (status=500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
Authenticating ...
Could not connect to Authentication Server 79.125.21.244 (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
All 1 Authentication Servers failed
Authentication failed, no valid answer from Authentication Servers
audld.plx --server 175.41.132.12:443
running on HA master system or cluster node
Starting Up2Date Package Downloader
patch up2date possible
Could not connect to Server 175.41.132.12 (status=500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
Authenticating ...
Could not connect to Authentication Server 175.41.132.12 (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
All 1 Authentication Servers failed
Authentication failed, no valid answer from Authentication Servers
audld.plx --server 184.72.238.199:443
running on HA master system or cluster node
Starting Up2Date Package Downloader
patch up2date possible
Could not connect to Server 184.72.238.199 (status=500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
Authenticating ...
Could not connect to Authentication Server 184.72.238.199 (code=500 500 proxy connect failed: PROXY ERROR HEADER, could be non-SSL URL:).
All 1 Authentication Servers failed
Authentication failed, no valid answer from Authentication Servers
Because of "status=500 proxy connect failed: PROXY ERROR HEADER" I added the RegEx "^https?://[A-Za-z0-9.-]*\.utmu2d\.sophos\.com/" and "^https?://[A-Za-z0-9.-]*\.astaro\.com/" to Web Protection | Filtering Options | Exceptions | Sophos Services for bypassing some of the proxy checks, i. e. SSL intercept. And I added all network addresses of the UTM to the allowed networks. But this doesn't solve the issue.
Kind Regards
TheExpert
I think it's fairly generic. Here's what one contains in our lab in Oklahoma:
utm:/root # cat /etc/up2date/servers.sorted.rpmsave
$VAR1 = [
{
'name' => 'v8up2date1',
'Port' => '443',
'Ip' => '79.125.21.244',
'Host' => 'v8up2date1.astaro.com',
'Fallback_Ip' => '79.125.21.244'
},
{
'name' => 'v8up2date3',
'Port' => '443',
'Ip' => '175.41.132.12',
'Host' => 'v8up2date3.astaro.com',
'Fallback_Ip' => '175.41.132.12'
},
{
'name' => 'v8up2date2',
'Port' => '443',
'Ip' => '184.72.238.199',
'Host' => 'v8up2date2.astaro.com',
'Fallback_Ip' => '184.72.238.199'
}
];
I guess you could try creating that file, but it looks like when you imaged that device in January that something went wrong. If you've gotten no updates since then, I'd be tempted to offload some config backups, re-image with a new DVD burned at 4x and restore.
Cheers - Bob
The system is a new install in October because of a hardware crash of my old server. I installed with the ISO of 9.406-3 as VM, restored my configuration (9.406-3) and then made an Up2Date to 9.407-3 which was showed by Up2Date automatically. And because of having two new machines I decided to install a second UTM as VM and configured a HA cluster.
I will try with the file but after my further investigations yesterday I don't think that it will help - the tries with the IP address you posted yesterday weren't successful. Now after testing with the file I can say that this doesn't solve the issue.
I also have an UTM Manager, Release 4.303-9 running. This system isn't able to get pattern updates, too. There are the same error messages as on the UTM. I don't know if this is an issue of the UTM installation...
Kind Regards
TheExpert
The system is a new install in October because of a hardware crash of my old server. I installed with the ISO of 9.406-3 as VM, restored my configuration (9.406-3) and then made an Up2Date to 9.407-3 which was showed by Up2Date automatically. And because of having two new machines I decided to install a second UTM as VM and configured a HA cluster.
I will try with the file but after my further investigations yesterday I don't think that it will help - the tries with the IP address you posted yesterday weren't successful. Now after testing with the file I can say that this doesn't solve the issue.
I also have an UTM Manager, Release 4.303-9 running. This system isn't able to get pattern updates, too. There are the same error messages as on the UTM. I don't know if this is an issue of the UTM installation...
Kind Regards
TheExpert
I can't believe that my two UTMs and the UTM Manager have a corrupt installation. So I don't see a need to reinstall all these systems.
Today I updated the two UTMs to 9.408-4 by manually uploading the U2D package. But Up2Date isn't still working.
MTU size is 1500 on all interfaces. There was a post to solve this issue by adding the interface to the allowed networks of the proxy. This isn't possible because you can only add network objects and I have all network objects added (Internal, External and DMZ). In the past I hadn't added External because it makes no sense but for troubleshooting of this issue...
I also put all IP addresses of the UTM into a network group and added this group to the list of hosts for skipping the transparent proxy. This didn't help.
I even checked my license which is valid until August 2017.
I don't understand what is meant by "status=500 proxy connect failed: Alarm" in the Up2Date log. Which proxy is meant? I thought it's the proxy of the UTM because the UTM Manager has the same error message. But if all exception rules in the Web Protection section don't help it seems to be another proxy.
Any other ideas of what could be the reason or this issue?
Kind Regards
TheExpert
I found a very interesting post: https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/77242/utm-9-402-7-failing-to-connect-to-up2date-servers#pi2132219853filter=all&pi2132219853scroll=false
And after disabling the Up2Date cache of the UTM Manager the UTM can connect to the authentication servers and download the Up2Date files. You find the setting here: Management | Central Management | SUM Settings | Use SUM server as Up2Date cache.
Thanks to IanMorehouse [:)]
Kind Regards
TheExpert
But what about SUM? Here are still error messages.
And I could solve the issue by
I got a new firmware by Up2Date and updated SUM successfully to 4.304-5 now.
Kind Regards
TheExpert