Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EP can't update on all clients

Hi guys

At two different sites, I have an UTM Home running on identical hardware and firmware (currently 9.315-2), but of course an independent license.

[:)] At Site A, there are 3 clients with "Endpoint Protection" installed. They are updating themselves frequently and are currently running version 11.0.5 UTM.

[:@] At Site B, there are 6 clients (Windows 7) with "Endpoint Protection" installed. They all recently started showing up as "Out-of-date" in the Endpoint Protection Status - investigation shows that they all stopped receiving updates around July 27/28 and are still running version 10.3 UTM.

The following messages are visible in the log at all Site B clients upon the hourly update check:

Zeit: 20.09.2015 17:49:08
Meldung: AutoUpdate abgeschlossen
Zeit: 20.09.2015 17:49:08
Meldung: Download-Phase abgeschlossen
Zeit: 20.09.2015 17:49:08
Meldung: FEHLER:   Endpoint Security and Control konnte nicht von Server Sophos heruntergeladen werden
Zeit: 20.09.2015 17:49:05
Meldung: Download von Produkt Endpoint Security and Control vom Server Sophos
Zeit: 20.09.2015 17:49:02
Meldung: ***************          Sophos AutoUpdate gestartet          ***************

It states that it can't download "Endpoint Security and Control" from server.

However, when I trigger an update manually by right-clicking on the taskbar logo and "Jetzt updaten (Update now)", a window opens up which shows that it is actually downloading a file (see attachment "sophos01.png") before the messages changes into "Keine Verbindung zum Server (No connection to server)" (see attachment "sophos02.png").

Things I've tried already with no success:
- Reset the registration token for Endpoint Protection at the affected UTM.
- Disabled the Windows Firewall.
- Made the client bypass the proxy.
- Checked the Windows Event Viewer for related events.

Recently installed Endpoint Protection can't even get the actual software downloaded.

Is there a way to get a more detailed log from the Endpoint Protection? The fact that it tells me it "can't download the file" but is actually downloading confuses me...

What could be the cause of this situation?
How might I be able to fix it?

Every reply is greatly appreciated!

Have a great day!


This thread was automatically locked due to age.
Parents
  • Hello everyone,

    it seems that the problems are back again since a week now. Having the same issue, it doesn't matter on which system/windows/location you install the given package from the UTM AV console (URL or download).
    SLIM or FULL, both doesn't update after install or won't download (slim) the Antivirus software due to the connection error.

    We created a ticket at Sophos Support (8084976) a couple of days ago and already had some phone conversations about this with remote sessions. Now waiting on the results/answer.
    For now, it looks like the downloaded package is v10 and doesn't update, but if we already have v11 working, the updates works...

    Regards, Sander.

     

    2018-05-03T09:41:24.506Z [ 9136] INFO  SUL-Log [I96736] Looking for package cd2a5386-f08c-42b1-8d98-40240059e361 RECOMMENDED 1
    2018-05-03T09:41:24.506Z [ 9136] ERROR SUL-Log [E21569] Couldn't authenticate user for resource with host server. URL was: http://dci.sophosupd.com/cloudupdate
    2018-05-03T09:41:24.506Z [ 9136] INFO  SUL-Log [I23158] No proxy was used.
    2018-05-03T09:41:24.506Z [ 9136] INFO  SUL-Log [I96736] Looking for package cd2a5386-f08c-42b1-8d98-40240059e361 RECOMMENDED 1
    2018-05-03T09:41:24.506Z [ 9136] ERROR SUL-Log [E35364] Out of update sources
    2018-05-03T09:41:24.506Z [ 9136] ERROR SDDSDownloader::ReportSyncFailure Failed to synchronise
    2018-05-03T09:41:24.521Z [ 9136] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
    2018-05-03T09:41:24.521Z [ 9136] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
    2018-05-03T09:41:25.556Z [ 9136] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>ESHSXP</Insert><Insert>http://dci.sophosupd.com/cloudupdate</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of ESHSXP failed from server http://dci.sophosupd.com/cloudupdate</ReadableMessage></Config>
    2018-05-03T09:41:25.556Z [ 9136] INFO  WinMain SophosUpdate has completed with the result 0.
    2018-05-03T09:41:25.556Z [ 8720] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>ESHSXP</Insert><Insert>http://dci.sophosupd.com/cloudupdate</Insert></ErrorMessage><ReadableMessage>ERROR:   Download of ESHSXP failed from server http://dci.sophosupd.com/cloudupdate</ReadableMessage></Config>

  • Hoi Sander - first I've seen you here - welcome to the UTM Community!

    I think this is an error that can be repaired by using [Reset Registration Token] on the 'Advanced' tab.  I believe that requires re-installing the Endpoint on all of the PCs though.

    Here's a batch file I've used to un-install Sophos Endpoint on Win7.  Note that you must delete two lines depending on whether you're removing V10 or V11.

     @Echo Off
     net stop "Sophos AutoUpdate Service"
     net stop "Sophos Anti-Virus"
     net stop "Sophos Anti-Virus status reporter"
     net stop "Sophos Device Control Service"
     net stop "Sophos MCS Agent"
     net stop "Sophos MCS Client"
     net stop "Sophos Web Control Service"
     net stop "Sophos Web Intelligence Update"
     net stop "swi_service"
     net stop "swi_update_64"
    REM Sophos Management Communications system - DELETE for V11 - KEEP for V10 -
     MsiExec.exe /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt
    REM Sophos Management Communications system - DELETE for V10 - KEEP for V11 -
    REM MsiExec.exe /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}
    REM Sophos Anti-Virus
     MsiExec.exe /X{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt
    REM Sophos AutoUpdate
     MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D} /qn REBOOT=SUPPRESS /PASSIVE /L*v %windir%\Temp\Uninstall_SAV11_Log.txt

    Before resetting the token on the 'Advanced' tab, what happens if you uninstall using the batch file and reinstall the client?  Did that fix the issue?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    We did already the steps with support. Reset the token, cleaned the installation and even used a new server install, but the same results.

    Even tried it with different UTM's (we are a large reseller).

    Regards, sander.

  • Just received a few updates from the Sophos Support Team. I looks like there a couple of issues with the installer(s).

    Development is now working to resolve the known issues. If I have more information, I will let it know.

    Sander.

  • Hi,

    i want to bring this up again.

    2 weeks ago i installed the last new Win client and all was fine.

    today i installed another new PC and now i run into the same Problem like here discribed.

     

    When installing slim package, only Updater is installed not AV

    Full package AV 10.3 is installed but fails on Update.

    I try´d diff. Settings, Win7, Win10 1709, 1803 all the same.

    Older clients who are already on 11.x working fine.

     

    So the Problem is the Upgrade from 10.3 to 11 on install.

    Another Question, why there is no 11.x Install ?

  • Hi,

    for so far we know is Sophos still working on this issue. It's recently escalated to Sophos GES team (also acquainted to development) I heard.
    We indeed still have the issue so far.

    There is, however, a valid workaround:

    1. Copy the Warehouse folder from a working endpoint (the warehouse folder is found at C:\ProgramData\Sophos\AutoUpdate\data).
    2. Paste the folder into the same location on one of the affected endpoints.
    3. Force an update/run the install.
    4. Check to see if the affected endpoint has now updated successfully.

    I will keep this thread up-to-date with our findings and Sophos communication. But for so far very slow...

    Regards, Sander.

  • Hi Sander,

    The problem is still alive but the workaround is working as a dream!

    Thanx a lot.
    Otto

  • I am getting the same this as of 2/7/2018 - really Sophos????

     

    I think it is time we move away from this company and find a better solution.

Reply Children
No Data