Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 4 subscribers
  • Views 4161 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Endpoint protection not updating - something is off

Nico Moeller

I had to reinstall my main PC (W10 Enterprise) and when I tried to deploy the Sophos Endpoint Security and Control it all started to somehow acting up.

used the link from the sophos utm endpoint protection website on the admin interface

the small installer complaind about internet connection, but downloaded fine

the full installer installed, but wont update

the strangest thing is I always get a 10.3  downloaded eventhough one of my win 10 virtual machines has already an 11.x installed

Time: 25.02.17 20:59:47
Message: AutoUpdate finished
Module: SophosUpdate
Process ID: 100
Thread ID: 12176

Time: 25.02.17 20:59:47
Message: Downloading phase completed
Module: Update
Process ID: 100
Thread ID: 12176

Time: 25.02.17 20:59:47
Message: ERROR:   Download of Endpoint Security and Control failed from server Sophos
Module: Update
Process ID: 100
Thread ID: 12176

Time: 25.02.17 20:59:45
Message: Downloading product Endpoint Security and Control from server Sophos
Module: Update
Process ID: 100
Thread ID: 12176

Time: 25.02.17 20:59:45
Message: ***************          Sophos AutoUpdate started          ***************
Module: SophosUpdate
Process ID: 100
Thread ID: 12176

searched the forum and tried to follow the suggestion, even removed the SAV with all its components completely

generated a new id

downloaded a new full installer 4 times

outcome is always the same

the logs on the UTM so far did not indicate any blocks (webfilter log)

2017-02-25T19:59:45.520Z [12176] INFO  WinMain =========================
2017-02-25T19:59:45.520Z [12176] INFO  WinMain SophosUpdate is starting.
2017-02-25T19:59:45.520Z [12176] INFO  WinMain AutoUpdate version      : 2.10.1.357
2017-02-25T19:59:45.520Z [12176] INFO  WinMain SophosUpdate version    : 1.0.0.423
2017-02-25T19:59:45.520Z [12176] INFO  WinMain Build                   : 90662
2017-02-25T19:59:45.520Z [12176] INFO  WinMain =========================
2017-02-25T19:59:45.520Z [12176] INFO  WinMain Initialise COM.
2017-02-25T19:59:45.520Z [12176] INFO  WinMain Load config.
2017-02-25T19:59:45.520Z [12176] INFO  `anonymous-namespace'::ReadFileContents Slurping file of size 902 bytes.
2017-02-25T19:59:45.520Z [12176] INFO  WinMain Create registry reporter.
2017-02-25T19:59:45.520Z [12176] INFO  WinMain Load state.
2017-02-25T19:59:45.520Z [12176] INFO  StatePersister::Load Loading state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2017-02-25T19:59:45.520Z [12176] INFO  WinMain Create progress reporter.
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Create language neutral logger.
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Create downloader.
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Create installer.
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Create adapter writer.
2017-02-25T19:59:45.524Z [12176] INFO  IPCBase::IPCBase IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Create completion reporter.
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Create update logic.
2017-02-25T19:59:45.524Z [12176] INFO  WinMain Performing update.
2017-02-25T19:59:45.524Z [ 7568] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread started.
2017-02-25T19:59:45.524Z [12176] INFO  UpdateLogic::Update Reporting update start.
2017-02-25T19:59:45.524Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend started
2017-02-25T19:59:45.524Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-02-25T19:59:45.525Z [12176] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
2017-02-25T19:59:45.525Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
2017-02-25T19:59:45.525Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-02-25T19:59:45.533Z [12176] INFO  UpdateLogic::SyncAndInstall Syncing products.
2017-02-25T19:59:45.533Z [12176] INFO  SDDSDownloader::SyncInternal Updating from Sophos Location: dci.sophosupd.com/cloudupdate
2017-02-25T19:59:45.533Z [12176] INFO  SDDSDownloader::SyncInternal Username: 0N3M3Z0E5R
2017-02-25T19:59:45.533Z [12176] INFO  SDDSDownloader::SyncInternal No manually configured proxy.
2017-02-25T19:59:45.534Z [12176] INFO  WindowsProxyDiscoveryWrapper::GetDefaultProxyConfiguration WinHttp default proxy not set
2017-02-25T19:59:45.539Z [12176] WARN  WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.
2017-02-25T19:59:46.624Z [12176] INFO  ProgressReporter::UpdateDetails Product: {E17FE03B-0501-4aaa-BC69-0129D965F311}, updateSize = 0
2017-02-25T19:59:47.403Z [12176] INFO  SUL-Log [I96736] Looking for package cd2a5386-f08c-42b1-8d98-40240059e361 RECOMMENDED 1
2017-02-25T19:59:47.403Z [12176] INFO  SUL-Log [I19463] Syncing product cd2a5386-f08c-42b1-8d98-40240059e361 418
2017-02-25T19:59:47.413Z [12176] ERROR SDDSDownloader::ReportSyncFailure Failed to distribute product
2017-02-25T19:59:47.414Z [12176] INFO  UpdateLogic::SyncAndInstall Saving state.
2017-02-25T19:59:47.414Z [12176] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2017-02-25T19:59:47.416Z [12176] INFO  UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
2017-02-25T19:59:48.488Z [12176] INFO  IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>ESHSXP</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of ESHSXP failed from server dci.sophosupd.com/.../Config>
2017-02-25T19:59:48.488Z [12176] INFO  WinMain SophosUpdate has completed with the result 0.
2017-02-25T19:59:48.488Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>ESHSXP</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR:   Download of ESHSXP failed from server dci.sophosupd.com/.../Config>
2017-02-25T19:59:48.488Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-02-25T19:59:49.489Z [ 7568] INFO  IPCSender::ProcessSend IPCSender::ProcessSend exiting
2017-02-25T19:59:49.489Z [ 7568] INFO  `anonymous-namespace'::SenderThreadFn::operator() Sender thread finished.
2017-02-25T19:59:49.491Z [12176] INFO  StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml

 

I do not use any proxy configuration and on all the other machines it works (proxy is transparent)

only IPv4 is used, IPv6 has been disabled with M$ Fixit

further do I wonder why it is tried to use winhttp (which is wpad if i remember correctly)

version on my UTM is

Firmware version:   9.411-3
 
Pattern version:   118800

what I never understood, as the UTM has a sophos av installed itself

and the clients are managed through the UTM why the heck do I need to download the installer and updates from the internet

seen a lot of posts with endpoint update problems but

 

 



This thread was automatically locked due to age.
Unfiltered HTML