I have been fighting with an issue with using Endpoint Protection, and I'm convinced that the issue isn't on my end so I really need some help in resolving this.
Almost 2 weeks ago I discovered that the agent's weren't getting updates, so I began working through the issue and I thought it my be Cert related, and I attempted a few fixes but to no avail. So after further troubleshooting it appears that the updates/registration requests are being denied by Sophos servers - If you'd like to review everything up to this point it's https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/98271/no-longer-updating---ssl-cert-not-trusted
So today since I was getting no response and no support I decided forget it, I'm going to just start from scratch and completely delete everything and start over, as I only have it on a few systems as I was testing going from Avast to Sophos for my home network. Well, I can't even do that the UTM won't delete all data and allow me to start over.
Here's a copy of the log from the UTM for Endpoint Protection.
2017:12:06-11:38:27 utm epsecd[44070]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2017:12:06-11:38:27 utm epsecd[44070]: W id="4205" severity="warn" sys="System" sub="epsecd" name="Computer needs to register in Confd" mcs_id="829566d7-4c8e-0c7a-f724-6349ba9e39a4"
2017:12:06-11:38:27 utm epsecd[44070]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2017:12:06-11:38:28 utm epsecd[44070]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2017:12:06-11:38:31 utm epsecd[44070]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2017:12:06-11:38:31 utm epsecd[44070]: I id="4222" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect"
2017:12:06-11:43:09 utm epsecd[44070]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2017:12:06-11:43:12 utm epsecd[44070]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="Endpoint log collector started"
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() => severity="warn" sys="System" sub="eplog" name="No private key available yet: /var/epsecd/resources/client.pem"
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() => severity="warn" sys="System" sub="eplog" name="No certificate available yet: /var/epsecd/resources/client.crt"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="curl_base_url: 2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com/.../"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="Loaded download history file"
2017:12:06-11:45:49 utm epsecd[6498]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="Download endpoint logs"
2017:12:06-11:45:49 utm epsecd[6498]: >=========================================================================
2017:12:06-11:45:49 utm epsecd[6498]: W main::_log:435() => severity="warn" sys="System" sub="eplog" name="Listing [https://2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com//2099210c-e01b-3421-871a-c97d38074414/] failed with return code 6: Couldn't resolve host name Couldn't resolve host '2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com'
2017:12:06-11:45:49 utm epsecd[6498]: "
2017:12:06-11:45:50 utm epsecd[6492]: I id="4201" severity="info" sys="System" sub="epsecd" name="Epsecd starting"
2017:12:06-11:45:53 utm epsecd[6492]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Unable to get ip for sss1-e01b.broker.sophos.com: Resource temporarily unavailable"
2017:12:06-11:45:53 utm epsecd[6492]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Error creating socket. " syscall_error="Resource temporarily unavailable"
2017:12:06-11:45:53 utm epsecd[6492]: >=========================================================================
2017:12:06-11:45:53 utm epsecd[6492]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: No internet connection. at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 148." effect="Can't talk to Sophos LiveConnect"
2017:12:06-11:45:53 utm epsecd[6492]:
2017:12:06-11:45:53 utm epsecd[6492]: 1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:45:53 utm epsecd[6492]: 2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:45:53 utm epsecd[6492]: 3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:45:53 utm epsecd[6492]: 4. main::top-level:63() client.pl
2017:12:06-11:45:53 utm epsecd[6492]: <=========================================================================
2017:12:06-11:45:53 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2017:12:06-11:49:00 utm epsecd[6492]: >=========================================================================
2017:12:06-11:49:00 utm epsecd[6492]: E id="4286" severity="crit" sys="System" sub="epsecd" name="Unknown report data received from Sophos LiveConnect" data="$VAR1 = {
2017:12:06-11:49:00 utm epsecd[6492]: 'operation' => 'Unauthorized'
2017:12:06-11:49:00 utm epsecd[6492]: };"
2017:12:06-11:49:00 utm epsecd[6492]:
2017:12:06-11:49:00 utm epsecd[6492]: 1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:49:00 utm epsecd[6492]: 2. Epsec::Logic::Client::_receive_reports:447() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]: 3. Epsec::Logic::Client::_request:1261() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]: 4. Epsec::Logic::Client::_start:288() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]: 5. Epsec::Logic::Client::on_load:43() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:49:00 utm epsecd[6492]: 6. (eval):53() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:49:00 utm epsecd[6492]: 7. Epsec::Logic::Base::run:52() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:49:00 utm epsecd[6492]: 8. main::top-level:63() client.pl
2017:12:06-11:49:00 utm epsecd[6492]: <=========================================================================
2017:12:06-11:49:00 utm epsecd[6492]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-11:49:00 utm epsecd[6492]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-11:49:00 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
2017:12:06-11:52:32 utm epsecd[6492]: I id="420X" severity="info" sys="System" sub="epsecd" name="Epsecd stoping"
2017:12:06-11:52:32 utm epsecd[6492]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status "
2017:12:06-11:52:32 utm epsecd[6492]: I id="4234" severity="info" sys="System" sub="epsecd" name="Disabled Sophos Web Control sub-feature"
2017:12:06-11:52:32 utm epsecd[6492]: >=========================================================================
2017:12:06-11:52:32 utm epsecd[6492]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: Can't use an undefined value as a symbol reference at /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm line 1295." effect="Can't talk to Sophos LiveConnect"
2017:12:06-11:52:32 utm epsecd[6492]:
2017:12:06-11:52:32 utm epsecd[6492]: 1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-11:52:32 utm epsecd[6492]: 2. Epsec::Logic::Client::on_error:1461() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-11:52:32 utm epsecd[6492]: 3. Epsec::Logic::Base::run:60() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-11:52:32 utm epsecd[6492]: 4. main::top-level:63() client.pl
2017:12:06-11:52:32 utm epsecd[6492]: <=========================================================================
2017:12:06-11:52:32 utm epsecd[6492]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 180 seconds"
2017:12:06-11:55:16 utm epsecd[6365]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="Endpoint log collector started"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="curl_base_url: 2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com/.../"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="Loaded download history file"
2017:12:06-11:55:17 utm epsecd[6365]: I main::_log:435() => severity="info" sys="System" sub="eplog" name="Download endpoint logs"
2017:12:06-11:55:17 utm epsecd[6365]: >=========================================================================
2017:12:06-11:55:17 utm epsecd[6365]: W main::_log:435() => severity="warn" sys="System" sub="eplog" name="Listing [https://2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com//2099210c-e01b-3421-871a-c97d38074414/] failed with return code 6: Couldn't resolve host name Couldn't resolve host '2099210c-e01b-3421-871a-c97d38074414-wdx-e01b.broker.sophos.com'
2017:12:06-11:55:17 utm epsecd[6365]: "
2017:12:06-11:57:44 utm epsecd[8240]: I id="4201" severity="info" sys="System" sub="epsecd" name="Epsecd starting"
2017:12:06-11:57:50 utm epsecd[8240]: I id="4229" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy"
2017:12:06-11:57:50 utm epsecd[8240]: I id="4230" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Resources"
2017:12:06-11:57:54 utm epsecd[8240]: I id="4231" severity="info" sys="System" sub="epsecd" name="Syncing SWC with web control global status 1"
2017:12:06-12:08:28 utm epsecd[8240]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-12:08:28 utm epsecd[8240]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-12:08:28 utm epsecd[8240]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
2017:12:06-12:13:30 utm epsecd[8240]: >=========================================================================
2017:12:06-12:13:30 utm epsecd[8240]: E id="4286" severity="crit" sys="System" sub="epsecd" name="Unknown report data received from Sophos LiveConnect" data="$VAR1 = {
2017:12:06-12:13:30 utm epsecd[8240]: 'operation' => 'Unauthorized'
2017:12:06-12:13:30 utm epsecd[8240]: };"
2017:12:06-12:13:30 utm epsecd[8240]:
2017:12:06-12:13:30 utm epsecd[8240]: 1. Epsec::Utils::Logging::_log:59() /</usr/local/bin/epp_client.plx>Epsec/Utils/Logging.pm
2017:12:06-12:13:30 utm epsecd[8240]: 2. Epsec::Logic::Client::_receive_reports:447() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]: 3. Epsec::Logic::Client::_request:1261() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]: 4. Epsec::Logic::Client::_start:288() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]: 5. Epsec::Logic::Client::_receive_reports:442() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]: 6. Epsec::Logic::Client::on_run:320() /</usr/local/bin/epp_client.plx>Epsec/Logic/Client.pm
2017:12:06-12:13:30 utm epsecd[8240]: 7. (eval):55() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-12:13:30 utm epsecd[8240]: 8. Epsec::Logic::Base::run:52() /</usr/local/bin/epp_client.plx>Epsec/Logic/Base.pm
2017:12:06-12:13:30 utm epsecd[8240]: 9. main::top-level:63() client.pl
2017:12:06-12:13:30 utm epsecd[8240]: <=========================================================================
2017:12:06-12:13:30 utm epsecd[8240]: W id="4202" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"
2017:12:06-12:13:30 utm epsecd[8240]: I id="4223" severity="info" sys="System" sub="epsecd" name="Closing socket to Sophos LiveConnect"
2017:12:06-12:13:30 utm epsecd[8240]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 300 seconds"
This thread was automatically locked due to age.