Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 92 replies
  • Subscribers 6 subscribers
  • Views 573586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed To Download Update / Could not contact primary server

cminus

This morning, the Sophos icon displayed an X in the center of the shield but wasn't grayed out, and the first entry on the menu was a grayed out "Failed To Download Update".  Choosing "Update Now" causes the Sophos AutoUpdate Status window to open, briefly display the "downloading" bar, then end with "Could not contact primary server" and "Authentication Error" followed by the date and time.  Looking into the console, I see that early this morning there were a number of messages regarding Sophos, almost all of them along the following lines: "3/19/15 7:28:22.685 AM SophosSXLD[137]: [SMESXLInterface.m:437] no DNS addresses found", and similar messages appear to go back to at least March 13.

Is there a problem with the Sophos server, and if so what's the prognosis?  Or is it something with my computer, and if so what should I do?  I'm running Sophos Home Edition 9.2.4 (Threat detection engine 3.58.1, Threat data 5.12) on a Mac running OSX 10.9.5.

:1020416


This thread was automatically locked due to age.
  • 0

    My results, from unable to contact primary server update eror

    ping dci.sophosupd.com

    PING sophos.vo.llnwd.net (208.111.161.254): 56 data bytes

    64 bytes from 208.111.161.254: icmp_seq=0 ttl=50 time=33.419 ms

     ping d1.sophosupd.com

    PING sophos.vo.llnwd.net (208.111.161.254): 56 data bytes

    64 bytes from 208.111.161.254: icmp_seq=0 ttl=50 time=40.227 ms

    64 bytes from 208.111.161.254: icmp_seq=1 ttl=50 time=49.293 ms

    ping d2.sophosupd.com

    PING sophos.vo.llnwd.net (208.111.161.254): 56 data bytes

    64 bytes from 208.111.161.254: icmp_seq=0 ttl=50 time=41.496 ms

    64 bytes from 208.111.161.254: icmp_seq=1 ttl=50 time=53.051 ms

    Wow, I just saw the other posts eveyone seems to resolving different IP through whatever DNS lookup's are being used.  Do you purge your DNS caches regularly on, what I assume are probably Linux boxes ?

    I even did it again afetr flushing my DNS caches and got the exact different  name resolutions. Interesting, but they ALL (as in everyone here) belong to LimeLight Networks),  So everytime you wait a coupleof minutes and ping the same DNS name you'll likely get a different IP, all belonging to LLN.

    I assume that you have 3 servers all on the same subnet and net with only variations in the last tuple of Ithe IP address. (Just FYI tht really isn't good practice, they onviously have to be on the same subnet but it's often a lot safer to vary the last two tuples of the ip address of the DNS servers)

    The fact that we are all resolving only one single IP address  each pingn is interesting.  Have you looked into YOUR / SOPHOS DNS srever(s) and flushed their cache or looked and the name file for any of these IP addresses.   It has to be on your side, I'd bet tht 90% of us are using different DNS servers from our ISPs, to resolve those server names, so it's highly unlikel;y that they would all resolve to different addresses since they rarely update every day anyway. Got to be a glithch on SOPHOS side in your DNS inbound  DNS resource balancers or ping pong balancers.

    This has to be on SPHOS's side of their firewall, and likely an overrun DNS cache or a bad resolution service. If you're using Linux servers, I assume you have more than one, have you tried shutting all your DNS servers down and just rebooting one of them?   That might make fiinding the problem easier. Normally if you use  ping pong or resource load balance for your DNS servers that could be eliminated, if you try running on only one server and see if we all still resolve different addresses. All of us resolving different iP's couldn't be a regional thing, or our ISP's DNS issue, has to be on your side of the firewall.

    I can also only assume but I'dbet you use Limelight Networks as you ISP, since every IP ehre belongs to them, correct ?

    Let us know if yoy want us to try again.

    Just my $.02

    Cheers,

    Peter

    Sorry, but this is intreesting. I did a who is on the IP addresss I get.

    whois  208.111.161.254

    #

    # ARIN WHOIS data and services are subject to the Terms of Use

    # available at: https://www.arin.net/whois_tou.html

    #

    # If you see inaccuracies in the results, please report at

    # http://www.arin.net/public/whoisinaccuracy/index.xhtml

    #

    # The following results may also be obtained via:

    # http://whois.arin.net/rest/nets;q=208.111.161.254?showDetails=true&showARIN=false&ext=netref2

    #

    NetRange:       208.111.128.0 - 208.111.191.255

    CIDR:           208.111.128.0/18

    NetName:        LLNW-3

    NetHandle:      NET-208-111-128-0-1

    Parent:         NET208 (NET-208-0-0-0-0)

    NetType:        Direct Allocation

    OriginAS:       AS22822

    Organization:   Limelight Networks, Inc. (LLNW)

    RegDate:        2006-03-30

    Updated:        2012-02-24

    Comment:        *** All abuse complaints must go to abuse (at)

    Comment:        limelightnetworks.com

    Comment:        Network reassignments available via rwhois.llnw.net:4321

    Ref:            http://whois.arin.net/rest/net/NET-208-111-128-0-1

    OrgName:        Limelight Networks, Inc.

    OrgId:          LLNW

    Address:        2220 W. 14th Street

    City:           Tempe

    StateProv:      AZ

    PostalCode:     85281

    Country:        US

    RegDate:        2002-07-26

    Updated:        2014-08-08

    Ref:            http://whois.arin.net/rest/org/LLNW

    ReferralServer: rwhois://rwhois.llnw.net:4321

    OrgTechHandle: LNAA-ARIN

    OrgTechName:   Limelight Networks ARIN Admin

    OrgTechPhone:  +1-602-850-5095

    OrgTechEmail:  arinadmin@limelightnetworks.com

    OrgTechRef:    http://whois.arin.net/rest/poc/LNAA-ARIN

    OrgAbuseHandle: LNAD-ARIN

    OrgAbuseName:   Limelight Networks Abuse Dept

    OrgAbusePhone:  +1-602-850-5095

    OrgAbuseEmail:  ipadmin@limelightnetworks.com

    OrgAbuseRef:    http://whois.arin.net/rest/poc/LNAD-ARIN

    RAbuseHandle: LNAD-ARIN

    RAbuseName:   Limelight Networks Abuse Dept

    RAbusePhone:  +1-602-850-5095

    RAbuseEmail:  ipadmin@limelightnetworks.com

    RAbuseRef:    http://whois.arin.net/rest/poc/LNAD-ARIN

    RTechHandle: LNAA-ARIN

    RTechName:   Limelight Networks ARIN Admin

    RTechPhone:  +1-602-850-5095

    RTechEmail:  arinadmin@limelightnetworks.com

    RTechRef:    http://whois.arin.net/rest/poc/LNAA-ARIN

    #

    # ARIN WHOIS data and services are subject to the Terms of Use

    # available at: https://www.arin.net/whois_tou.html

    #

    # If you see inaccuracies in the results, please report at

    # http://www.arin.net/public/whoisinaccuracy/index.xhtml

    #

    :1020439
  • 0

    Hello, I actually have the same problems, and looking at the trace of the connection ( wireshark ) I see that it complains I don't have access to the file :

    dci.sophosupd.com/osxhe/server.inf

    This is the conneciton details: 

    Request:

    GET /osxhe/server.inf HTTP/1.0
    Host: dci.sophosupd.com
    Connection: keep-alive
    User-Agent: <UA a="Mac" u="FAVOSXv0ISSLA98" v="" />

    Response : 

    HTTP/1.0 403 Forbidden
    Date: Thu, 19 Mar 2015 16:15:37 GMT
    Server: Apache
    Content-Type: text/html; charset=iso-8859-1
    Content-Length: 236
    Connection: keep-alive
    Cache-Control: s-maxage=60, max-age=60

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>403 Forbidden</title>
    </head><>
    <h1>Forbidden</h1>
    <p>You don't have permission to access /dci.sophosupd.com/osxhe/server.inf
    on this server.</p>
    </></html>

    :1020441
  • 0
    1. dci.sophosupd.com = 87.248.210.254
    2. d1.sophosupd.com = 87.248.210.254
    3. d2.sophosupd.com = 87.248.210.254

    sophos.vo.llnwd.net = 87.248.210.254

    :1020442
  • 0

    This may not be related...I'am having the same error message (for last 4 hours), I also updated my Apple iMac with their latest security update(s).  Could this be related?

    :1020443
  • 0

    Having the same issue myself, have done sevreal re installs of sophos with the same results.

    :1020444
  • 0

    Running OS X 10.9.5

    • dci.sophosupd.com = 68.142.79.69
    • d1.sophosupd.com = 68.142.79.69
    • d2.sophosupd.com = 68.142.79.69
    :1020445
  • 0

    "Our data centre team have taken a look at this one, could those affected please advise the IP address returned when pining the below addresses:

    1. dci.sophosupd.com
    2. d1.sophosupd.com
    3. d2.sophosupd.com"

    dci.sophosupd.com ... 208.111.181.253

    d1.sophosupd.com ... 208.111.181.253

    d2.sophosupd.com ... 208.111.181.253

    :1020446
    Jeff
    If you care about animals, you should be vegan.
    If you don’t care about animals, but you value justice, you should still be vegan.
    Learn more from these resources:
    "THE WORLD IS VEGAN IF YOU WANT IT - Go vegan. It's easy. It’s better for your health (animal foods cause physical harm); it’s better for the planet (animal agriculture is an ecological disaster); and, most importantly, it’s the morally right thing to do." — Professor Gary L. Francione http://www.abolitionistapproach.com/
     
     
  • 0

    Sofrry to keep this going, but evrytine I ping a server it resloves to a different last 2 tuples of an IP address.  Gues what?  Your DNSname resolution services are toast on your inbound routers, or firewall boxes.  

    I wpuld bet that if everyone did this twice a couple fo minutes apart they would get the same problems , it is always the same company's IP's. Do you recognize  LimeLight Networks  in my case

    ping  d2.sophosupd.com

    PING sophos.vo.llnwd.net (208.111.160.6): 56 data bytes

    64 bytes from 208.111.160.6: icmp_seq=0 ttl=50 time=36.742 ms

    64 bytes from 208.111.160.6: icmp_seq=1 ttl=50 time=48.206 ms

    A.R.I.N.  shows me that everytime I ping one of your domain servers it's an IP owned by Limelight Networks.

    (ARIN is American Registry fior Internet Numbers)

    :1020447
  • 0

    Interesting point about OS 10.10.2 which I began using mid-day yesterday. But the Sophos download failure didn’’’’t show up until sign-on today.

    :1020448
  • 0

    dci.sophosupd.com

    PING sophos.vo.llnwd.net (87.248.217.254): 56 data bytes
    64 bytes from 87.248.217.254: icmp_seq=0 ttl=59 time=18.797 ms
    64 bytes from 87.248.217.254: icmp_seq=1 ttl=59 time=21.925 ms
    64 bytes from 87.248.217.254: icmp_seq=2 ttl=59 time=19.125 ms
    64 bytes from 87.248.217.254: icmp_seq=3 ttl=59 time=17.367 ms
    64 bytes from 87.248.217.254: icmp_seq=4 ttl=59 time=19.561 ms
    64 bytes from 87.248.217.254: icmp_seq=5 ttl=59 time=18.439 ms
    64 bytes from 87.248.217.254: icmp_seq=6 ttl=59 time=26.449 ms
    64 bytes from 87.248.217.254: icmp_seq=7 ttl=59 time=17.452 ms
    64 bytes from 87.248.217.254: icmp_seq=8 ttl=59 time=12.270 ms
    64 bytes from 87.248.217.254: icmp_seq=9 ttl=59 time=46.649 ms

    --- sophos.vo.llnwd.net ping statistics ---
    10 packets transmitted, 10 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 12.270/21.803/46.649/8.950 ms

    d1.sophosupd.com

    PING sophos.vo.llnwd.net (87.248.217.254): 56 data bytes
    64 bytes from 87.248.217.254: icmp_seq=0 ttl=59 time=16.183 ms
    64 bytes from 87.248.217.254: icmp_seq=1 ttl=59 time=39.328 ms
    64 bytes from 87.248.217.254: icmp_seq=2 ttl=59 time=20.781 ms
    64 bytes from 87.248.217.254: icmp_seq=3 ttl=59 time=23.438 ms
    64 bytes from 87.248.217.254: icmp_seq=4 ttl=59 time=22.673 ms
    64 bytes from 87.248.217.254: icmp_seq=5 ttl=59 time=21.447 ms
    64 bytes from 87.248.217.254: icmp_seq=6 ttl=59 time=20.435 ms
    64 bytes from 87.248.217.254: icmp_seq=7 ttl=59 time=19.037 ms
    64 bytes from 87.248.217.254: icmp_seq=8 ttl=59 time=24.760 ms
    64 bytes from 87.248.217.254: icmp_seq=9 ttl=59 time=19.644 ms

    --- sophos.vo.llnwd.net ping statistics ---
    10 packets transmitted, 10 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 16.183/22.773/39.328/5.974 ms

    d2.sophosupd.com

    PING sophos.vo.llnwd.net (87.248.217.253): 56 data bytes
    64 bytes from 87.248.217.253: icmp_seq=0 ttl=57 time=24.509 ms
    64 bytes from 87.248.217.253: icmp_seq=1 ttl=57 time=23.046 ms
    64 bytes from 87.248.217.253: icmp_seq=2 ttl=57 time=25.594 ms
    64 bytes from 87.248.217.253: icmp_seq=3 ttl=57 time=20.190 ms
    64 bytes from 87.248.217.253: icmp_seq=4 ttl=57 time=21.985 ms
    64 bytes from 87.248.217.253: icmp_seq=5 ttl=57 time=20.767 ms
    64 bytes from 87.248.217.253: icmp_seq=6 ttl=57 time=22.558 ms
    64 bytes from 87.248.217.253: icmp_seq=7 ttl=57 time=113.377 ms
    64 bytes from 87.248.217.253: icmp_seq=8 ttl=57 time=48.025 ms
    64 bytes from 87.248.217.253: icmp_seq=9 ttl=57 time=46.655 ms

    --- sophos.vo.llnwd.net ping statistics ---
    10 packets transmitted, 10 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 20.190/36.671/113.377/27.401 ms

    :1020449
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?