Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 24 replies
  • Subscribers 12 subscribers
  • Views 46252 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Installation Problem Windows 10 Enterprise

David Porcher

Hello, everyone,

we have the following problem with a customer:
Sophos Endpoint installation may not start on some machines, the pre-installation check will display a message indicating that the operating system (Windows 10 Enterprise) is not supported.
No logs are generated under C:\Windows\Temp\, yet (empty) Sophos update folders are created under C:\ProgramData\Sophos\



This thread was automatically locked due to age.
  • 0

    This issue is currently occurring in my environment, seemingly out of nowhere.

    Ive had a ticket open for the last 5 days, but it hasnt gone anywhere yet. Meanwhile, we are way out of compliance.

    Below is the error being seen via the Enterprise Console.

    These are all existing devices (Windows 10 enterprise) with existing (working installs) and machines began popping up in the "errors" list

    last week with the above syntax, after normal updates/pushes from Enterprise console.

     

    I was able to manually troubleshoot one device that was displaying in the list (server actually) And the only way I 

    was able to get past this was to completely remove all components, then use Microsoft's MSIZAP app, which wipes 

    the app from the installer db, removes reg entries, etc.. then reinstalling from scratch. Obviously not a fix that we are looking for since there are dozens of devices failing with this same problem.

    My ticket with support is still pending.

  • 0 in reply to Eric Breen

    Hello Eric Breen,

    this is actually a different issue though it might have a common cause. Furthermore yours is not a Central environment and AFAIK Patch is not available with Central.

    You say that upgrading of Patch failed but an install from scratch succeeded? Is the issue with Patch on all endpoints (all the same level of Windows 10) or have some upgraded? Patch was 10.0.311 since SESC 10.7.x, with 10.8.2 it should be 10.0.312. Is it indeed the update to 10.8.2 (there's, BTW, also a potential issue with Detoured DLL).

    Christian

  • 0 in reply to QC

    QC said:

    Hello Eric Breen,

    this is actually a different issue though it might have a common cause. Furthermore yours is not a Central environment and AFAIK Patch is not available with Central.

    You say that upgrading of Patch failed but an install from scratch succeeded? Is the issue with Patch on all endpoints (all the same level of Windows 10) or have some upgraded? Patch was 10.0.311 since SESC 10.7.x, with 10.8.2 it should be 10.0.312. Is it indeed the update to 10.8.2 (there's, BTW, also a potential issue with Detoured DLL).

    Christian

     

     
    Not sure what you mean by your statement regarding "central" environment.
     
    Also, there was no upgrade, but I do believe that the patch functionality is failing and/or broken, which is causing the "OS not supported" error.
     
    So.. We have about 650 managed devices through enterprise console.
    Last week, random machines began popping up in the "error" list with the aforementioned error, indicating to me that enterprise console tried to update those and failed.
    The list has since grown to 40+ devices, all with the same error, and they are throwing AFTER enterprise console pushes updates.
     
    I attempted to troubleshoot a single device that was in this list.
    During my efforts, I noticed that the AV agent in services was missing. It just wasn't there. This was before I touched anything, and was literally looking through all of the log files generated by sophos installs, and kept finding entries where update/upgrade attempts are failing.
     
    Once I noticed that, I decided to uninstall the AV portion and repush it from enterprise console.
    This was not successful.
     
    I uninstalled the av portion again, and then used MSIZAP to make sure the av portion was removed the the windows installer database. (it was present when I first attempted this)
    After removing the listing from the installer db, I pushed the AV portion again from the console, and this time it worked.
     
    Course this doesnt explain the behavior in the first place, nor is it an acceptable resolution.
     
     
    To further clarify, this is only happening to a portion of devices in the environment. All of the laptops (whether affected or not) are all the same image and configuration. (Win 10 Ent 64-bit)
     
    The following line in the ALUpdate logs seems to be present on all affected devices, (and not present on unaffected)
     
    ALUpdate(Install.Failure): Sophos Patch Agent
     
     
  • 0 in reply to Eric Breen

    When you say "Central" do you mean the cloud offering?

    If so, then you are correct. Our Sophos environment/platform is currently on-prem.

     

  • 0 in reply to QC

    I just reviewed the documentation for the .DLL issue, but nowhere does it suggest that my problem is related.

    The documentation doesnt provide any behavioral characteristics to help identify if one is experiencing the problem or not.

     

    I do have a ticket opened with support, but I havent heard back. (opened Monday) I have submitted documentation detailing behavior being experienced, a few screenshots

    and 4 SDU archives from 3 affected devices, and 1 server.

     

  • 0 in reply to Eric Breen

    Hello Eric Breen,

    yes, Central is the cloud product.

    The console (management server) does not push any updates. Even Protect Computers isn't a push - it just creates a scheduled task that runs setup.exe. Endpoints always download and install what they find in the CID - normally according to the schedule. 

    I just referred to the DLL article because that is an issue with the 10.8.2 version that is AFAIK being rolled out (i.e. some customers already have received it) and with 10.8.2 the Patch version also changes. Without a version change AutoUpdate should not attempt to install/update Patch and therefore you shouldn't see this error. Are your endpoints on 10.8.1 or already 10.8.2?

    Christian

  • 0 in reply to Eric Breen

    Hello Eric,

    Can I please get the ticket number so that we can follow up?

    Thank you!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    Sorry for the delay in my response. My ticket # for this issue is: 8317465

     

  • 0 in reply to QC

    QC, 

    I apologize for the delay in my response.

    I took this screenshot last Friday as a direct result of your question regarding endpoint version, and I did not upload it at the time.

    I hope the attached screenshot helps to answer your question. This was taken from server in the environment I happened to be working on at the time I 

    saw your question.

  • 0 in reply to Eric Breen

    Hello Eric Breen,

    the delay no problem.
    Hm, indeed 10.8.2.311 that has a minor update for Patch - thus after a long time AutoUpdate attempts to update it. AFAIK the error is issued by ALUpdate.exe based on whatever information. The corresponding line in the ALUpdate log contains ALUpdate(Install.Failure): Installation of product .... Just curious - there's a line (actually in every cycle) that says UpdateCoordinator::UpdateNow: current platform is platformtoken. What is the value value of platformtoken?

    Wonder why there are no other reports of this error. What's the Patch Agent version on your endpoints - all 1.0.311.1, only those with the error (has their number increased?) with 1.0.311 and other 1.0.312 or higher, or?

    Christian

Unfiltered HTML