Sophos Server Protection cache status : error

Question

Hello, I recently installed a SUM server on VM windows server 2008R2, the installation finished without error, the server appears in the server devices under Sophos central, I give it the role of cache update but after a few hours I found that it displays an error of the cache status, on the server a message appears every 3 minuts indicates that the sophos cache update has stopped and then restarted without there being a download of the updates. in the CU.log I got the following error message: 
 [2018-10-13T07:45:05Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 391 bytes to file C:\ProgramData\Sophos\UpdateCache\Outbound\52670258_status.xml [2018-10-13T07:45:05Z] [fe3c] Info: [LoadPolicyStateHandler::Run:38] Load Policy state handler running [2018-10-13T07:45:05Z] [fe3c] Info: [LoadPolicyStateHandler::LoadPolicy:138] Configuring the firewall rule with port 8191 [2018-10-13T07:45:05Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 1123 bytes to file C:\ProgramData\Sophos\UpdateCache\Configunning_config.xml [2018-10-13T07:45:05Z] [fe3c] Info: [LoadPolicyStateHandler::LoadPolicy:145] Loaded new Policy [2018-10-13T07:45:05Z] [fe3c] Info: [StateMachine::Run:53] State changing load_policy -> register [2018-10-13T07:45:05Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 471 bytes to file C:\ProgramData\Sophos\UpdateCache\Outbound\52670274_status.xml [2018-10-13T07:45:05Z] [fe3c] Info: [RegisterStateHandler::Run:30] Register State Handler Running [2018-10-13T07:45:06Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 874 bytes to file C:\ProgramData\Sophos\UpdateCache\ConfigequestId.txt [2018-10-13T07:45:06Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 1483 bytes to file C:\ProgramData\Sophos\UpdateCache\Outboundegistration_event.xml [2018-10-13T07:45:06Z] [fe3c] Info: [StateMachine::Run:53] State changing register -> wait_for_certificate [2018-10-13T07:45:06Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 483 bytes to file C:\ProgramData\Sophos\UpdateCache\Outbound\52670711_status.xml [2018-10-13T07:45:06Z] [fe3c] Info: [WaitForCertificateStateHandler::Run:37] Wait for certificate state handler running [2018-10-13T07:45:06Z] [fe38] Info: [FileSystem::AtomicWriteFile:208] Wrote 1407 bytes to file C:\ProgramData\Sophos\UpdateCache\Temp	emp_certificate.crt [2018-10-13T07:45:07Z] [fe3c] Info: [StateMachine::Run:53] State changing wait_for_certificate -> install_certificate [2018-10-13T07:45:07Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 482 bytes to file C:\ProgramData\Sophos\UpdateCache\Outbound\52671725_status.xml [2018-10-13T07:45:07Z] [fe3c] Info: [InstallCertificateStateHandler::Run:25] Install certificate state handler running [2018-10-13T07:45:07Z] [fe3c] Info: [InstallCertificateStateHandler::NewCertInstallation:64] Installing the SSL certificate in the system store [2018-10-13T07:45:22Z] [fe3c] Error: [InstallCertificateStateHandler::NewCertInstallation:71] Caught exception installing certificate. Error - CX509Enrollment::InstallResponse failed: [0x800b010a] Une cha&icirc;ne de certificats n&rsquo;a pas pu &ecirc;tre &eacute;tablie vers une autorit&eacute; racine de confiance. [2018-10-13T07:45:22Z] [fe3c] Info: [InstallCertificateStateHandler::Cleanup:120] Deleting certificate request from the certificate store [2018-10-13T07:45:22Z] [fe3c] Info: [InstallCertificateStateHandler::Cleanup:130] Deleting response certificate file [2018-10-13T07:45:22Z] [fe3c] Error: [InstallCertificateStateHandler::Run:36] Certificate installation failed - Unknown exception [2018-10-13T07:45:22Z] [fe3c] Error: [InstallCertificateStateHandler::Run:42] No certificate is installed. Go to Error state. [2018-10-13T07:45:22Z] [fe3c] Info: [StateMachine::Run:53] State changing install_certificate -> error [2018-10-13T07:45:22Z] [fe3c] Info: [FileSystem::AtomicWriteFile:208] Wrote 468 bytes to file C:\ProgramData\Sophos\UpdateCache\Outbound\52686763_status.xml [2018-10-13T07:45:22Z] [fd44] Info: [SvcInit:192] Service has stopped [2018-10-13T07:45:22Z] [fd44] Info: [SvcInit:196] The service encounted an error and will be automatically restarted [2018-10-13T07:47:22Z] [<main>] Info: [wWinMain:63] Service is starting 
 Please if somone have the solution to resolve this problem please don't hesitate to share it with me. 
 RQ:the port 8191 and 8190 are opened for Sophos cache and message relay.

Adithyan Thangaraj · Answer

Hi Zeid Ben Salem, 
 The reported error seems to be a result of usage of Windows Server 2008 R2 without the below mentioned patch. Kindly please find below the resolution to this issue. 
 Update Cache does not work in Vanilla versions of Windows Server 2008 R2 Core. 
 The following error will be logged in the file " C:\ProgramData\Sophos\UpdateCache\Logs\uc.txt" : 
 Error: [InstallCertificateStateHandler::NewCertInstallation:71] Caught exception installing certificate. Error - CX509Enrollment::InstallResponse failed: [0x800b010a] A certificate chain could not be built to a trusted root authority. 
 The CertEnroll control does not work on unpatched Windows 2008 R2 servers. To solve this issue, install the hotfix from Microsoft . 
 Source: KBA 122577