Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 296 replies
  • Subscribers 48 subscribers
  • Views 727789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

Bianson

**Update 9** Root cause analysis KBA has been published: see knowledge base article for the latest.

**Update 8** As part of a routine database maintenance task customers may notice a few intermittent install and policy rendering failures. Please retry before contacting support. 7/17/2017 8:00 AM PST

**UPDATE 7** Some customers may notice a few intermittent install failures, please retry before contacting Sophos Support. 7/14/2017 2:00 PM PST

**UPDATE 6** Installations are being processed normally, service is restored. Please re-download installer from Central. 7/14/2017 9:00 AM PST

**UPDATE 5** Installations are now working as of July 13, 2017 19:00 UTC-5. See knowledge base article for the latest.

**UPDATE 4** New installs likely to still fail. http://centralstatus.sophos.com/#!/ has latest update. 

**UPDATE 3** System is now processing backlogs. Please see last updates here.

**UPDATE 2** Issue is ongoing, apologies. Impacts all areas within Central that rely on MCS communication between client and Central. 7/13/2017 8:00 AM PST

**UPDATE** Development has identified root cause and is working on a fix. 

Hello,

We are seeing delays with policy changes and enforcement in Sophos Central (US-West region) as well as installation failures due to inability of new endpoint installations to initially register. Our engineers are working to restore latency. Please note your endpoints remain protected. Updates will be provided on this thread.

KBA: https://community.sophos.com/kb/en-us/126477

Thank you,

Bob



This thread was automatically locked due to age.
Parents

  • We are experiencing the same issues as other companies.  We are experiencing the new install machines failing, we are seeing that when we run a diagnostic on the machines the computer management is having issue and provides an error with 504 gateway timeout.  Our laptop machines are loosing wifi connectivity although they are in the policy that allows wifi.  we are getting failed updates although the desktop console is update on the Sophos central console it shows out of date. 

     

    This is becoming to frequent and to often in our environment especially when you have Ransomware and Breachs at an all time high.  What is being done to resolve this issue and get our companies running at a smooth pace? are we really secure when you tell us that?  Many of us have invested great amounts of money and we are experiencing issues that last months with no true resolution that does not look good for us who truly believed in Sophos. 

     

  • in reply to Aisha Smith

    This week all of our Laptops have lost WiFi connectivity.  We have Chiefs in meetings and they all lost connectivity and it has been taking hours to get them back online with wifi.  This is definitely not a good look.  As this has been happening for about 2 to 3 weeks.

     

    I have a laptop that took about 2 hour to get updated with the Communication Management and still not updating on the Sophos Central Console.  There is a huge communication delay

    in the Diagnostic Tool it show that Management Communication is failing with the error "504 Gateway Timeout.  With 4 failed attempts. the server address we are connecting to is 52.25.245.140

  • in reply to Trevor Karppi

    Trevor Karppi said:
    Sure win - I don't see how your post relates to my last one. What about the "One or more services are missing"??? Why am I and several other Sophos client's still getting these alerts?

     

    Trevor when I have my desktop team look into these, often the end point client actually is broken and requires a full removal/reinstall of Sophos. My theory is either a. they're broken clients from when this crap first started happening or b. Sophos has a buggy product. I hope it's just theory a. and once we touch all these machiens manually to re-install, the problem will go away.

     

    Have you been looking at the machines and verifying the state of the client and the associated services?

  • in reply to Christopher Curwood

    I think it being buggy is the answer here. I've had our users computers generate these alerts multiple times even after full reinstalls (Using Revo Uninstaller to complete wipe out any registry keys as well). The tech that I was working with could replicate our exact issue by installing Sophos in his test environment. To answer your last question, yes. We can do a work around of deleting the SophosUpdate.xml file and renaming "decoded" and "warehouse" files to "decoded_old" and "warehouse_old". This causes the clients to see they are out-of-date and downloads the services again. For others I use PsExec to force an update and registry of services which has worked well each time. The bad part is that we are still getting these alerts for different machines and in some cases for the same machines...

    I hope you're theory is wrong, we have 1,700+ machines on our network with Sophos installed and if we have to reinstall every single one Sophos better be cutting us a check to pay for the time of our techs and lost production time to clean up their screw up.

  • in reply to Sure Win

    Sure Win said:

    Still discussing with the Central team for more info. This was just posted: Sophos Central Admin - 9/15/17 16:00 UTC - Sophos is aware of a new issue that is preventing opening of devices for some customers within Sophos Central Admin.

     

    This issue is now resolved. Device list replication paused for a moment and is now caught up.

  • in reply to Sure Win

    Sorry for the late notice but Sophos Central is under maintenance. read more here: https://community.sophos.com/kb/en-us/127456 

  • in reply to Christopher Curwood

    I am ready for these to stop.  

     

  • in reply to B_B

    I am ready for these to stop.  

     

     

     

    Me too -- we manage a number of customers and the random emails saying the services have stopped, etc. are seriously annoying.  It's dangerous because we've gotten to the point where we ignore the alert (for the most part -- if it repeats on a single client we check it out) -- the boy has cried wolf one too many times.

  • in reply to BrucekConvergent

    I checked on a few machines with the alarm and the Sophos System Protection Service was not started. I opened a ticket and their response was to send me a KB on how to start a service.  The machines in your list either need rebooted or manually start the service which is what I did.  I created the ticket because we should not have to manually start a service.

  • in reply to BrucekConvergent

    You can be on the other end like I just realized we are.  I got one email this morning about a service not running on a machine and when I logged into the cloud I see there are 4 machines with that alert.  

  • in reply to B_B

    What really bothers me is that this is a email-worthy alert (we get hundreds of these - the boy who cried wolf):

    (False Alarm) Policy Violation

     

     

    But these are not email-worthy and have to be searched to see them:

    Malware Detection

     

    Controlled Application Violation

     

     

     

    I guess Sophos wants us to see how broken their product is more than the security issues on our PCs that might need to be looked into or logged.

  • in reply to K_M

    We are getting installation failures (again!).  Is there another outage?  Sophos is reporting everything is fine, but that seems to be their M.O.

Reply Children
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?