This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.com∕update

We are just starting to deploy and we keep getting these errors. All of the computers are LAN connected, we already made sure that our Checkpoint FW was not blocking any traffic.

The odd thing is that it will usually correct itself but the notifications are really annoying. This section from the sophosupdate.log looks kind of interesting.

2017-09-27T15:01:49.673Z [ 1124] INFO SUL-Log [I40394] Downloading customer file from sophos:1:1
2017-09-27T15:01:49.720Z [ 1124] INFO SUL-Log [I40395] Downloaded customer file; fetching catalogues from sophos:1:1...
2017-09-27T15:01:50.500Z [ 1124] INFO SUL-Log [I40395] Successfully fetched catalogues from sophos:1:1
2017-09-27T15:01:50.516Z [ 1124] INFO SDDSDownloader::CreatePackageDistributionInformation Including 7A91E6C5-57F2-406E-94BC-E03DC13C6445 3.7.20.1: clean64/*
2017-09-27T15:01:50.516Z [ 1124] INFO SDDSDownloader::CreatePackageDistributionInformation Skipping 46810557-453C-4DC7-B30A-3F60FEF885E4 3.7.20.1: not deployable on this platform
2017-09-27T15:01:50.531Z [ 1124] INFO SUL-Log [I40394] Downloading customer file from sophos:1:1
2017-09-27T15:01:50.578Z [ 1124] ERROR SUL-Log [E89295] Signed customer file expected but unsigned file found
2017-09-27T15:01:50.578Z [ 1124] ERROR SUL-Log [E19127] Signed customer file expected but unsigned file found
2017-09-27T15:01:50.578Z [ 1124] INFO SUL-Log [I31036] No proxy was used.
2017-09-27T15:01:50.578Z [ 1124] INFO SUL-Log [I40394] Downloading customer file from sophos:2:1
2017-09-27T15:01:50.578Z [ 1124] ERROR SUL-Log [E75373] Ran out of sophos aliases for this update source
2017-09-27T15:01:50.578Z [ 1124] ERROR SUL-Log [E54187] Signed customer file expected but unsigned file found
2017-09-27T15:01:50.578Z [ 1124] ERROR SDDSDownloader::ReportSyncFailure Failed to read remote metadata.
2017-09-27T15:01:50.594Z [ 1124] INFO UpdateLogic::SyncAndInstall Saving state.
2017-09-27T15:01:50.594Z [ 1124] INFO StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml
2017-09-27T15:01:50.594Z [ 1124] INFO UpdateLogic::SyncAndInstall Skipping product install as Sync failed.
2017-09-27T15:01:50.594Z [ 1124] INFO IPCSender::Write IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>WindowsCloudNextGen</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR: Download of WindowsCloudNextGen failed from server dci.sophosupd.com/.../Config>
2017-09-27T15:01:50.594Z [ 1124] INFO WinMain SophosUpdate has completed with the result 2.
2017-09-27T15:01:50.594Z [ 5384] INFO IPCSender::ProcessSend IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>SDDSDownloadFailed</ID><StringID>107</StringID><Sender>SophosUpdate</Sender><Insert>WindowsCloudNextGen</Insert><Insert>dci.sophosupd.com/.../ErrorMessage><ReadableMessage>ERROR: Download of WindowsCloudNextGen failed from server dci.sophosupd.com/.../Config>
2017-09-27T15:01:50.594Z [ 5384] INFO IPCSender::ProcessSend IPCSender::ProcessSend: No messages in queue, starting to wait
2017-09-27T15:01:51.608Z [ 5384] INFO IPCSender::ProcessSend IPCSender::ProcessSend exiting
2017-09-27T15:01:51.608Z [ 5384] INFO `anonymous-namespace'::SenderThreadFn::operator() Sender thread finished.
2017-09-27T15:01:51.608Z [ 1124] INFO StatePersister::Save Overwriting state file C:\ProgramData\Sophos\AutoUpdate\data\status\SophosUpdateStatus.xml

This thread was automatically locked due to age.

Parents

0 jak over 7 years ago

I believe the customer file that is retrieved by AutoUpdate is based on your "username"+":"+"password" hashed.

In the SophosUpdate trace log, you should have a line that looks something like this:

SDDSDownloader::SyncInternal Filename: 8df7c4ff842a5582788827c662fa727c

This is your customer file name, minus the .dat extension. So the URL, the file is obtained from becomes:

http://dci.sophosupd.com/update/8/df/8df7c4ff842a5582788827c662fa727c.dat

Notes:
The first 3 characters denote the directory structure that the customer file lives within.
I have also changed this Filename and therefore URL so it will not download.

The file should have some signature info at the bottom, after the XML, i.e.

-----BEGIN SIGNATURE-----
1
-----END SIGNATURE-----
-----BEGIN CERTIFICATE-----
2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
3
-----END CERTIFICATE-----

If you download your customer file just using a browser, is it missing the signature/certificate info when you open the file up in a text editor?

IS an upstream device tampering with this in some way?

This is what I would take the error message to mean.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel
0 Barry Cuda over 7 years ago in reply to jak

I did as you suggested and I am able to download and open the file. From what I can tell the certificate section looks to be legit. The odd thing is that the same computer 20min later will successfully get the update. We made exceptions for the various sophos domains so they don't get scanned or blocked by the FW and we do not have any proxy cacheing.

I have had 20% of my clients reporting this error today alone.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Barry Cuda over 7 years ago in reply to jak

I did as you suggested and I am able to download and open the file. From what I can tell the certificate section looks to be legit. The odd thing is that the same computer 20min later will successfully get the update. We made exceptions for the various sophos domains so they don't get scanned or blocked by the FW and we do not have any proxy cacheing.

I have had 20% of my clients reporting this error today alone.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data