Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 5129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Download of Sophos AutoUpdate failed from server... incorrect CID location

Zatol

Quick question... maybe. I've recently taking over administering Sophos Anti-Virus on our network. I've read through a lot of the forums here and it seems most people are managing very few computers. I'm managing 20,000+, so I'm looking to see if there's a different response than "re-install the Endpoint client."

Basically, we have our main SophosAV box and somewhere around 20 relays (I have not counted them). I am seeing a lot of updating errors that deals with computers clients pointing to the wrong CID files. So where as the actual CID folder on the relay is S033, the update is pointing to S038 and failing every single time. This is leaving me with a ton of errors (3,400 errors) thus far, and a ton of them are related to failing to download the updates.

Is there a location to easily change where the Endpoint client looks for update? If the bootstrap location of the update is in S038, and the updating policies for the relays are correct, then why is my client still looking toward S033 for the update? I'm really looking for a solution other than re-install the Endpoint client because pushing it to all of my clients is no small task, especially in this environment.

Appreciate any help. 

:17893


This thread was automatically locked due to age.
  • 0

    One other question while I'm on the subject, with the number of issues we've seen, we're probably going to be rebuilding this entire Sophos set up. Is there a reason to have so many relays? It seems like a ton to manage and that it may be easier to manage from one central location. As it is, we have around 30 sites using our central location, and around another 30 using their own site. Is there a reason I couldn't just push them all to the central site? I understand the load may become too much, but this is my first experience and foray into anything to do with Sophos. 

    :17895
  • 0

    Hello Zatol ,

    the endpoints are managed from the server they send their messages to. From there they get their updating policies and there you should also see the updating path a client uses (and whether the client complies with the policy or not).

    Which version are you using? Can't answer your questions in detail today (maybe Jak or someone else will chime in)

    Christian

    :17897
  • 0

    Running console 4.7.0.13 and the Endpoints are on 9.7. The server these are communicating with is pointing them to update at: http://5310fs01/SophosUpdate . Should that point all the way down to the correct CID folder as opposed to leaving it open like that? Every relay is pointing to that SophosUpdate folder, but some of the relays are indeed attempting to update off of an incorrect CID. So if I point that all the way down to the correct CID, will that solve this issue?

    :17901
  • 0
    Seems a strange setup and might take some time to sort out as it looks like there was some misconception.
    Now you should have quite a lot of updating policies in SEC. And from what you said they all (or many of them) point to the same location. What makes them update from different CIDs is the so-called Subscription (you'll find a tab for it in the policy). These in turn are managed in the Update Mangers view.
    It seems that
    1) clients update from a central web server (assuming the name does not resolve to different servers at the sites)
    2) the different CIDs are used to configure message relays
    The combination is not ideal, or better far from ideal.

    There's more than one way to skin a cat. For now, please take a look at the subscriptions and if the relays are in the correct SEC groups.

    Christian
    :17907
  • 0

    I did begin digging deeper into the relays updating options. I do have a lot of updating policies in SEC, sorry, they do not all point to the same CIDs.

    What I've noticed is looking at the subscriptions, a few of them are pointing to entirely different sites.. which explains why some are looking for CIDs that do not exist on the local file server. I've begun to pair down on that, in fact I believe I've reduced the number of errors down into the 2,800 range. 

    There's a number of issues with this Sophos set up, from what I've been able to gather. When I inherited it I was staring at a lot of dead computer accounts, with around 40% errors and only around 10,000 of my 20,000 clients. I'm pairing down the errors, the viruses, and everything that seemed to be left unchecked, and now I have the tackle where 10,000 of my clients are. I know they have Endpoint installed on them, but they're certainly not pointing to the right direction. 

     

    :17911