Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3726 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade to Endpoint 10 causing forced restarts

MRCUR

Hi Everyone,

I upgraded our Sophos server to Endpoint 10 and Enterprise Console 5.1 a few weeks ago. I was using the recommended software subscription which automatically switched to 10 with the upgrade. We only use anti-virus and do not install any other components.

Shortly after the upgrade, many of our Windows 7 users (all SP1, x64) began complaining that when they started their computers and logged in, they were shown a Windows error stating "Windows has encountered a critical error and must restart". It gives a 1 minute countdown and then restarts the computer. This sometimes doesn't happen, other times it happens 5 times in a row. 

We narrowed the cause down to Sophos. We uninstalled Sophos which stopped the messages. Has anyone seen this occur? The Windows event log shows errors for services.exe related to ntdll.dll which causes the forced reboot. 

When trying to re-deploy Sophos to the computers, we receive an error in the EC that the supplied username/password for installing aren't valid (even though they are and work fine for new installs). For now I've switched the software subscription back to 9 which has downgraded everyone and stopped the reboots. I was also able to re-deploy to the computers I previously could not. 

Any ideas here? I've emailed Sophos support without any response. Hoping we can figure something out and switch back to 10. 

Thanks!

:28289


This thread was automatically locked due to age.
  • 0

    HI,

    What version of 10 was installed on these clients when they had the problem?  10.0.6 or 10.0.7? 10.0.7 is the latest as of now but you may have had 10.0.6 on the clients when they had the problem.

    Can you try 10.0.7 on one of the clients (including a reboot) that was having the issue, even if you have to create a new group, a new subscription and updating policy.

    Regards,

    Jak

    :28307
  • 0

    Hi Jak,

    I didn't catch if the clients had upgraded to .7 before I switched the subsciption back down to 9. I just created an Endpoint 10 test group and moved a client that was previously having the issue into that group. I verified that 10.0.7 was installed, so we'll see if that does the trick. 

    Thanks,

    -MRCUR

    :28309
  • 0

    Hi,

    I suspect it should, point 3 of the 10.0.7 release notes:
    http://downloads.sophos.com/readmes/sesc_100_rneng.html
    has:

    (DEF82657, DEF82770) With Sophos web protection or web control turned on, some computers randomly encounter failures on startup, requiring a forced restart. The failures are logged in the Windows Event Log, and the log entries show application crashes that are caused by ntdll.dll.

    Regards,
    Jak

    :28315
  • 0

    The new version seems to have done the trick with my test users, so I'll deploy more widely and see how it goes. 

    Thanks!

    -MRCUR

    :28595