Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

End point 10.0 uninstall itself after reboot and re-install 9.5

BopBop

We have upgraded  End Point console 4.5 to 5.0 last week and  gradually updating all the pc to 10.0

Our Network

Sophos management server – Windows 2003 SP2

End point console 5.0

Previous version of End point 9.5

Active Directory sync

We have close to 50 Groups in End Point console sync with  AD

As we gradually installing Sophos this is what happening

1)      When we push 10.0 from the console some computer install the new 10.0, but in same OU some computer do nothing.

2)      Those computer not updating from Console, I tried to pull Sophos from the client PC.

3)      When I pull Sophos it will install the new anti virus 10.0 , you can see the new 10.0 shield. And all update done.

4)      Reboot the computer or manually do” Update now” , it will re-install 9.5 and auto update path goes back to old path ( 9.5) path.

5)      I opened a case with Sophos teach support. They haven’’’’t had this problem so far.

6)      They requested me to delete C:\Program Files\Sophos\AutoUpdate\Cache

7)      Done that and try to push , nothing happens.

8)      After deleting cash , pull Sophos from client PC.

9)      Again it will install  10.0 and then after reboot it will re-install 9.5

Only way I am successful if I do this

1)      Change the iconn.cfg

2)      Manually put the 10.0 update path in Sophos console and update the computer . then it will keep 10.0

Hope Sophos teach supports finds a solution for me, because I have at least 800 computers in 270 location in this situation. Remaining 500  PC updated without any problem.

Did any one encounter this problem yet?

Sam

:20291


This thread was automatically locked due to age.
  • 0
    Hello BopBop,

    How many syncpoints do you have? As you said "gradually" there must be several.
    I'm not sure I understand how you do it. Normally there is no need to push the install - either you change the updating policy or the underlying subscription and the clients will up-(or down-)grade to whatever version the policy is pointing to.
    As for 4) the "old" path likely exists before the downgrade - it's the cause, not the result - and it looks like this is the path the clients get from the console. (as an aside: please be careful with the terminology. "console" should refer to the SEC while the thingy on the client is better named GUI - I was at first confused reading your success point 2).

    So - what are the steps before your step 1)? Assign a different policy to the syncpoint and immediately afterwards protect computers? Or?

    Christian
    :20295
  • 0

    In SEC under computer groups we have groups –3 groups - Laptop, workstation, Server.

    Under laptops we have 11 groups –, under workstation  we have 33 groups such as Corporate, Washington, etc. all groups are synced with AD OU.

    These are the steps I took

    1)      Created new Software subscription ( Sophos 10.0)  and downloaded 10.0 . that created  CIDs folder -S000 under shared path \\servername\SophosUpdate\CIDs\S000\SAVSCFXP

    2)      We have multiple update policy – laptops , server, workstation. Change the update policy subscription and pointed to Sophos 10.0

    3)      Once I changed the policy in SEC, it should have automatically update all the laptops. But it didn’’’’t.

    4)      So I called Sophos Tech support and they said “  Yes it should update automatically but we have heard some customer had problem with it, we suggest you manually push update ( protect computer wizard) and update computers.

    5)      Now I started pushing update from SEC.

    6)      Group Computer> Laptop>corporate has 90 laptops. All are XP. When I push out of 90 laptop 30 laptop updated to 10.0 , however reaming 60 laptop didn’’’’t update to 10.0

    7)      Then I  pull update  from GUI by going to \\servername\SophosUpdate\CIDs\S000\SAVSCFXP

    8)      Now after installing the new 10.0  , when laptop is rebooted it install 10.0 and I can see update path change to \\servername\SophosUpdate\CIDs\S001  ßthis is the 9.5 update path.

    9)      I know my policy is correct. I checked it , and some computes are updating in same groups with same update policy and retaining  the update path.

    Hope this helps you to understand.

    :20299
  • 0

    Hi,

    For a machine to revert locations it would suggest either:
    1. The policy is wrong.

    2. Inelligent updating is getting confused.
    3. There is sauconf.xml in the CID, that is redirecting the endpoints.

    I would suggest:
    1. Check that the mappings from the machine to group to updating policy to subscription are correct first.

    2. Check that the updating policy doesn't have intelligent updating on (this will rule that out).
    3. Check that in either CID the client is pointed to there isn't a sauconf.xml in there which is re-directing the client.

    Hope this helps.

    Regards,

    Jak 

    :20305
  • 0
    Hm, sauconf.xml should affect all clients updating from this CID. IU could interfere but this sounds like a single-location setup.
    It might sound arrogant - but if two out of three clients fail to update automatically suggesting protect computers as "fix" is not wise. Now I can't say if Support was aware of the extent of the problem. Anyway, before forcing the install a policy transfer should have been forced and the results examined - i.e. did all clients in the group process the policy and report compliance?
    As local configuration seems to solve the problem there might be an issue applying the policy from SEC. I'd run a few tests whether the clients correctly process the updating policy.

    Christian
    :20307
  • 0

    Ok .. here is the current status

    1)      I used same Update policy to other computers and updated 937 computers since yesterday. All are working ok.

    2)      In the OU where I am having problem it has 65 computers.

    a)      35 computers installed 10.0 and up-to-date. I just pushed it this morning SEC and it works.

    b)      30 of the computers are having problem.

    After  looking  at  in the GUI I find this

    1)      In properties of update manager  user name is host-server-name/SophosupdatMGR

    2)      When I look at the UNC CID security I have domain- name/SophosupdateMGR assigned.

    3)      Wouldn’’’’t user name for update manager should be domain- name/SophosupdateMGR in stead of host-server-name/SophosupdatMGR?

    4)      From SEC I see updating policy  in all these computers and those are working are all same

    5)      For  troubleshooting purpose I created a new update policy and applied the policy in this Group and it updated the updating policy ok.

    :20367