Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 8909 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't execute Auto Update

massiperli

Hello,

my Sophos can't auto update. This is what I can see from my log files. For every auto update I obtain this code.

ALUpdate(AutoUpdate.Started): ***************          Sophos AutoUpdate started          ***************
Trace(2013-May-13 06:27:49): UpdateCoordinator::UpdateNow: Entering
Trace(2013-May-13 06:27:49): PopulateCache: Entering
Trace(2013-May-13 06:27:49): UpdateCoordinator::UpdateNow: About to Sync list of products
Trace(2013-May-13 06:27:49): UpdateLocationFacade:: SyncProduct: Last Update Mechanism = CID
Trace(2013-May-13 06:27:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
Trace(2013-May-13 06:27:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2013-May-13 06:27:49): Calling package_source_init
Trace(2013-May-13 06:27:49): TrySyncProduct, Calling BeginSync
Trace(2013-May-13 06:27:49): Custom certificate already present.
Trace(2013-May-13 06:27:49): CalculateChecksum. Processing file C:\Program Files\Sophos\AutoUpdate\cache\escdp.dat
Trace(2013-May-13 06:27:49): Remote connection over HTTP.
Trace(2013-May-13 06:27:50): Read file master.upd (Remote).
Trace(2013-May-13 06:27:50): Synchronised file root.upd (Local).
Trace(2013-May-13 06:27:50): Synchronised file escdp.dat (Local).
Trace(2013-May-13 06:27:50): ParseCustomerIDFile: completed: 0
Trace(2013-May-13 06:27:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: SyncProduct - Updating Product: RMSNT
Trace(2013-May-13 06:27:50): CIDUpdate(SyncProduct.Start): Downloading product RMSNT from server http://xxx
Trace(2013-May-13 06:27:50): Checksum found in master.upd matches cached cidsync.upd : 4aa715fb. Skipping download
Trace(2013-May-13 06:27:50): CIDUpdate(PrimarySuccess): Product cache update from primary server successfully finished
Trace(2013-May-13 06:27:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
Trace(2013-May-13 06:27:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
Trace(2013-May-13 06:27:50): UpdateLocationFacade:: SyncProduct: Last Update Mechanism = CID
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: SyncProduct - Updating Product: SAVXP
Trace(2013-May-13 06:27:50): CIDUpdate(SyncProduct.Start): Downloading product SAVXP from server http://xxx
Trace(2013-May-13 06:27:50): Checksum found in master.upd matches cached cidsync.upd : 6cf207d5. Skipping download
Trace(2013-May-13 06:27:50): CIDUpdate(PrimarySuccess): Product cache update from primary server successfully finished
Trace(2013-May-13 06:27:50): UpdateLocationFacade:: SyncProduct: Last Update Mechanism = CID
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: SyncProduct - Updating Product: Sophos AutoUpdate
Trace(2013-May-13 06:27:50): CIDUpdate(SyncProduct.Start): Downloading product Sophos AutoUpdate from server http://xxx
Trace(2013-May-13 06:27:50): Checksum found in master.upd matches cached cidsync.upd : 97afde11. Skipping download
Trace(2013-May-13 06:27:50): CIDUpdate(PrimarySuccess): Product cache update from primary server successfully finished
Trace(2013-May-13 06:27:50): ALUpdate(DownloadEnded): Downloading phase completed
Trace(2013-May-13 06:27:50): UpdateCoordinator::UpdateNow: About to Action list of products
Trace(2013-May-13 06:27:50): ALUpdate(Action.Skipped): Installation of RMSNT skipped
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: OnNullUpdate...
Trace(2013-May-13 06:27:50): CustomFileMap::CustomFileMap.  CachePath = C:\Program Files\Sophos\AutoUpdate\cache
Trace(2013-May-13 06:27:50): CustomFileMap::Read: Subfolder = rms productID = {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2013-May-13 06:27:50): CustomFileMap::Read: File path = C:\Program Files\Sophos\AutoUpdate\cache\rms.custom
Trace(2013-May-13 06:27:50): CustomFileMap::Read: File exists and appears valid.
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: OnNullUpdate complete.
Trace(2013-May-13 06:27:50): ALUpdate(Action.Skipped): Installation of SAVXP skipped
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: OnNullUpdate...
Trace(2013-May-13 06:27:50): CustomFileMap::CustomFileMap.  CachePath = C:\Program Files\Sophos\AutoUpdate\cache
Trace(2013-May-13 06:27:50): CustomFileMap::Read: Subfolder = savxp productID = {E17FE03B-0501-4aaa-BC69-0129D965F311}
Trace(2013-May-13 06:27:50): CustomFileMap::Read: File path = C:\Program Files\Sophos\AutoUpdate\cache\savxp.custom
Trace(2013-May-13 06:27:50): CustomFileMap::Read: File exists and appears valid.
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: OnNullUpdate complete.
Trace(2013-May-13 06:27:50): ALUpdate(Action.Skipped): Installation of Sophos AutoUpdate skipped
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: OnNullUpdate...
Trace(2013-May-13 06:27:50): CustomFileMap::CustomFileMap.  CachePath = C:\Program Files\Sophos\AutoUpdate\cache
Trace(2013-May-13 06:27:50): CustomFileMap::Read: Subfolder = sau productID = {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2013-May-13 06:27:50): CustomFileMap::Read: File path = C:\Program Files\Sophos\AutoUpdate\cache\sau.custom
Trace(2013-May-13 06:27:50): CustomFileMap::Read: File exists and appears valid.
Trace(2013-May-13 06:27:50): CIDUpdateLocation:: OnNullUpdate complete.
Trace(2013-May-13 06:27:50): RMSMessageHandler: ALUpdateEnd
Trace(2013-May-13 06:27:50): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2013-May-13 06:27:50): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2013-May-13 06:27:50): IPCSender:: ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
Trace(2013-May-13 06:27:50): IPCSender:: ProcessSend: No messages in queue, starting to wait
Trace(2013-May-13 06:27:51): IPCSender:: ProcessSend exiting
Trace(2013-May-13 06:37:49): ALUpdate started: -ScheduledUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"
Trace(2013-May-13 06:37:49): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has been added.
Trace(2013-May-13 06:37:49): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  available from Sophos.
Trace(2013-May-13 06:37:49): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  the Spam Rules package.
Trace(2013-May-13 06:37:49): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
Trace(2013-May-13 06:37:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
Trace(2013-May-13 06:37:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
Trace(2013-May-13 06:37:49): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
Trace(2013-May-13 06:37:49): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
Trace(2013-May-13 06:37:49): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
Trace(2013-May-13 06:37:49): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
Trace(2013-May-13 06:37:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
Trace(2013-May-13 06:37:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
Trace(2013-May-13 06:37:49): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
Trace(2013-May-13 06:37:49): Computer is a possible cluster
Trace(2013-May-13 06:37:49): GetClusterName - attempting to open the cluster.0
Trace(2013-May-13 06:37:49): Failed to open ISCluster object. Error 0x800706d9
Trace(2013-May-13 06:37:49): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
Trace(2013-May-13 06:37:49): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
Trace(2013-May-13 06:37:49): Considering subscribed products.
Trace(2013-May-13 06:37:49): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
Trace(2013-May-13 06:37:49): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
Trace(2013-May-13 06:37:49): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
Trace(2013-May-13 06:37:49): IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4
Trace(2013-May-13 06:37:49): IPCSender:: ProcessSend started
Trace(2013-May-13 06:37:49): IPCSender:: ProcessSend: No messages in queue, starting to wait
Trace(2013-May-13 06:37:49): RMSMessageHandler: ALUpdateStart
Trace(2013-May-13 06:37:49): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2013-May-13 06:37:49): IPCSender:: ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
Trace(2013-May-13 06:37:49): IPCSender:: ProcessSend: No messages in queue, starting to wait

Someone can help me?

Best Regards,

Massimiliano Perlini

:40001


This thread was automatically locked due to age.
  • 0

    Hello Massimiliano,

    this looks like an "idle" update, i.e. the client checks and determines it is up to date. The only out of the ordinary is

    Trace(2013-May-13 06:37:49): Computer is a possible cluster
    Trace(2013-May-13 06:37:49): GetClusterName - attempting to open the cluster.0
    Trace(2013-May-13 06:37:49): Failed to open ISCluster object. Error 0x800706d9

     but this is not considered an error by AutoUpdate (don't ask me what the cluster check does). Why do you think there's somethig wrong?

    Christian

    :40007
  • 0

    Hello Christian,

    because it seems that Sophos never update itself. I gave a look at the ide downloaded into the folder of the definitions and the last downloaded was in late April. If I go to this link (http://www.sophos.com/downloads/ide/) and I compare the definitions downloaded by my antivirus and the latest one from Sophos, mine are definitely out of date. And if I give a look at the log file, it seems that Sophos always skip the download (Checksum found in master.upd matches cached cidsync.upd : 4aa715fb. Skipping download) or skip the installation process (ALUpdate(Action.Skipped): Installation of SAVXP skipped). I can't understand if it's a problem of the antivirus or from I download the new definition (CIDUpdate(SyncProduct.Start): Downloading product SAVXP from server http://xxx). I made some research, and some people suggest to follow this steps (http://kb.theijssen.it/printEntry/179):

    1. Stop the Sophos AutoUpdate service in Windows Services.

    2. Delete contents of the following folder: C:\ProgramData\Sophos\AutoUpdate\Cache

    3. Delete contents of the following folder: C:\ProgramData\Sophos\AutoUpdate\Data\Warehouse

    4. Delete contents of the following folder: C:\ProgramData\Sophos\AutoUpdate\Data\Channels

    5. Delete c:\ProgramData\Sophos\AutoUpdate\data\status\status.xml

    6. If any "pmsr_tempXX" folders exist within: c:\Program Files\Sophos\PureMessage\ please move them to a new folder within the Puremessage directory.

    7. Delete the contents of the following folder c:\Program Files\Sophos\PureMessage\datadir (you may need to stop the Puremessage service).

    8. Restart the Sophos AutoUpdate service.

    9. Run an update (you may need to watch the alc.log to view its progress).

    And from a thread of this forum, I find this step (/search?q= 18895):

    Remove the following security permissions on these folders: 

    1.     C:\Program Files\Sophos\Sophos Anti-Virus

    2.     C:\Documents and settings\All Users\Application Data\Sophos

    3.     C:\Program Files\Sophos And add the following Security permissions on:

    And add these permissions on: 

    Users - Read & Execute, List Folder Contents, Read

    Administrators - Full ControlCreator Owner - Full Control (special - subfolders and files only)System - Full Control

    Everyone - Read & Execute, List Folder Contents, Read

    Power Users - Modify

    Can one of this two solutions be helpful for my case?

    Best Regards,

    Massimiliano Perlini

    :40011
  • 0

    Hello Massimiliano,

    I see. From the logs I get it you are downloading via HTTP (guess you only anonymised the server). Looks like the CID is stale, i.e. it is not updated on the server. You should contact your Sophos administrator (or whoever is responsible for the server). 

    Christian

    :40013
  • 0

    Hello Christian,

    Yes, I anonymised the server; I will contact the administrator and I will notice this fact. Do you know why the CID was not updated?
    Thank you so much for your time!

    Best Regards,

    Massimiliano Perlini

    :40019
  • 0

    Hello Massimiliano,

    Do you know why the CID was not updated?

    I'm not a diviner :smileyvery-happy: - seriously, there's quite a number of possible causes, only the administrator can tell (or should be able to find out).

    Christian

    :40029
  • 0

    Hello Christian,

    after the administrator updated the CID, all the definitions were downloaded and now Sophos was upgraded.

    Thank you for your time and for the help!

    Best Regards,

    Massimiliano Perlini

    :40055