Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 37 replies
  • Subscribers 1 subscriber
  • Views 51316 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 7 64bit and Sophos 9.7 Problem

Trevor

Hi,

Bit of a issue here which is baffling me.

Set up a new Subcription to 9.7 Recommended and created a new CID on AV server.

Setup a new Policy with the correct subscription which applies to a number of XP machines and 4 Windows 7 64bit machines.

The XP machines are all compliant with the new policy and have automatically upgraded from 9.5 to 9.7.

I've manually installed 9.7 to the Win 7 machines from the new CID (S002).

The issue I'm having is after 60 mins or so (automatic update schedule) the Win 7 workstations are checking for updates and then downgrading themselves back to version 9.5!

Both Win 7 and XP machines are sharing the same updating policy.

Any ideas?

:12561


This thread was automatically locked due to age.
  • 0

    Thanks, Trevor

    Now in the agent log there's always the same AU policy mentioned: RevID="{45C762D1-E334-432C-B489-5CC70320A9E9}" . Searching for this value in column CorrelationID in table Policies leads to a Type=1 (AU) policy. If there's no name in column Name but n*xxxxx...*xxx... (which is expected for a non-legacy policy) then looking up the value between the *s in the CorrelationID column leads to the Type=18 (AU) policy and its name.

    Can't say why the "endpoint id" changes several times - it corresponds to column IdentityTag in ComputersAndDeletedComputers and usually persists. Don't ask me how it is derived, when set and where it is stored.

    Dunno if this is of any help - I still have no idea what's causing this but to me it looks like it is indeed getting the policy from SEC.

    Christian

    :12827
  • 0

    time to hold my hand up and hang my head in shame. :smileysad:

    what i failed to notice in Econsole was that there was another sub-ou under IT workstations called Domain Admins which the windows 7 machines were part of.  This group hadnt been assigned the correct policy and was just taing the default updating policy.

    My mistake was going into the IT workstations OU group and scrolling down to the Win 7 machines instead of expanding the group below to view only the Win 7 machines.

    FACEPALM!

    Apologies to you Christian for wasting your time on this and thanks again.

      ........walks off into the distance shaking his head in embarrassment ......

    :12831
  • 0

    I have a thought. Can you check if the same machine name or IP address exists in the 'all computers' list on the SEC screen. I encountered a similar (not quite the same) problem when I cloned machines. What I saw is the same machine appearing in 2 groups with different IP addresses one day then different machines with the same IP address the next. To get around this, I completely unintalled the RMS from the client (removed the RMS folder) and reinstalled. If the unique client id isn't unique, the SEC maybe sending the policy for another machine in another group out to this client.

    Matt

    :12833
  • 0

    The joys of this 'at this level and below' default settings strikes again.:smileytongue:

    Matt

    :12835
  • 0

    thanks Matt.

    and to think my 17 posts in the forum have earned me the title of "Occasional Advisor"! :smileyhappy:

    :12837
  • 0

    Hey, be glad it was that easy :smileyvery-happy:

    Now just digging in my previous posts ... hmmm .... in the third post I just said same console group (to me it is clear that this is the bottom group but I should have stressed it) and later Or does S97 contain subgroups mirroring the OUs in AD? Still not to the point. I'll do better next time :smileywink:

    Cheers

    Christian

    :12839