Update over HTTP through Forefront TMG

Can you check all the MIME types are correct.  The article below was updated recently and the extension .bd2  was added.

http://www.sophos.com/support/knowledgebase/article/61560.html

Thank you for your quick reply.

I've added the missing MIME type, but to no avail. To be honest, I did not expect it to make a difference, since updating directly from IIS works, but not through an ISA or TMG server.

That is to say: it seems regular IDE updates work fine, but some stronger update, such as any engine update, fails.

After emptying the cache, the log shows:

Trace(2011-Sep-02 22:14:20): CIDSync(CidSyncMessage): vdl07.vdb
Trace(2011-Sep-02 22:14:20): CIDSync(CidSyncMessage): program files\Sophos\Sophos Anti-Virus\TamperProtectionControl.dll
Trace(2011-Sep-02 22:14:20): CIDSync(CidSyncMessage): CommonAppData\Sophos\Sophos Anti-Virus\Config\bootstrap.xml
Trace(2011-Sep-02 22:14:20): CIDSyncCallback, SynchronisationTerminated - Code = -2147217663
Trace(2011-Sep-02 22:14:20): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\savxp.map
Trace(2011-Sep-02 22:14:20): CIDUpdateLocation::SyncProduct: Failed to update product (SAVXP) from "http://updates.domain.com/antivirus/xp/", Error is :CIDSYNC_E_RCIDERROR (Remote CID is corrupted.)
Trace(2011-Sep-02 22:14:20): CIDUpdate(CIDDownloadFailed): SAVXP, http://updates.domain.com/antivirus/xp/

Any clue?

HI,

Have you tried removing the CID and letting SUM re-create it?

Also is it right that only one client is failing in this way?  I wonder if the error might be due to a local problem on the client and the CID perhaps means the local cache in this context? 

As a test, delete the CID, let SUM re-create it.  Try an update now, if the same problem, delete on the client the "contents" of "C:\ProgramData\Sophos\AutoUpdate\cache\" and delete: "C:\ProgramData\Sophos\AutoUpdate\data\status \status.xml" and let the client update.  Does that help?

Jak 

Thanks for the suggestions.

I've removed the CID and recreated it.

I've also emptied the cache on the client and removed the status file.

It is correct that only clients that connect through Forefront TMG (ISA server) fail: updating over LAN is succesful.

Therefore maybe I should rephrase my question: what is specific for engine updates -compared to definition updates- that could be blocked by a firewall?

Hello Arcesilaus,

could you resolve your problem? If not - it looks like the error occurs when the bootstrap.xml file is downloaded. Could it be that TMG somehow fiddles with its contents?

Christian

Hi QC

Please accept my apologies for the late reply: I was away for a week (only week of leasure this year) and I am currently in a intense educational program (non-IT), so time to investigate this any further has been limited.

I've posted the issue also on the TMG forum, since it seems the issue lies with the TMG machine, not with Sophos.

I will hint at the way the XML file is treated in that thread and report back here as soon as I've got a clue and/or solution.

Update:

It looks like the XML file was indeed the problem.

Looking at the log files in TMG, I found that the XML file, together with the TEXT files, were not labeled as MIME-type "application/Sophos-X". 

As a consequence, the files were compressed, since HTTP compression was enabled.

SUM cannot perform decompression, so the file was not recognized.

Having turned off the compression, it works again!

I need to confirm with remote clients, but it looks promising. 

As soon as I am sure the solution works, I will confirm here and mark the post as solved.

For now, thank you very much for the golden tip!

HI There,

I have exactly the same issue as you but I don't seem to be able to get round it. Is it possible to share how you configured your publishing rule in TMG as I am getting a web proxy chaining error.

If you could help me out that would be really appreciated my email is jamie.cox@cnlsoftware.com.

Many thanks in advance

Jamie