endpoint on different subnet. Installs but will not update.

Hello joea,

first of all some clarification: mrinit.conf is for the RMS component, i.e. communication with the management server. It has nothing to do with updating - indeed the install of RMS is not required for AutoUpdate/SAV to work. The update location is either a share (UNC path) or a web folder.

During manual (interactive) install using the GUI the update location is set to the location of setup.exe. As you've successfully accessed the share to run setup.exe it should in principle work - unless you did not specify the correct credentials. (or none at all) - but anyway the behaviour is the same regardless of the (sub)net the client is in.

When installing from the share it works similar to Protect computers: AU is installed first which then accesses the update location, downloads the other components and installs them. If the credentials were incorrect/missing it will fail already at this step - you'll notice that the GUI is rather sparse and only the items belonging to update will be active.  

I can see the router dropping netbios calls on the subnet

As said, updating does use a UNC path (and indirectly the ports/protocols the API provides - usually 445 is tried first, then legacy NetBIOS). As it worked for running setup.exe it should also work for updating. Thus my first guess would be incorrect credentials (if the install did not complete). If the install was successful and everything worked (including RMS) then it could be the updating policy the client received from the console - if it specifies an update location inaccessible from the subnet (e.g. a non-routable IP or a name which can't be resolved on the subnet) subsequent  updating will fail.

Hope this helps to resolve the issue.

Christian     

ok, so, if I attempt to browse windows network, it fails.  Likely due to the routing issue.   However, if I put in "\\server.ip.address\" in the browse address line, it finds the server and install folders.

I can run setup from there.    How can I get the server IP into the update configuration?

Hello joea,

likely setup.exe has correctly put the IP into the initial configuration. You can check the update location using Configure updating from the client's Sophos GUI and/or View updating log shows you the location it attempted to update from. Now you didn't say whether the client "appeared" in the console and if so, whether it has been put into a specific group.  

To rephrase the least sentence from my previous post (as some of the information was apparently new to you you might have missed it): Once the client's RMS successfully connects to the management server it configures updating according to the policy - probably the policy contains a name and not an IP.  This would explain the successful install and subsequent updating failure - but it is just a guess.

If the above does not apply you should check the ALUpdate log in [%ProgramData%|%ProgramFiles%]\Sophos\AutoUpdate\Logs for details of the failure.

Christian

Thanks.   Good info.  

But the immediate problem was more that I had forgotten some basic windows networking facts.   Update was looking for the update location by "name".   I did not have WINS setup, nor any entry in LMHOSTS.

When I placed the IP and update server host name in LMHOSTS,  Update does find the update location and runs to completion.  Immediate problem solved for that PC.   Now, to setup a WINS server.   Just for fun.

You know the old story about the shoemakers kids always having holes in their shoes?   Well, simlar for some smaller networks.

Thanks for the TIPS.     I was going to post this last night, when discovered, but for some reason, I could not get back in to the forums, at least, was not able to post a reply.