Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 22 replies
  • Subscribers 1 subscriber
  • Views 49654 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

80040404 Threat detection data update failed.

tomerb

We have a central update manager that's providing updates for several local servers via http. The whole system worked fine until just a few weeks ago. I think the cause of the problem was the release of SEC 10.0.4, but I'm not sure about that.

The central update manager has the following subscriptions:

9.5 - recommended

9.7 - recommended

10.0 - recommended

The local severs have a full installation of SEC 5.0 and are subscribed to either 9.5 and 10.0 or 9.7 and 10.0.

A few weeks ago seemingly all local servers started issuing 80040404/80040401/80040406 error messages. I've tried the procedure described here

http://www.sophos.com/en-us/support/knowledgebase/66176.aspx

on central as well as local servers - no success.

I've "split" the subscription on the central server into 10.0.3 and 10.0.4 and tried either subscription on one of the local servers - no success.

Finally, I did a complete re-install on a test server (local server) and even that didn't help. Looking at the files I found out, though, that the Sxxx directories are completely missing on the local server whereas the Warehouse seems to be filled normally (~250MB).

Any suggestions?

:24987


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I've looked into this and SEC 5.0 and SEC 5.1 use a different version of the Patch package as used by SEC.  If you look under the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Products\SophosPA

    The Line value GUID is the same but the version is different.  For SEC 5.0 = version 1 and SEC 5.1 = version 2.

    SEC 5.0 can't use the version 2 patch package, and SEC 5.1 can't use the version 1 version.  So the "Warehouse" directory the SUM updates from needs to contain the version specific files.  As the "Warehouse" can't contain both (as they are the same package, just differnet versions), a SEC 5.1 server has to update from a Warehouse created on a SEC 5.1 install and the same for version 5.0. 

    If you're only using the top level SEC+SUM to create a "Warehouse" directory to be moved/shared out for child sites, you could install SEC 5.0 and SEC 5.1 in parallel (2 comptuers) in order to create 2 different "Warehouse" directories to be made available to different versions below.

    In the case of an air-gap setup, where Patch is not supported you could just remove the key: SophosPA
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Products\SophosPA

    on the "clients" and  this would change the config of SUM not to subscribe to Patch, this will result in the SUM being able to continue working as it won't look for the files.

    Hope this helps explains what you saw but the easisest solution is to get the versions in-line where possible.

    Regards,

    Jak

    :26391
Reply
  • 0

    Hi,

    I've looked into this and SEC 5.0 and SEC 5.1 use a different version of the Patch package as used by SEC.  If you look under the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Products\SophosPA

    The Line value GUID is the same but the version is different.  For SEC 5.0 = version 1 and SEC 5.1 = version 2.

    SEC 5.0 can't use the version 2 patch package, and SEC 5.1 can't use the version 1 version.  So the "Warehouse" directory the SUM updates from needs to contain the version specific files.  As the "Warehouse" can't contain both (as they are the same package, just differnet versions), a SEC 5.1 server has to update from a Warehouse created on a SEC 5.1 install and the same for version 5.0. 

    If you're only using the top level SEC+SUM to create a "Warehouse" directory to be moved/shared out for child sites, you could install SEC 5.0 and SEC 5.1 in parallel (2 comptuers) in order to create 2 different "Warehouse" directories to be made available to different versions below.

    In the case of an air-gap setup, where Patch is not supported you could just remove the key: SophosPA
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\EE\Products\SophosPA

    on the "clients" and  this would change the config of SUM not to subscribe to Patch, this will result in the SUM being able to continue working as it won't look for the files.

    Hope this helps explains what you saw but the easisest solution is to get the versions in-line where possible.

    Regards,

    Jak

    :26391
Children
No Data