Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 22 replies
  • Subscribers 1 subscriber
  • Views 49640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

80040404 Threat detection data update failed.

tomerb

We have a central update manager that's providing updates for several local servers via http. The whole system worked fine until just a few weeks ago. I think the cause of the problem was the release of SEC 10.0.4, but I'm not sure about that.

The central update manager has the following subscriptions:

9.5 - recommended

9.7 - recommended

10.0 - recommended

The local severs have a full installation of SEC 5.0 and are subscribed to either 9.5 and 10.0 or 9.7 and 10.0.

A few weeks ago seemingly all local servers started issuing 80040404/80040401/80040406 error messages. I've tried the procedure described here

http://www.sophos.com/en-us/support/knowledgebase/66176.aspx

on central as well as local servers - no success.

I've "split" the subscription on the central server into 10.0.3 and 10.0.4 and tried either subscription on one of the local servers - no success.

Finally, I did a complete re-install on a test server (local server) and even that didn't help. Looking at the files I found out, though, that the Sxxx directories are completely missing on the local server whereas the Warehouse seems to be filled normally (~250MB).

Any suggestions?

:24987


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    That file you call out is "vvf.xml".  "vvf.xml" comes with the SAV package but also is downloaded as part of the SEC data package.  

    The files in the SEC data package are put there by SUM, i.e. on 2008+:
    "\programdata\sophos\Sophos Endpoint Management\5.0\Updates\Secure\SDFs\SophosMA\sec\MSDC\vvf.xml"

    Note: maybe in a slightly different location if you've upgrades as the directory is maintained. 

    This appears to be a hardlink to the file in the warehouse directory, which explains the different permissions.  To prove it you can run:

    fsutil hardlink "C:"\programdata\sophos\Sophos Endpoint Management\5.0\Updates\Secure\SDFs\SophosMA\sec\MSDC\vvf.xml"

    Will show the link to the file in the warehouse.

    Running AccessEnum (http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx ) against the Warehouse directory will highlight the files with different permissions.  These mush be each of the dat files associates with the files in the directory mentioned above.

    This file type wouldn't be signed as it's just an XML data file.

    Regards,

    Jak

    :25039
Reply
  • 0

    Hi,

    That file you call out is "vvf.xml".  "vvf.xml" comes with the SAV package but also is downloaded as part of the SEC data package.  

    The files in the SEC data package are put there by SUM, i.e. on 2008+:
    "\programdata\sophos\Sophos Endpoint Management\5.0\Updates\Secure\SDFs\SophosMA\sec\MSDC\vvf.xml"

    Note: maybe in a slightly different location if you've upgrades as the directory is maintained. 

    This appears to be a hardlink to the file in the warehouse directory, which explains the different permissions.  To prove it you can run:

    fsutil hardlink "C:"\programdata\sophos\Sophos Endpoint Management\5.0\Updates\Secure\SDFs\SophosMA\sec\MSDC\vvf.xml"

    Will show the link to the file in the warehouse.

    Running AccessEnum (http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx ) against the Warehouse directory will highlight the files with different permissions.  These mush be each of the dat files associates with the files in the directory mentioned above.

    This file type wouldn't be signed as it's just an XML data file.

    Regards,

    Jak

    :25039
Children
No Data