Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 16002 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client's AutoUpdate is not configured

funkedup

After installing Sophos on a client, the AutoUpdate properties are not being configured per the policy.  

What is the normal process for a client to receive the AutoUpdate policy after Sophos is installed?

:56340


This thread was automatically locked due to age.
Parents
  • 0

    Hello funkedup,

    check in with SEC [...] Update Computers Now

    first of all, Update Computers Now instructs the endpoint to perform the same action as Update now from the taskbar icon, i.e. to check the update location for updates (threat detection data and software) and in case there are to download and apply them. BTW - the Comply with > command is for making an endpoint comply with a policy (further details below) 

    It's still not clear to me what the issue is though.

    AutoUpdate properties are not being configured per the policy

    The following should happen when you synchronize an AD container with Install ... automatically enabled:

    1. Endpoint is joined to AD and moved to the relevant container (or a subcontainer thereof)
    2. At the next synchronization the new computer is detected and moved to the applicable (sub-)group; it appears as unmanaged (grey) with those attributes that can be determined from AD (e.g. OS version)
    3. In case the OS is supported for deployment from SEC (Protect Computers) the management server attempts to contact the endpoint, create the installation task and schedule it for immediate execution (note that none of these steps is retried if it fails) 
    4. If successful the task runs setup.exe from the Primary location or the Initial Install Source specified in the (sub)group's policy; setup.exe runs CRT (Third Party Software Detection) if selected, then installs AutoUpdate setting the Primary from the policy as update location
    5. AutoUpdate installs RMS and the rest of the components   
    6. RMS connects to the server (SEC) initiating communication (from then on the endpoint should appear as managed), reporting computer and current policy details (note the Primary server in the Update Details should be correct) and the status of the endpoint; Policy compliance status should be Awaiting policy from console
    7. SEC sends the applicable policies; if it could connect to port 8194 on the endpoint the policies are sent (and applied) practically immediately, otherwise they are queued and sent when the endpoint next polls for messages (the interval is usually 15 minutes)

    How far do your endpoints get? If you don't see Updating Details (AutoUpdate properties are not being configured) that suggests that either the endpoints are not managed (i.e. the install failed - but then you should see an error) or that they have issues reporting their status.

    Christian 

    :56373
Reply
  • 0

    Hello funkedup,

    check in with SEC [...] Update Computers Now

    first of all, Update Computers Now instructs the endpoint to perform the same action as Update now from the taskbar icon, i.e. to check the update location for updates (threat detection data and software) and in case there are to download and apply them. BTW - the Comply with > command is for making an endpoint comply with a policy (further details below) 

    It's still not clear to me what the issue is though.

    AutoUpdate properties are not being configured per the policy

    The following should happen when you synchronize an AD container with Install ... automatically enabled:

    1. Endpoint is joined to AD and moved to the relevant container (or a subcontainer thereof)
    2. At the next synchronization the new computer is detected and moved to the applicable (sub-)group; it appears as unmanaged (grey) with those attributes that can be determined from AD (e.g. OS version)
    3. In case the OS is supported for deployment from SEC (Protect Computers) the management server attempts to contact the endpoint, create the installation task and schedule it for immediate execution (note that none of these steps is retried if it fails) 
    4. If successful the task runs setup.exe from the Primary location or the Initial Install Source specified in the (sub)group's policy; setup.exe runs CRT (Third Party Software Detection) if selected, then installs AutoUpdate setting the Primary from the policy as update location
    5. AutoUpdate installs RMS and the rest of the components   
    6. RMS connects to the server (SEC) initiating communication (from then on the endpoint should appear as managed), reporting computer and current policy details (note the Primary server in the Update Details should be correct) and the status of the endpoint; Policy compliance status should be Awaiting policy from console
    7. SEC sends the applicable policies; if it could connect to port 8194 on the endpoint the policies are sent (and applied) practically immediately, otherwise they are queued and sent when the endpoint next polls for messages (the interval is usually 15 minutes)

    How far do your endpoints get? If you don't see Updating Details (AutoUpdate properties are not being configured) that suggests that either the endpoints are not managed (i.e. the install failed - but then you should see an error) or that they have issues reporting their status.

    Christian 

    :56373
Children
No Data