Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 23164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Download of Sophos AutoUpdate Failed from server \\SUM\share - 6b

JoshMcCracken

I'm having issues with 1 SUM. This is the only SUM that clients are getting this error message from.

The SUM is recieving updates in line with the other 3 SUMs and no error messages are reporting on the SUM.

This is what I tried:

1. Stop services (Sophos Agent, Sophos Message Router, Sophos Update Manager)

2. Delete the folders \\ksrcandc-b\SophosUpdate\CIDs & \\ksrcandc-b\SophosUpdate\Warehouse - as these folders might be corrupt and a re-download will fix

3. Start the services back up

4. OPen the SEC and update now - binaries download etc... folders/files reappear

5. Go to the clients with the error and update now/comply with configuration -- nothing

-View computer details each client shows the error detailed in the subject of this post

6. Go to a few of the clients (mix of xp and windows 7) look in the Update settings, verify the correct credentials are used - yes.

7. Go to the log and see after updating:

-Could not connect to the Server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details. - Yes as said before credentials look correct and there are no proxy configuration needed.

Stuck, not sure what else to try.

Any suggestions would be great.

:53263


This thread was automatically locked due to age.
  • 0

    Hello Josh,

    do all endpoints updating from this SUM get this error (and: do you have a Secondary location defined, does SEC say the endpoints are up to date)?

    Please check the detailed update log (ALUpdate.... in [%ProgramData%|%ProgramFiles]\Sophos\AutoUpdate\Logs\), the error should be shortly after lines similar to

    Trace(time-stamp): Logging on network access user
Trace(time-stamp): Attempting to make a connection to remote machine ...

    There might be a more specific reason for the failure. Feel free to post a snippet here.

    Christian

    :53271
  • 0 
    Trace(2014-Sep-11 08:16:49): Logging on network access user
Trace(2014-Sep-11 08:16:49): Attempting to make a connection to remote machine \\KSRCANDC-B\SophosUpdate\CIDs\S000\SAVSCFXP
Trace(2014-Sep-11 08:17:00): CIDUpdate(Info): \\KSRCANDC-B\SophosUpdate, DRESDENIND\SophosUpdate, 86
Trace(2014-Sep-11 08:17:00): Custom certificate already present.
Trace(2014-Sep-11 08:17:00): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\escdp.dat
Trace(2014-Sep-11 08:17:00): Remote connection over UNC.
Trace(2014-Sep-11 08:17:04): File master.upd not found (Remote). Return code 0x80040f04
Trace(2014-Sep-11 08:17:04): Unable to read file master.upd (Remote)
Trace(2014-Sep-11 08:17:04): Unable to synchronise file root.upd.
Trace(2014-Sep-11 08:17:04): Unable to synchronise file escdp.dat.
Trace(2014-Sep-11 08:17:04): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\ProductID.dat
Trace(2014-Sep-11 08:17:04): Unable to synchronise file ProductID.dat.
Trace(2014-Sep-11 08:17:04): File root.upd recovered.
Trace(2014-Sep-11 08:17:04): File escdp.dat recovered.
Trace(2014-Sep-11 08:17:04): File ProductID.dat recovered.
Trace(2014-Sep-11 08:17:09): Error -2147217660 in ReadCustomerIDFile
Trace(2014-Sep-11 08:17:09): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}
Trace(2014-Sep-11 08:17:09): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT
Trace(2014-Sep-11 08:17:09): CIDUpdate(SyncProduct.Start): RMSNT, \\KSRCANDC-B\SophosUpdate\CIDs\S000\SAVSCFXP
Trace(2014-Sep-11 08:17:09): CIDUpdateLocation::Sync - Updating from local CID: \\KSRCANDC-B\SophosUpdate\CIDs\S000\SAVSCFXP\rms
Trace(2014-Sep-11 08:17:09): CIDSync(CidSyncMessage): 
Trace(2014-Sep-11 08:17:14): CIDSyncCallback, SynchronisationTerminated - Code = -2147024809
Trace(2014-Sep-11 08:17:14): CIDSyncCallback, SynchronisationTerminated - MapFile = C:\ProgramData\Sophos\AutoUpdate\cache\rms.map
Trace(2014-Sep-11 08:17:14): CIDSync(CidSyncMessage): \\KSRCANDC-B\SophosUpdate\CIDs\S000\SAVSCFXP\rms,  
Trace(2014-Sep-11 08:17:14): CIDUpdateLocation::SyncProduct: Failed to update product (RMSNT) from "\\KSRCANDC-B\SophosUpdate\CIDs\S000\SAVSCFXP", Error is :CIDSYNC_E_SRCNOTFOUND (Source not found.)
Trace(2014-Sep-11 08:17:14): CIDUpdate(CIDDownloadFailed): 
Trace(2014-Sep-11 08:17:15): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 0
Trace(2014-Sep-11 08:17:15): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 0
Trace(2014-Sep-11 08:17:15): UpdateLocationFacade::SyncProduct: Last Update Mechanism = Unknown
Trace(2014-Sep-11 08:17:15): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started: 
Trace(2014-Sep-11 08:17:15): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
Trace(2014-Sep-11 08:17:15): Calling package_source_init
Trace(2014-Sep-11 08:17:15): TrySyncProduct, Calling BeginSync

    On the client this is the log that is showing.

    Yes all the clients are getting the same error.

    All clients have a secondary update server which points to Sophos.

    All clients are reporting up to date.

    :53279
  • 0
    Hello Josh,

    the third line which names the share and the user (is DRESDENIND a domain?) ends with 86 which is a standard Windows error code meaning "password incorrect" .... so ...

    Christian
    :53283
  • 0

    What do you suggest I do? The account is not locked and the password has not changed. Even when I do a manual edit

    in C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg and try and update the from the client I'm not able to establish a connection to the server.

    :53285
  • 0
    Hello Josh,

    is this a domain account? If so, is KSR... able to verify the credentials? A quick test is mapping the share from an endpoint using exactly these qualified credentials.

    Christian
    :53287
  • 0

    Yes, this is a domain account.

    I am able to get to the share.

    :53289
  • 0

    Hello Josh,

    I am able to get to the share

    from where (i.e. one of the affected computers) and how (net use ... or Explorer's Map network drive ...)? Thinking about it - wrong credentials usually result in error 1326, not 86 (although the latter specifically means incorrect password). The "small number" code suggests an issue with the LAN Manager authentication level (the use of LM, NTLM and NTLMv2). This is most often (due to the default policy settings) seen when a Windows Version 6.x+ client tries to access an older server (e.g. Win7 to W2k) - as XP endpoints suffer as well this might not apply.   

    So, dunno if this helps. One more thing - have a look at the Security Event logs.

    Christian

    :53303
  • 0

    I think I have the solution...

    I modified the securities on the share... giving Authenticated users read, and system full control (replicating the working SUMs shared folder) Now I've started pushing out the AV client to the end users and I see my error list slowly drop. Hopefully this continues.

    Thanks for all your suggestions QC.

    :53305