Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 21052 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sav 10.3 client not updating

sealyit

hi all, have a couple of servers that fail to update.  i can push out the software just fine, but when i go to right click the shield, and go to update now, nothing happens.  nothing appears in the updating log either.

can anyone assist where i can start troubleshooting?  i've tried uninstalling and restinstalling, still the same problem.

Phil.

:50322


This thread was automatically locked due to age.
  • 0

    Anything in the log:

    • C:\Windows\Temp\Sophos AutoUpdate Setup log.txt
    • C:\Windows\Temp\Sophos AutoUpdate install log.txt
    • C:\Windows\Temp\Sophos Anti-Virus Major Install Log_[DATE].txt

    Search for the string 'return value 3' and 'error'.  Post extracts if you find something or the log(s) if unsure.

    :50330
  • 0

    hi Ruckus, please find attached logs that you requested, i had a look through but didn't understand most of it.

    these logs are from a server that i uninstalled and reinstalled sav from yesterday.  then something happened at around 9.30pm or so last night that made it stop reporting to the SEC.  when i try to push an "update computers now" from the sec, nothing happens...

    this is also a citrix server, and it appears that 6 out of 8 citrix servers are having reporting/updating issues since the 21/05/14 morning.

    Phil.

    :50376
  • 0

    i cannot seem to attach the third log file..

    it appears the Sophos AutoUpdate Setup log.txt is empty...

    :50378
  • 0

    Thanks for the logs - they show AutoUpdate and Anti-Virus are installed OK.

    So it looks like AutoUpdate isn't configured correctly or a problem with the program - and potentially a reporting issue from what you say.  First:  if you can reboot one of the servers and see if this helps?  From experience a reboot can help the Windows operating system unlock files and flush out pending reboot operations etc. and though often not easy for a busy server it can avoid a week or two of troubleshooting.

    If the problem continues I'd need to see quite a few logs from the rebooted server so running the SDU tool (linked below) on it (just the one rebooted with the problem) and opening a case is the best thing.

    SDU tool: http://www.sophos.com/en-us/support/knowledgebase/33533.aspx

    Open a case (link to this forum thread in the details): https://secure2.sophos.com/en-us/support/contact-support/support-query.aspx

    :50382
  • 0

    thanks for the reply ruckus.

    yeah i've tried restarting the server multiple times, but it stills says the server requires a restart and hasn't updated since the 21/5/14.  but if i look in the computer details tab in SEC, the last message time is the current day, so something is report to the SEC.  its just not getting any more updates, as the updating log does not seem to show any more.

    i've just logged a support case using the link you provided, however i'm not sure the sdu logs attached correctly or not...  its hard to tell with the sophos attaching feature.

    Phil

    :50420
  • 0

    I've checked the SDU and I cannot see either the ALC.log nor ALUpdate.log files.

    Can you check they exist on the computer?  These are the key logs to explain why it's failing to update.

    http://www.sophos.com/en-us/support/knowledgebase/43391.aspx#SAU

    :50444
  • 0

    We have been battling the same issue for at least a week.  Currently we have been escalate to global support who have confirmed this to be an issue with some users of the 10.3 client particularly if they do a web update rather than unc.  Wireshark logs show "SophosUpdate/CIDs/S006/SAVSCFXP/sau//sauconf.xml' is missing (that may be a symptom not the cause) and the update fails with "unable to locate file".  We have recreated the file using exportconfig.exe however we are unable to complete the steps in http://www.sophos.com/en-us/support/knowledgebase/13111.aspx, instead recieving a "cannot find CAC.PEM in the CID" error.

    For now, we have uploaded IIS logs, WIreshark logs, Sophos Diagnostic Utility (SDU) logs to Sophos.  

    :50456
  • 0

    i can confirm those logs do not exist on that server for some reason...

    i have checked another server that has not updated since the 21/5/14, and those logs do exist on that server.

    i have attached the logs for that citrix server.  it has also been restarted multiple times, but still reports that restart is required in sec, but now today it shows that the server is offline in sec...

    Phil.

    :50482
  • 0
    sealyit wrote:

    i can confirm those logs do not exist on that server for some reason...

    I went back and reviewed the original SDU output again and noticed you have the following logged in the System event log for that server (02)...

    event id 26

Microsoft Visual C++ Runtime Library
Runtime Error!

Program: c:\ProgramData\...

R6030
- CRT not initialized

    2014-06-02_10-02-57.png

    ...and Citrix EdgeSight is installed.  Hence the following article seems to apply (redirects to a Citrix one on resolving the issue).  Can you see if the steps from Citrix resolves the updating problem?  Note:  Afterwards keep an eye on the System event log for further event id 26 entries.

    :50512
  • 0

    ruckus, you are a genius!!  thank you so much for all your assistance in this matter.  i had to apply this registry entry according to this citrix article:  http://support.citrix.com/article/CTX133036

    i had to restart the server a couple of times before i could get rid of the CRT error, but after i could run the alupdate.exe, the servers updated, and reported as normal.

    i knew it was a citrix issue somewhere, but had no idea where to start.  your support has been exceptional

    thanks again.

    Phil.

    :50556