Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 7482 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV failing to update and cisco anyconnect

g1IT

Hi all, we are having an ongoing issue where every so often sophos fails to update the database on clients pc's whether they are connected to the VPN or not.  We only have a few users with cisco anyconnect installed and they are the only ones affected by this, it also happens when they are in head office connected to our network.  I eventually found out that by stopping the Cisco AnyConnect Secure Mobility Agent service or the Sophos Anti-Virus service, the database will successfully update but obviously this isn't suitable.  

I've trawled through the internet to no avail and the only thing I've found regarding both of these products was an issue where the anyconnect service would not start, which was solved by entering savservice instead of tcp ip in this location > HKEY_LOCAL_MACHINE>system>CurrentControlSet>services>vpnagent> 

I have also noticed recently that it seems to happen to all laptops at the one time but cannot find any link with what could be causing them all to fail at the one time. 

We are using cisco anyconnect version 3.1.03103

sophos endpoint security and control version 10.3

all pc's affected are windows 7.

I've attached the updating logs from a laptop that was failing to update but it doesn't give much info.  the event logs for cisco anyconnect are below but there was no logs for the time of attempting to update sophos, just a few minutes before

Function: CNetEnvironment::logProbeFailure

File: .\NetEnvironment.cpp

Line: 1427

Invoked Function: CHttpProbeAsync::SendProbe

Return Code: -27066354 (0xFE63000E)

Description: HTTP_PROBE_ASYNC_ERROR_CANNOT_CONNECT

HTTP

Function: CNetEnvironment::TestAccessToSG

File: .\NetEnvironment.cpp

Line: 1380

Invoked Function: CNetEnvironment::analyzeHttpResponse

Return Code: -28966899 (0xFE46000D)

Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Function: CNetEnvironment::testNetwork

File: .\NetEnvironment.cpp

Line: 772

Invoked Function: CNetEnvironment::IsSGAccessible

Return Code: -28966899 (0xFE46000D)

Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Function: CSocketTransport::OnTimerExpired

File: .\IPC\SocketTransport.cpp

Line: 1655

Invoked Function: CSocketTransport::postConnectProcessing

Return Code: -31588316 (0xFE1E0024)

Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Function: CHttpProbeAsync::OnOpenRequestComplete

File: .\IP\HttpProbeAsync.cpp

Line: 303

Invoked Function: CHttpSessionAsync::OnOpenRequestComplete

Return Code: -31588316 (0xFE1E0024)

Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT.

Hopefully I've supplied enough info.

thanks

:53033


This thread was automatically locked due to age.
  • 0

    Hello g1IT,

    last week MarkGS posted Keep getting "Failed to install SAVXP: The MSI has Failed".  Your screenshot suggests that you might have a similar issue - although Mark's reply identified the previous (2.4) version of AnyConnect as the culprit. Service dependencies seem to be involved - dunno where they come from: SavService depends on RPC but other services shouldn't depend on it  AnyConnect usually depends on TCP/IP (which makes sense) - it shouldn't depend on SavService.

    Thus my first question is whether the cause of the failing update is indeed the failed CustomAction as in the other thread. 

    Christian 

    :53039