Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 17219 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Update Manager Failing

Stelker

Greetings,

I work for a school system with approximately 6,000 endpoints. Our SEC and single SUM are running from the same server (I realize it is not recommended with our number of endpoints). At 10:06 am on 9/17/2012, SEC received several errors from the SUM service:

80040406: Delivery failed for software subscription 'xxxx'. Access to source update location is denied or the location is otherwise unavailable.

80040401: Software update failed.

80040404: Threat detection data update failed.

These errors continued to be produced over the next few days.

On 9/26/2012, these codes began to appear:

80040410: Data read from the update source for software subscription '9.7.7 VDL4.78G xxxxx' was invalid (e.g. corrupt or incomplete).

Today, I upgraded that subscription to VDL4.81G and followed the http://www.sophos.com/en-us/support/knowledgebase/66176.aspx article in an attempt to get SUM service running again.

I am still receiving these errors after following the instructions:

Code 80040401: Software update failed.

Code 80040406: Delivery failed for software subscription '10.0,8.0.7.0 Recommended'. Access to the source update location is denied or the location is otherwise unavailable.

Code 80040410: Data read from the update source for software subscription 'Recommended' was invalid (e.g. corrupt or incomplete).

Code 80040404: Threat detection data update failed.

Along with these issues per subscription:

10.0,8.0,7.0 Recommended\\OCRACOKE\SophosUpdate9/28/2012 8:45:22 AM00000002 Could not read from the update source location

9.7 Recommended\\OCRACOKE\SophosUpdate9/28/2012 8:48:17 AM00000002 Could not read from the update source location

9.7.7 Extended Maintenance\\OCRACOKE\SophosUpdate9/28/2012 8:49:01 AM00000002 Could not read from the update source location

9.7.7 VDL4.81G Static\\OCRACOKE\SophosUpdateNever 00000002 Could not read from the update source location

Recommended \\OCRACOKE\SophosUpdate9/28/2012 8:48:27 AM00000001 The update source location is invalid

LogViewer is presenting such errors as:

9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control'. Details: File copy failed.
9/28/2012 3:26:54 PM Information The log viewer dictionary was updated successfully.
9/28/2012 3:26:53 PM Information Update source status was checked successfully.
9/28/2012 3:24:12 PM Information The maintenance operation was successful.
9/28/2012 3:24:07 PM Information Sophos Update Manager has started up.

I don't think my problem stems from the Shh/Updater-B issue, as the Sophos Endpoint Protection client running on the SEC/SUM server didn't report the false positive and none of the endpoints in our county have either. Perhaps we dodged that issue due to this one?

I apologize if the formatting of this information is subpar. Does anyone have any insight to my situation? Any help would be greatly appreciated.

Thanks in advance,

Cameron

:33363


This thread was automatically locked due to age.
  • 0

    Hi,

    To get the latest info out of SUM. Could you do as follows:

    1. Stop the Sophos Update Manager Service
    2. Ensure that "SophosUpdateMgr.exe" process also terminates.
    3. Start the service again and ensure that "SophosUpdateMgr.exe" returns.
    4. Create the following "string" reg key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\[wow6432node]\Sophos\UpdateManager\Security]
    "LogonKey"="pass"

    Note: pass can be any string but it will do.

    5. Using "Telnet" on the local machine run::

    telnet 127.0.0.1 51234

    6. When prompted, enter the password set in the registry: E.g. "pass"
    7. Kick off an update off the SUM from within SEC, you should soon seem some activity in the telnet session.
    8, Maybe you can capture the lines from the command prompt and paste them here.
    The SUM trace logs are also worth checking: "C:\ProgramData\Sophos\Update Manager\Logs\".

    Another test, which might rule out a few things. If you have a spare client, you could install another SUM on that. I.e.
    Run:
    \\OCRACOKE\SUMInstallSet\setup.exe
    To install a SUM on another computer.

    When it appears in SEC in the SUM view, you can configure it to update from Sophos.
    Does that SUM complete ok?
    That will double check that your "Site" can get all the files. Creds are ok. Etc.

    Regards,
    Jak

    :33365
  • 0

    I apologize for replying so late.

    I installed Sophos Update Manager on a Windows XP Professional computer. I was able to configure it via the Sophos Enterprise Console, and added the subscription that just grabs the latest version for Sophos 10.0 (Windows), 8.0 (Mac) and 7.0 (Linux). The update failed when trying to download the subscriptions from source "Sophos" after entering our subscription credentials. However, I noticed the new Update Manager version was 1.0.x.x, while our current Update Manager server is running version 1.3.2.176. It turns out that the first install path I used was a shared folder pointing to C:\Program Files\Sophos\Enterprise Console\SUMInstaller.

    I made a new shared folder named UpdateManagerInstall that points to C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Install (I believe this is a newer version of the Update Manager service since the modify date is much more recent), but I get the following error when running the Setup.exe found there:

    "The RMS configuration files cac.pem and/or mrinit.conf cannot be found in \\10.x.x.x\UpdateManagerInstall\. They are required in a managed configuration."

    Is it sufficient to copy these two files over from the SUMInstaller folder?

    Thanks again for your time and help,

    Cameron

    Here is the log file created by the telnet session:

    Authenticate: pass
    Sophos Update Manager v1.3.2.176 Copyright 2009-2011 Sophos Limited. All rights
    reserved.
    [I1021][ActionUpdateMetadata][DispatcherPrograms-2012-09-28T21-00-21-1] Action '
    ActionUpdateMetadata' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1' sta
    rted...
    [I101D][DispatcherPrograms-2012-09-28T21-00-21-1][2] Events of dispatcher with I
    D 'DispatcherPrograms-2012-09-28T21-00-21-1' triggered by user. It will run 2 ev
    ents.
    [I000F][0][<signatures><contents>e0a954eb7390f5916ab0776864925c45:8480b0ef231846
    02c0821bf149aec8a2</contents><dictionary>5238160c9d369af1dda971261ec9e9e1</dicti
    onary><published_time>2012-09-26T20:15:47</published_time></signatures>][Sophos
    Endpoint Protection - Advanced][] Successfully checked warehouse status.
    [I0009][ActionUpdateMetadata][DispatcherPrograms-2012-09-28T21-00-21-1] Action '
    ActionUpdateMetadata' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1' suc
    ceeded!
    [S0012][DispatcherPrograms-2012-09-28T21-00-21-1] Event with dispatcher ID 'Disp
    atcherPrograms-2012-09-28T21-00-21-1' completed successfully.
    [I1021][ActionUpdateLogViewerDictionaries][DispatcherPrograms-2012-09-28T21-00-2
    1-1] Action 'ActionUpdateLogViewerDictionaries' with caller 'DispatcherPrograms-
    2012-09-28T21-00-21-1' started...
    [I001F][0] Successfully updated the log viewer dictionary.
    [I0009][ActionUpdateLogViewerDictionaries][DispatcherPrograms-2012-09-28T21-00-2
    1-1] Action 'ActionUpdateLogViewerDictionaries' with caller 'DispatcherPrograms-
    2012-09-28T21-00-21-1' succeeded!
    [I1021][ActionSyncPrograms][DispatcherPrograms-2012-09-28T21-00-21-1] Action 'Ac
    tionSyncPrograms' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1' started
    ...
    [I1012][e5e317f9006e874679e449ba4b159b5ex000.dat] Starting to synchronise file '
    e5e317f9006e874679e449ba4b159b5ex000.dat'...
    [I1012][e5e317f9006e874679e449ba4b159b5ex000.dat] Starting to synchronise file '
    e5e317f9006e874679e449ba4b159b5ex000.dat'...
    [I1012][e5e317f9006e874679e449ba4b159b5ex000.dat] Starting to synchronise file '
    e5e317f9006e874679e449ba4b159b5ex000.dat'...
    [I1012][e5e317f9006e874679e449ba4b159b5ex000.dat] Starting to synchronise file '
    e5e317f9006e874679e449ba4b159b5ex000.dat'...
    [E401C][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Checksum error: e5e317f9006e874679
    e449ba4b159b5e][RECOMMENDED][SOPHOS] Synchronise operation failed when synchroni
    sing payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' because of a checksum error.
     Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
    [E401C][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Checksum error: e5e317f9006e874679
    e449ba4b159b5e][RECOMMENDED][SOPHOS] Synchronise operation failed when synchroni
    sing payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' because of a checksum error.
     Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
    [E401C][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Checksum error: e5e317f9006e874679
    e449ba4b159b5e][RECOMMENDED][SOPHOS] Synchronise operation failed when synchroni
    sing payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' because of a checksum error.
     Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
    [E401C][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Checksum error: e5e317f9006e874679
    e449ba4b159b5e][RECOMMENDED][SOPHOS] Synchronise operation failed when synchroni
    sing payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' because of a checksum error.
     Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
    [E403B][8BAA10C1-3844-465E-919C-D778A5407708][Not attempted.][RECOMMENDED][SOPHO
    S] Payload '8BAA10C1-3844-465E-919C-D778A5407708' could not be synchronised beca
    use the synchronise operation failed due to an earlier error.
    [E403B][5CF594B0-9FED-4212-BA91-A4077CB1D1F3][Not attempted.][RECOMMENDED][SOPHO
    S] Payload '5CF594B0-9FED-4212-BA91-A4077CB1D1F3' could not be synchronised beca
    use the synchronise operation failed due to an earlier error.
    [E403B][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Not attempted.][9.7.7.479.1][SOPHO
    S] Payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' could not be synchronised beca
    use the synchronise operation failed due to an earlier error.
    [E403B][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Not attempted.][EXTENDED_MAINTENAN
    CE_RECOMMENDED][SOPHOS] Payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' could not
     be synchronised because the synchronise operation failed due to an earlier erro
    r.
    [E403B][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Not attempted.][9.7.7.481][SOPHOS]
     Payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A' could not be synchronised becaus
    e the synchronise operation failed due to an earlier error.
    [E403B][8BAA10C1-3844-465E-919C-D778A5407708][Not attempted.][8.0.6.1000][SOPHOS
    ] Payload '8BAA10C1-3844-465E-919C-D778A5407708' could not be synchronised becau
    se the synchronise operation failed due to an earlier error.
    [E403B][5CF594B0-9FED-4212-BA91-A4077CB1D1F3][Not attempted.][7.5.8.0.0][SOPHOS]
     Payload '5CF594B0-9FED-4212-BA91-A4077CB1D1F3' could not be synchronised becaus
    e the synchronise operation failed due to an earlier error.
    [E403B][7D48A012-0C64-4F21-BA27-A9CEDF442749][Not attempted.][0.0.0][SOPHOS] Pay
    load '7D48A012-0C64-4F21-BA27-A9CEDF442749' could not be synchronised because th
    e synchronise operation failed due to an earlier error.
    [E403B][2DE69C24-D975-47b2-8D2F-6BEA861A9C75][Not attempted.][RECOMMENDED][SOPHO
    S] Payload '2DE69C24-D975-47b2-8D2F-6BEA861A9C75' could not be synchronised beca
    use the synchronise operation failed due to an earlier error.
    [E403B][A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][Not attempted.][RECOMMENDED][SOPHO
    S] Payload 'A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1' could not be synchronised beca
    use the synchronise operation failed due to an earlier error.
    [E400D][ActionSyncPrograms][DispatcherPrograms-2012-09-28T21-00-21-1] Action 'Ac
    tionSyncPrograms' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1' failed!
    [I1021][ActionGatherCurrencyData-Sub0][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub0' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][F26F7EC0-1302-4DA7-8B6B-A53830
    51D41A] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name 'F26F7EC0-1302-4DA7-8B6B-A5
    383051D41A' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub0][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub0' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub0][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub0' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' started...
    [E402A][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][RECOMMENDED] The decode of payload
     F26F7EC0-1302-4DA7-8B6B-A5383051D41A and requested version RECOMMENDED was abor
    ted because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub0][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub0' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub0][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     started...
    [I1017][ActionGenerateCid-Sub0][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     could not execute.
    [I1021][ActionDeployCids-Sub0-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub0-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub0-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub0-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub1][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub1' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][8BAA10C1-3844-465E-919C-D778A5
    407708] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name '8BAA10C1-3844-465E-919C-D7
    78A5407708' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub1][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub1' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub1][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub1' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' started...
    [E402A][8BAA10C1-3844-465E-919C-D778A5407708][RECOMMENDED] The decode of payload
     8BAA10C1-3844-465E-919C-D778A5407708 and requested version RECOMMENDED was abor
    ted because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub1][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub1' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub1][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub1' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     started...
    [I1017][ActionGenerateCid-Sub1][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub1' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     could not execute.
    [I1021][ActionDeployCids-Sub1-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub1-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub1-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub1-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub2][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub2' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][5CF594B0-9FED-4212-BA91-A4077C
    B1D1F3] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name '5CF594B0-9FED-4212-BA91-A4
    077CB1D1F3' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub2][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub2' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub2][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub2' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' started...
    [E402A][5CF594B0-9FED-4212-BA91-A4077CB1D1F3][RECOMMENDED] The decode of payload
     5CF594B0-9FED-4212-BA91-A4077CB1D1F3 and requested version RECOMMENDED was abor
    ted because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub2][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub2' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' failed! 

    :33513
  • 0

    [I1021][ActionGenerateCid-Sub2][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub2' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     started...
    [I1017][ActionGenerateCid-Sub2][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub2' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     could not execute.
    [I1021][ActionDeployCids-Sub2-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub2-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub2-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub2-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub3][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub3' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][F26F7EC0-1302-4DA7-8B6B-A53830
    51D41A] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name 'F26F7EC0-1302-4DA7-8B6B-A5
    383051D41A' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub3][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub3' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub3][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub3' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' started...
    [E402A][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][9.7.7.479.1] The decode of payload
     F26F7EC0-1302-4DA7-8B6B-A5383051D41A and requested version 9.7.7.479.1 was abor
    ted because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub3][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub3' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub3][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub3' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     started...
    [I1017][ActionGenerateCid-Sub3][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub3' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     could not execute.
    [I1021][ActionDeployCids-Sub3-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub3-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub3-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub3-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub4-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub4-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub4-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub4-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub5-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub5-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub5-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub5-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub6-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub6-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub6-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub6-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub7-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub7-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub7-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub7-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub8-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub8-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub8-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub8-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub9][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub9' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][F26F7EC0-1302-4DA7-8B6B-A53830
    51D41A] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name 'F26F7EC0-1302-4DA7-8B6B-A5
    383051D41A' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub9][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-Sub9' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub9][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub9' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' started...
    [E402A][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][EXTENDED_MAINTENANCE_RECOMMENDED]
    The decode of payload F26F7EC0-1302-4DA7-8B6B-A5383051D41A and requested version
     EXTENDED_MAINTENANCE_RECOMMENDED was aborted because the synchronise is marked
    as failed.
    [E400D][ActionDecodeEverything-Sub9][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-Sub9' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub9][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub9' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     started...
    [I1017][ActionGenerateCid-Sub9][DispatcherPrograms-2012-09-28T21-00-21-1] Action
     'ActionGenerateCid-Sub9' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1'
     could not execute.
    [I1021][ActionDeployCids-Sub9-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub9-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionDeployCids-Sub9-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeployCids-Sub9-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub10][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub10' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][F26F7EC0-1302-4DA7-8B6B-A53830
    51D41A] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name 'F26F7EC0-1302-4DA7-8B6B-A5
    383051D41A' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub10][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub10' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub10][DispatcherPrograms-2012-09-28T21-00-21-1]
    Action 'ActionDecodeEverything-Sub10' with caller 'DispatcherPrograms-2012-09-28
    T21-00-21-1' started...
    [E402A][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][9.7.7.481] The decode of payload F
    26F7EC0-1302-4DA7-8B6B-A5383051D41A and requested version 9.7.7.481 was aborted
    because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub10][DispatcherPrograms-2012-09-28T21-00-21-1]
    Action 'ActionDecodeEverything-Sub10' with caller 'DispatcherPrograms-2012-09-28
    T21-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub10][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionGenerateCid-Sub10' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionGenerateCid-Sub10][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionGenerateCid-Sub10' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub10-0][DispatcherPrograms-2012-09-28T21-00-21-1] Acti
    on 'ActionDeployCids-Sub10-0' with caller 'DispatcherPrograms-2012-09-28T21-00-2
    1-1' started...
    [I1017][ActionDeployCids-Sub10-0][DispatcherPrograms-2012-09-28T21-00-21-1] Acti
    on 'ActionDeployCids-Sub10-0' with caller 'DispatcherPrograms-2012-09-28T21-00-2
    1-1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub11][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub11' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][8BAA10C1-3844-465E-919C-D778A5
    407708] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name '8BAA10C1-3844-465E-919C-D7
    78A5407708' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub11][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub11' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub11][DispatcherPrograms-2012-09-28T21-00-21-1]
    Action 'ActionDecodeEverything-Sub11' with caller 'DispatcherPrograms-2012-09-28
    T21-00-21-1' started...
    [E402A][8BAA10C1-3844-465E-919C-D778A5407708][8.0.6.1000] The decode of payload
    8BAA10C1-3844-465E-919C-D778A5407708 and requested version 8.0.6.1000 was aborte
    d because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub11][DispatcherPrograms-2012-09-28T21-00-21-1]
    Action 'ActionDecodeEverything-Sub11' with caller 'DispatcherPrograms-2012-09-28
    T21-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub11][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionGenerateCid-Sub11' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionGenerateCid-Sub11][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionGenerateCid-Sub11' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub11-0][DispatcherPrograms-2012-09-28T21-00-21-1] Acti
    on 'ActionDeployCids-Sub11-0' with caller 'DispatcherPrograms-2012-09-28T21-00-2
    1-1' started...
    [I1017][ActionDeployCids-Sub11-0][DispatcherPrograms-2012-09-28T21-00-21-1] Acti
    on 'ActionDeployCids-Sub11-0' with caller 'DispatcherPrograms-2012-09-28T21-00-2
    1-1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub12][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub12' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][5CF594B0-9FED-4212-BA91-A4077C
    B1D1F3] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name '5CF594B0-9FED-4212-BA91-A4
    077CB1D1F3' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub12][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub12' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-Sub12][DispatcherPrograms-2012-09-28T21-00-21-1]
    Action 'ActionDecodeEverything-Sub12' with caller 'DispatcherPrograms-2012-09-28
    T21-00-21-1' started...
    [E402A][5CF594B0-9FED-4212-BA91-A4077CB1D1F3][7.5.8.0.0] The decode of payload 5
    CF594B0-9FED-4212-BA91-A4077CB1D1F3 and requested version 7.5.8.0.0 was aborted
    because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-Sub12][DispatcherPrograms-2012-09-28T21-00-21-1]
    Action 'ActionDecodeEverything-Sub12' with caller 'DispatcherPrograms-2012-09-28
    T21-00-21-1' failed!
    [I1021][ActionGenerateCid-Sub12][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionGenerateCid-Sub12' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [I1017][ActionGenerateCid-Sub12][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionGenerateCid-Sub12' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' could not execute.
    [I1021][ActionDeployCids-Sub12-0][DispatcherPrograms-2012-09-28T21-00-21-1] Acti
    on 'ActionDeployCids-Sub12-0' with caller 'DispatcherPrograms-2012-09-28T21-00-2
    1-1' started...
    [I1017][ActionDeployCids-Sub12-0][DispatcherPrograms-2012-09-28T21-00-21-1] Acti
    on 'ActionDeployCids-Sub12-0' with caller 'DispatcherPrograms-2012-09-28T21-00-2
    1-1' could not execute.
    [I1021][ActionGatherCurrencyData-Sub13][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub13' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][7D48A012-0C64-4F21-BA27-A9CEDF
    442749] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name '7D48A012-0C64-4F21-BA27-A9
    CEDF442749' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub13][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub13' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' succeeded!
    [I1021][ActionDeploySDF-Sub13-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeploySDF-Sub13-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [E402A][7D48A012-0C64-4F21-BA27-A9CEDF442749][0.0.0] The decode of payload 7D48A
    012-0C64-4F21-BA27-A9CEDF442749 and requested version 0.0.0 was aborted because
    the synchronise is marked as failed.
    [E400D][ActionDeploySDF-Sub13-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeploySDF-Sub13-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' failed!
    [I1021][ActionGatherCurrencyData-Sub14][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub14' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][2DE69C24-D975-47b2-8D2F-6BEA86
    1A9C75] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name '2DE69C24-D975-47b2-8D2F-6B
    EA861A9C75' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-Sub14][DispatcherPrograms-2012-09-28T21-00-21-1
    ] Action 'ActionGatherCurrencyData-Sub14' with caller 'DispatcherPrograms-2012-0
    9-28T21-00-21-1' succeeded!
    [I1021][ActionDeploySDF-Sub14-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeploySDF-Sub14-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' started...
    [E402A][2DE69C24-D975-47b2-8D2F-6BEA861A9C75][RECOMMENDED] The decode of payload
     2DE69C24-D975-47b2-8D2F-6BEA861A9C75 and requested version RECOMMENDED was abor
    ted because the synchronise is marked as failed.
    [E400D][ActionDeploySDF-Sub14-0][DispatcherPrograms-2012-09-28T21-00-21-1] Actio
    n 'ActionDeploySDF-Sub14-0' with caller 'DispatcherPrograms-2012-09-28T21-00-21-
    1' failed!
    [I1021][ActionGatherCurrencyData-SDDM][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-SDDM' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' started...
    [E402D][DispatcherPrograms-2012-09-28T21-00-21-1][A845A8B5-6532-4EF1-B19E-1DB2B3
    CB73D1] Gather Currency Data operation invoked by dispatcherId 'DispatcherProgra
    ms-2012-09-28T21-00-21-1' on product with rigid name 'A845A8B5-6532-4EF1-B19E-1D
    B2B3CB73D1' has been aborted because the data has not been synchronised correctl
    y.
    [I0009][ActionGatherCurrencyData-SDDM][DispatcherPrograms-2012-09-28T21-00-21-1]
     Action 'ActionGatherCurrencyData-SDDM' with caller 'DispatcherPrograms-2012-09-
    28T21-00-21-1' succeeded!
    [I1021][ActionDecodeEverything-SDDM][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-SDDM' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' started...
    [E402A][A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][RECOMMENDED] The decode of payload
     A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1 and requested version RECOMMENDED was abor
    ted because the synchronise is marked as failed.
    [E400D][ActionDecodeEverything-SDDM][DispatcherPrograms-2012-09-28T21-00-21-1] A
    ction 'ActionDecodeEverything-SDDM' with caller 'DispatcherPrograms-2012-09-28T2
    1-00-21-1' failed!
    [I1021][ActionSelfUpdate-SDDM][DispatcherPrograms-2012-09-28T21-00-21-1] Action
    'ActionSelfUpdate-SDDM' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1' s
    tarted...
    [I1017][ActionSelfUpdate-SDDM][DispatcherPrograms-2012-09-28T21-00-21-1] Action
    'ActionSelfUpdate-SDDM' with caller 'DispatcherPrograms-2012-09-28T21-00-21-1' c
    ould not execute.
    [E400E][DispatcherPrograms-2012-09-28T21-00-21-1] Event with dispatcher ID 'Disp
    atcherPrograms-2012-09-28T21-00-21-1' failed to execute.
    [I1020][DispatcherPrograms-2012-09-28T21-00-21-1] All events with dispatcher ID
    'DispatcherPrograms-2012-09-28T21-00-21-1' complete.

    :33515
  • 0

    HI,

    It's an odd checkum error you have in the logs regarding this file:

    e5e317f9006e874679e449ba4b159b5ex000.dat = "SCFRes_op_viewer_it.dll"

    In a browser (configured to use the same proxy as SUM if there is a proxy), can you download the file:

    http://d1.sophosupd.com/update/e5e317f9006e874679e449ba4b159b5ex000.dat

    I wonder if maybe an appliance at your site is blocking the file, do you have something doing content inspection?

    If I delete "C:\ProgramData\Sophos\Update Manager\Update Manager\Warehouse\e5e317f9006e874679e449ba4b159b5ex000.dat" from my SUM server, and kick off an update, the file is pulled down again.

    If you can download it and drop it in the Warehouse directory, does it allow the update to complete?  Do you get the same prob on another file?

    The initial version of SUM as installed from the SUM install share (\\server\SUMInstallSet) is out of date.  The share version isn't maintained by SUM.  So typically you install the older version, it then updates to the latest.  You shouldn't need to copy files around.

    Regards,

    Jak

    :33517
  • 0

    Brilliant assessment!

    Yes, we have a SonicWALL firewall doing content inspection. I "Wiresharked" an update attempt and filtered for external traffic, finding four relevant IP addresses. It turns out that we are getting alerts from two of these IPs when we make an update attempt:

    Gateway Anti-Virus Alert: Suspicious#polycrypt.1_2 (Worm) blocked

    Hoping it was a false positive, we allowed this traffic through only to get another alert from the same two IP addresses:

    Gateway Anti-Virus Alert: Suspicious#polycrypt.9 (Worm) blocked

    I realize IPS systems are quite capable of false positives, but allowing one possibly infected file was enough for me before I was ready to come back for more consultation.

    I have refrained from printing the offending IP addresses in case you don't want that information posted on the forum. I have access to the SonicWALL logs so please let me know if you want more detailed information. Have you seen this before? How should we procede?

    Thanks,

    Cameron

    :33733
  • 0

    Getting closer... how about download the file:

    http://d1.sophosupd.com/update/e5e317f9006e874679e449ba4b159b5ex000.dat

    maybe even from home or an IP that doesn't go through SonicWALL, host it on a web site and seet if you get the same behaviour going via SonicWALL.  If so. I would suggest getting in touch with SonicWALL maybe supply the URL, even include the Sophos one.

    A quick upload of the dat to:

    https://www.virustotal.com/file/97a97462b78becc6a9cabc510ffd54b810f5582d66cccbf5157b50cdb9acb29c/analysis/

    shows it's fine. :)

    I think the definitions needs to be redone.

    Regards,

    Jak

    :33735
  • 0

    Jak,

    We were able to upload the file you posted to another server and it was still being blocked by our SonicWALL upon download. We decided to go ahead and disable the relevant alerts and this allowed SUM to update successfully.

    No word back from SonicWALL yet about the issue.

    Thank you very much for your help. Expertly diagnosed! Bravo, kudos, cheers!

    -Cameron

    :34225