Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 17221 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Update Manager Failing

Stelker

Greetings,

I work for a school system with approximately 6,000 endpoints. Our SEC and single SUM are running from the same server (I realize it is not recommended with our number of endpoints). At 10:06 am on 9/17/2012, SEC received several errors from the SUM service:

80040406: Delivery failed for software subscription 'xxxx'. Access to source update location is denied or the location is otherwise unavailable.

80040401: Software update failed.

80040404: Threat detection data update failed.

These errors continued to be produced over the next few days.

On 9/26/2012, these codes began to appear:

80040410: Data read from the update source for software subscription '9.7.7 VDL4.78G xxxxx' was invalid (e.g. corrupt or incomplete).

Today, I upgraded that subscription to VDL4.81G and followed the http://www.sophos.com/en-us/support/knowledgebase/66176.aspx article in an attempt to get SUM service running again.

I am still receiving these errors after following the instructions:

Code 80040401: Software update failed.

Code 80040406: Delivery failed for software subscription '10.0,8.0.7.0 Recommended'. Access to the source update location is denied or the location is otherwise unavailable.

Code 80040410: Data read from the update source for software subscription 'Recommended' was invalid (e.g. corrupt or incomplete).

Code 80040404: Threat detection data update failed.

Along with these issues per subscription:

10.0,8.0,7.0 Recommended\\OCRACOKE\SophosUpdate9/28/2012 8:45:22 AM00000002 Could not read from the update source location

9.7 Recommended\\OCRACOKE\SophosUpdate9/28/2012 8:48:17 AM00000002 Could not read from the update source location

9.7.7 Extended Maintenance\\OCRACOKE\SophosUpdate9/28/2012 8:49:01 AM00000002 Could not read from the update source location

9.7.7 VDL4.81G Static\\OCRACOKE\SophosUpdateNever 00000002 Could not read from the update source location

Recommended \\OCRACOKE\SophosUpdate9/28/2012 8:48:27 AM00000001 The update source location is invalid

LogViewer is presenting such errors as:

9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:07 PM Error Synchronize operation failed when synchronizing product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control' because of a checksum error. Details: Checksum error: e5e317f9006e874679e449ba4b159b5e
9/28/2012 3:33:04 PM Error Synchronize operation failed when synchronizing the protection data for product release 'Windows Endpoint Security and Control'. Details: File copy failed.
9/28/2012 3:26:54 PM Information The log viewer dictionary was updated successfully.
9/28/2012 3:26:53 PM Information Update source status was checked successfully.
9/28/2012 3:24:12 PM Information The maintenance operation was successful.
9/28/2012 3:24:07 PM Information Sophos Update Manager has started up.

I don't think my problem stems from the Shh/Updater-B issue, as the Sophos Endpoint Protection client running on the SEC/SUM server didn't report the false positive and none of the endpoints in our county have either. Perhaps we dodged that issue due to this one?

I apologize if the formatting of this information is subpar. Does anyone have any insight to my situation? Any help would be greatly appreciated.

Thanks in advance,

Cameron

:33363


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    To get the latest info out of SUM. Could you do as follows:

    1. Stop the Sophos Update Manager Service
    2. Ensure that "SophosUpdateMgr.exe" process also terminates.
    3. Start the service again and ensure that "SophosUpdateMgr.exe" returns.
    4. Create the following "string" reg key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\[wow6432node]\Sophos\UpdateManager\Security]
    "LogonKey"="pass"

    Note: pass can be any string but it will do.

    5. Using "Telnet" on the local machine run::

    telnet 127.0.0.1 51234

    6. When prompted, enter the password set in the registry: E.g. "pass"
    7. Kick off an update off the SUM from within SEC, you should soon seem some activity in the telnet session.
    8, Maybe you can capture the lines from the command prompt and paste them here.
    The SUM trace logs are also worth checking: "C:\ProgramData\Sophos\Update Manager\Logs\".

    Another test, which might rule out a few things. If you have a spare client, you could install another SUM on that. I.e.
    Run:
    \\OCRACOKE\SUMInstallSet\setup.exe
    To install a SUM on another computer.

    When it appears in SEC in the SUM view, you can configure it to update from Sophos.
    Does that SUM complete ok?
    That will double check that your "Site" can get all the files. Creds are ok. Etc.

    Regards,
    Jak

    :33365
Reply
  • 0

    Hi,

    To get the latest info out of SUM. Could you do as follows:

    1. Stop the Sophos Update Manager Service
    2. Ensure that "SophosUpdateMgr.exe" process also terminates.
    3. Start the service again and ensure that "SophosUpdateMgr.exe" returns.
    4. Create the following "string" reg key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\[wow6432node]\Sophos\UpdateManager\Security]
    "LogonKey"="pass"

    Note: pass can be any string but it will do.

    5. Using "Telnet" on the local machine run::

    telnet 127.0.0.1 51234

    6. When prompted, enter the password set in the registry: E.g. "pass"
    7. Kick off an update off the SUM from within SEC, you should soon seem some activity in the telnet session.
    8, Maybe you can capture the lines from the command prompt and paste them here.
    The SUM trace logs are also worth checking: "C:\ProgramData\Sophos\Update Manager\Logs\".

    Another test, which might rule out a few things. If you have a spare client, you could install another SUM on that. I.e.
    Run:
    \\OCRACOKE\SUMInstallSet\setup.exe
    To install a SUM on another computer.

    When it appears in SEC in the SUM view, you can configure it to update from Sophos.
    Does that SUM complete ok?
    That will double check that your "Site" can get all the files. Creds are ok. Etc.

    Regards,
    Jak

    :33365
Children
No Data