Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 5404 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console wont update - with a twist

Taysr

Hi on my server the admin password was changed, and ever since we've not been able to download new updates. We've gone through the necessary steps to fix this although another issue is that the account SophosSERVER-010 Used for download of Sophos Updates has also been changed, we believe this to be the issue as to why we still cannot update. - cannot contact server when trying to update

I've cleaned out the update log then ran a update so you get only the necessary info, any help would be greatly appreciated.

Thanks in advance.

Trace(2012-Jul-11 08:27:19): ALUpdate started: -ManualUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"

Trace(2012-Jul-11 08:27:19): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has been added.

Trace(2012-Jul-11 08:27:19): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  available from Sophos.

Trace(2012-Jul-11 08:27:19): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  the Spam Rules package.

Trace(2012-Jul-11 08:27:19): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.

Trace(2012-Jul-11 08:27:19): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.

Trace(2012-Jul-11 08:27:19): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.

Trace(2012-Jul-11 08:27:19): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.

Trace(2012-Jul-11 08:27:19): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0

Trace(2012-Jul-11 08:27:19): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.

Trace(2012-Jul-11 08:27:19): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.

Trace(2012-Jul-11 08:27:19): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.

Trace(2012-Jul-11 08:27:19): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.

Trace(2012-Jul-11 08:27:19): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.

Trace(2012-Jul-11 08:27:19): ConfigurationImpl, considering PMSR: PureMessage not installed, PMSR package will not be updated

Trace(2012-Jul-11 08:27:19): Considering subscribed products.

Trace(2012-Jul-11 08:27:19): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}

Trace(2012-Jul-11 08:27:19): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.

Trace(2012-Jul-11 08:27:19): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.

Trace(2012-Jul-11 08:27:19): Considering product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D}

Trace(2012-Jul-11 08:27:19): Product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is not already subscribed.

Trace(2012-Jul-11 08:27:19): Product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is PureMessageSpamRules.

Trace(2012-Jul-11 08:27:19): Product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} was added to the list.

Trace(2012-Jul-11 08:27:19): IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4

Trace(2012-Jul-11 08:27:19): RMSMessageHandler: ALUpdateStart

Trace(2012-Jul-11 08:27:19): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />

Trace(2012-Jul-11 08:27:19): IPCSender::ProcessSend started

Trace(2012-Jul-11 08:27:19): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />

Trace(2012-Jul-11 08:27:19): IPCSender::ProcessSend: No messages in queue, starting to wait

Trace(2012-Jul-11 08:27:19): IPCSender::ProcessSend: No messages in queue, starting to wait

Trace(2012-Jul-11 08:27:19): ALUpdate(AutoUpdate.Started):

Trace(2012-Jul-11 08:27:19): UpdateCoordinator::UpdateNow: Entering

Trace(2012-Jul-11 08:27:19): PopulateCache: Entering

Trace(2012-Jul-11 08:27:19): UpdateCoordinator::UpdateNow: About to Sync list of products

Trace(2012-Jul-11 08:27:19): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID

Trace(2012-Jul-11 08:27:19): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:

Trace(2012-Jul-11 08:27:19): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location

Trace(2012-Jul-11 08:27:19): Calling package_source_init

Trace(2012-Jul-11 08:27:19): TrySyncProduct, Calling BeginSync

Trace(2012-Jul-11 08:27:19): Logging on network access user

Trace(2012-Jul-11 08:27:19): Attempting to make a connection to remote machine \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:27:19): Connection to remote machine \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\ successful

Trace(2012-Jul-11 08:27:19): ParseCustomerIDFile: completed: 0

Trace(2012-Jul-11 08:27:19): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}

Trace(2012-Jul-11 08:27:19): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT

Trace(2012-Jul-11 08:27:19): CIDUpdate(SyncProduct.Start): RMSNT, \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:27:19): Checksum found in master.upd matches cached cidsync.upd : 27bbbdb1. Skipping download

Trace(2012-Jul-11 08:27:19): CIDUpdate(PrimarySuccess):

Trace(2012-Jul-11 08:27:19): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1

Trace(2012-Jul-11 08:27:19): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1

Trace(2012-Jul-11 08:27:19): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID

Trace(2012-Jul-11 08:27:19): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP

Trace(2012-Jul-11 08:27:19): CIDUpdate(SyncProduct.Start): SAVXP, \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:27:19): Checksum found in master.upd matches cached cidsync.upd : 8ab6aaa2. Skipping download

Trace(2012-Jul-11 08:27:20): CIDUpdate(PrimarySuccess):

Trace(2012-Jul-11 08:27:20): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID

Trace(2012-Jul-11 08:27:20): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate

Trace(2012-Jul-11 08:27:20): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:27:20): Checksum found in master.upd matches cached cidsync.upd : c632f670. Skipping download

Trace(2012-Jul-11 08:27:20): CIDUpdate(PrimarySuccess):

Trace(2012-Jul-11 08:27:21): ALUpdate(DownloadEnded):

Trace(2012-Jul-11 08:27:21): UpdateCoordinator::UpdateNow: About to Action list of products

Trace(2012-Jul-11 08:27:21): ALUpdate(Action.Skipped): RMSNT

Trace(2012-Jul-11 08:27:21): ALUpdate(Action.Skipped): SAVXP

Trace(2012-Jul-11 08:27:21): ALUpdate(Action.Skipped): Sophos AutoUpdate

Trace(2012-Jul-11 08:27:21): ALUpdate(Download.Fail): Sophos PureMessage Trace(2012-Jul-11 08:27:22): RMSMessageHandler: ALUpdateEnd

Trace(2012-Jul-11 08:27:22): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Download.Fail</ID><StringID>111</StringID><Sender>ALUpdate</Sender><Insert>Sophos PureMessage</Insert></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated package Sophos PureMessage</ReadableMessage></Config>

Trace(2012-Jul-11 08:27:22): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Download.Fail</ID><StringID>111</StringID><Sender>ALUpdate</Sender><Insert>Sophos PureMessage</Insert></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated package Sophos PureMessage</ReadableMessage></Config>

Trace(2012-Jul-11 08:27:22): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Download.Fail</ID><StringID>111</StringID><Sender>ALUpdate</Sender><Insert>Sophos PureMessage</Insert></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated package Sophos PureMessage</ReadableMessage></Config>

Trace(2012-Jul-11 08:27:22): IPCSender::ProcessSend: No messages in queue, starting to wait

Trace(2012-Jul-11 08:27:23): IPCSender::ProcessSend exiting

Trace(2012-Jul-11 08:29:48): ALUpdate started: -ScheduledUpdate  -NoGUI -RootPath "C:\Program Files\Sophos\AutoUpdate"

Trace(2012-Jul-11 08:29:48): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has been added.

Trace(2012-Jul-11 08:29:48): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  available from Sophos.

Trace(2012-Jul-11 08:29:48): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} is not  the Spam Rules package.

Trace(2012-Jul-11 08:29:48): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.

Trace(2012-Jul-11 08:29:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.

Trace(2012-Jul-11 08:29:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.

Trace(2012-Jul-11 08:29:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.

Trace(2012-Jul-11 08:29:48): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0

Trace(2012-Jul-11 08:29:48): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.

Trace(2012-Jul-11 08:29:48): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.

Trace(2012-Jul-11 08:29:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.

Trace(2012-Jul-11 08:29:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.

Trace(2012-Jul-11 08:29:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.

Trace(2012-Jul-11 08:29:48): ConfigurationImpl, considering PMSR: PureMessage not installed, PMSR package will not be updated

Trace(2012-Jul-11 08:29:48): Considering subscribed products.

Trace(2012-Jul-11 08:29:48): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}

Trace(2012-Jul-11 08:29:48): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.

Trace(2012-Jul-11 08:29:48): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.

Trace(2012-Jul-11 08:29:48): Considering product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D}

Trace(2012-Jul-11 08:29:48): Product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is not already subscribed.

Trace(2012-Jul-11 08:29:48): Product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is PureMessageSpamRules.

Trace(2012-Jul-11 08:29:48): Product {B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} was added to the list.

Trace(2012-Jul-11 08:29:48): IPCBase::IPCBase: Connected to shared memory A32951C539924a12B3C8F2FDA5A268E4

Trace(2012-Jul-11 08:29:48): RMSMessageHandler: ALUpdateStart

Trace(2012-Jul-11 08:29:48): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />

Trace(2012-Jul-11 08:29:48): IPCSender::ProcessSend started

Trace(2012-Jul-11 08:29:48): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />

Trace(2012-Jul-11 08:29:48): IPCSender::ProcessSend: No messages in queue, starting to wait

Trace(2012-Jul-11 08:29:48): IPCSender::ProcessSend: No messages in queue, starting to wait

Trace(2012-Jul-11 08:29:48): ALUpdate(AutoUpdate.Started):

Trace(2012-Jul-11 08:29:48): UpdateCoordinator::UpdateNow: Entering

Trace(2012-Jul-11 08:29:48): PopulateCache: Entering

Trace(2012-Jul-11 08:29:48): UpdateCoordinator::UpdateNow: About to Sync list of products

Trace(2012-Jul-11 08:29:48): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID

Trace(2012-Jul-11 08:29:48): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:

Trace(2012-Jul-11 08:29:48): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location

Trace(2012-Jul-11 08:29:48): Calling package_source_init

Trace(2012-Jul-11 08:29:48): TrySyncProduct, Calling BeginSync

Trace(2012-Jul-11 08:29:48): Logging on network access user

Trace(2012-Jul-11 08:29:49): Attempting to make a connection to remote machine \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:29:49): Connection to remote machine \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\ successful

Trace(2012-Jul-11 08:29:49): ParseCustomerIDFile: completed: 0

Trace(2012-Jul-11 08:29:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92}

Trace(2012-Jul-11 08:29:49): CIDUpdateLocation::SyncProduct - Updating Product: RMSNT

Trace(2012-Jul-11 08:29:49): CIDUpdate(SyncProduct.Start): RMSNT, \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:29:49): Checksum found in master.upd matches cached cidsync.upd : 27bbbdb1. Skipping download

Trace(2012-Jul-11 08:29:49): CIDUpdate(PrimarySuccess):

Trace(2012-Jul-11 08:29:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1

Trace(2012-Jul-11 08:29:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1

Trace(2012-Jul-11 08:29:49): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID

Trace(2012-Jul-11 08:29:49): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP

Trace(2012-Jul-11 08:29:49): CIDUpdate(SyncProduct.Start): SAVXP, \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:29:49): Checksum found in master.upd matches cached cidsync.upd : 8ab6aaa2. Skipping download

Trace(2012-Jul-11 08:29:49): CIDUpdate(PrimarySuccess):

Trace(2012-Jul-11 08:29:50): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID

Trace(2012-Jul-11 08:29:50): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate

Trace(2012-Jul-11 08:29:50): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, \\SERVERNAME\SophosUpdate\CIDs\S000\SAVSCFXP\

Trace(2012-Jul-11 08:29:50): Checksum found in master.upd matches cached cidsync.upd : c632f670. Skipping download

Trace(2012-Jul-11 08:29:50): CIDUpdate(PrimarySuccess):

Trace(2012-Jul-11 08:29:51): ALUpdate(DownloadEnded):

Trace(2012-Jul-11 08:29:51): UpdateCoordinator::UpdateNow: About to Action list of products

Trace(2012-Jul-11 08:29:51): ALUpdate(Action.Skipped): RMSNT

Trace(2012-Jul-11 08:29:51): ALUpdate(Action.Skipped): SAVXP

Trace(2012-Jul-11 08:29:51): ALUpdate(Action.Skipped): Sophos AutoUpdate

Trace(2012-Jul-11 08:29:51): ALUpdate(Download.Fail): Sophos PureMessage

Trace(2012-Jul-11 08:29:52): RMSMessageHandler: ALUpdateEnd

Trace(2012-Jul-11 08:29:52): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Download.Fail</ID><StringID>111</StringID><Sender>ALUpdate</Sender><Insert>Sophos PureMessage</Insert></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated package Sophos PureMessage</ReadableMessage></Config>

Trace(2012-Jul-11 08:29:52): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Download.Fail</ID><StringID>111</StringID><Sender>ALUpdate</Sender><Insert>Sophos PureMessage</Insert></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated package Sophos PureMessage</ReadableMessage></Config>

Trace(2012-Jul-11 08:29:52): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Download.Fail</ID><StringID>111</StringID><Sender>ALUpdate</Sender><Insert>Sophos PureMessage</Insert></ErrorMessage><ReadableMessage>ERROR:   Could not find a source for updated package Sophos PureMessage</ReadableMessage></Config>

Trace(2012-Jul-11 08:29:52): IPCSender::ProcessSend: No messages in queue, starting to wait

Trace(2012-Jul-11 08:29:53): IPCSender::ProcessSend exiting

:26849


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    So if the password for the account referenced here 

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\Service\

    which by default the "SophosSAU<machinename><number>", is changed? In the alc log you (Launch SAV - on the main page you can see "view updating log" ) I would think you will have the error:

    Time: 11/07/2012 08:33:12
    Message: There was a problem while establishing a connection to the server. Details: LogonUser ("[Account]", ".", ...) failed A Windows API call returned error 1326
    Module: CIDUpdate
    Process ID: 40296
    Thread ID: 10504

    "net helmsg 1326" gives :"Logon failure: unknown user name or bad password."  which makes sense as I just put into the registry a different account name. 

    In the trace Alupdate log you also see:

    Trace(2012-Jul-11 08:35:46): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Error</ID><StringID>112</StringID><Sender>CIDUpdate</Sender><Insert>LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</Insert></ErrorMessage><ReadableMessage>There was a problem while establishing a connection to the server. Details: LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</ReadableMessage></Config>
Trace(2012-Jul-11 08:35:46): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Error</ID><StringID>112</StringID><Sender>CIDUpdate</Sender><Insert>LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</Insert></ErrorMessage><ReadableMessage>There was a problem while establishing a connection to the server. Details: LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</ReadableMessage></Config>
Trace(2012-Jul-11 08:35:46): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Error</ID><StringID>112</StringID><Sender>CIDUpdate</Sender><Insert>LogonUser (&quot;User&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</Insert></ErrorMessage><ReadableMessage>There was a problem while establishing a connection to the server. Details: LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</ReadableMessage></Config>

     Which I don't see in your log.

    Typically this "SophosSAU" account is created automatically with a random password but you can set this account up before you install as per: http://www.sophos.com/en-us/support/knowledgebase/48910.aspx.  The advice here is to set "ObfuscatedPassword" to 0 and then secure the key such that only Administrators and System have access.  So you could set the same key and enter the password in clear, then secure the key.

    Sadly ObfuscationUtil.exe, the SEC tool doesn't generate a obfuscated password that can be used here it seems.

    Regards,

    Jak

    :26857
Reply
  • 0

    HI,

    So if the password for the account referenced here 

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\Service\

    which by default the "SophosSAU<machinename><number>", is changed? In the alc log you (Launch SAV - on the main page you can see "view updating log" ) I would think you will have the error:

    Time: 11/07/2012 08:33:12
    Message: There was a problem while establishing a connection to the server. Details: LogonUser ("[Account]", ".", ...) failed A Windows API call returned error 1326
    Module: CIDUpdate
    Process ID: 40296
    Thread ID: 10504

    "net helmsg 1326" gives :"Logon failure: unknown user name or bad password."  which makes sense as I just put into the registry a different account name. 

    In the trace Alupdate log you also see:

    Trace(2012-Jul-11 08:35:46): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Error</ID><StringID>112</StringID><Sender>CIDUpdate</Sender><Insert>LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</Insert></ErrorMessage><ReadableMessage>There was a problem while establishing a connection to the server. Details: LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</ReadableMessage></Config>
Trace(2012-Jul-11 08:35:46): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Error</ID><StringID>112</StringID><Sender>CIDUpdate</Sender><Insert>LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</Insert></ErrorMessage><ReadableMessage>There was a problem while establishing a connection to the server. Details: LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</ReadableMessage></Config>
Trace(2012-Jul-11 08:35:46): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate"><ErrorMessage><ID>Error</ID><StringID>112</StringID><Sender>CIDUpdate</Sender><Insert>LogonUser (&quot;User&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</Insert></ErrorMessage><ReadableMessage>There was a problem while establishing a connection to the server. Details: LogonUser (&quot;user&quot;, &quot;.&quot;, ...) failed A Windows API call returned error 1326</ReadableMessage></Config>

     Which I don't see in your log.

    Typically this "SophosSAU" account is created automatically with a random password but you can set this account up before you install as per: http://www.sophos.com/en-us/support/knowledgebase/48910.aspx.  The advice here is to set "ObfuscatedPassword" to 0 and then secure the key such that only Administrators and System have access.  So you could set the same key and enter the password in clear, then secure the key.

    Sadly ObfuscationUtil.exe, the SEC tool doesn't generate a obfuscated password that can be used here it seems.

    Regards,

    Jak

    :26857
Children
No Data