Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1611 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Update Manager No Longer Working After Update to Version 1.2.1.161

Gutenberg

A few weeks ago there was an automatic upgrade to our Update Manager running under Enterprise Console 4.7.0.13. Since then the Update Manager no longer works.

I can see that the manager is running but it takes up +95% of the CPU. I've stopped and started the service several times to no effect. It has to be stopped manually or it will bog down the server. I even let it run for 24 hours or so to see what would happen before stopping the service. It just kept running.

The only error message that appears in the event log is: Source: SQL Browser The configuration of the AdminConnection\TCP protocol in the SQL instance SOPHOS is not valid." There are no errors or codes show in the Update Manager Detail.

I'm getting nowhere with Sophos support. I've been going back and for with them for over 2 weeks and opened two support tickets on this, one asking for help getting the Update Manager working and the other asking if I can manually push AV updates to the clients.

I should also mention that this server is a VM configured with two drives one with 1.04 GB free and the other with 1.29 GB free. Should I try freeing up some space for the updates? Unfortunately I wasn't the person who configured and deployed this system or Sophos.

Any suggestions or advice would be welcomed.

:18725


This thread was automatically locked due to age.
  • 0

    HI,

    Which process is the one consuming the CPU?  Is it SUMService.exe or SophosUpdateMgr.exe?


    I assume you killed both and then restarted the SUM Service, which in turn launches the SophosUpdateMgr.exe process?  Usually when you stop the Service, SophosUpdateMgr.exe also closes, does this happen, if not I would kill it then restart the service?

    If you restart the service, leave it for a moment, can you make available the SUM trace log, e.g. \Programdata\Sophos\Update Manager\Logs \Sumrace(latesttimestamp).log?

    The other thing worth checking is that when the new SophosUpdateMgr.exe is started, it listens on TCP port 51234 and the Sophos Agent service logs on.  In the RMS Agent logs (\Programdata\Sophos\Remote Management System\3\Agent\Logs \) you should see:

    
SDDMA: Logon key written successfully.
SDDMA: Logon key sent.
SDDMA: Socket connection authenticated.
SDDMA: The adapter is connected to SDDM.

    Does this take place?

    It sounds like you have enough disk space at least for the short term to get the SUM running. It mght be worth checking that the SUM log hasn't become overly large in:

    "\Programdata\Sophos\Update Manager\Logs \".  The default is up to 500MB, with all the problems you've been having it might be worth checking that.

    Regards,

    Jak

     

    :18731
  • 0

    Hi Jak,

    Thanks for the advice.

    The SophosUpdateMgr.exe process was the one consuming CPU. When I checked the RMS Agent logs I didn't see any of the SDDMA messages you referenced.

    I finally managed to set up a remote session with a Sophos support tech who ended up reinstalling the update manager.

    He wasn't able to determine an exact cause of the problem, but the reinstall fixed it.

    It could have been an unsuccessful update or some kind of file corruptiion issue.

    All is well once again.

    :18977