Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 19057 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Macs revert to old primary update server

mr_future

Hi,

I recently migrated several organizations to a consolidated SEC.  Mac endpoint redirections were done per Der Flounder's advice on creating a package that uninstalls/reinstalls SophosAV, plugging in new update server information:

https://derflounder.wordpress.com/2014/09/02/deploying-sophos-enterprise-anti-virus-for-mac-os-x-9-x/

This works perfectly, except for two organizations, in which 50 or so endpoints mysteriously point themselves to the old primary update server.  In one case the old SUM/Sophos Managemenent Server is powered off.  Endpoints tend to revert after one or two days, showing "differs from policy."  I can force policy compliance in the SEC, and they will go back to the new SUM.  After a day or two they revert back to the old SUM.

Your assistance is appreciated!

Thanks,

Brandt 

:55334


This thread was automatically locked due to age.
  • 0

    Hello -

    We see the same issue with some of our Macs after initial installation of Sophos AV. A number of Macs will have the correct primary and secondary servers listed after first check-in to the Enterprise Console. After a reboot, the Macs revert to a local temp directory as the primary backup source, with secondary source being blank.

    :55336
  • 0

    Hello,

    I see this (reverting to the configuration at install time) on a few Macs as well, looks like all of them are running Mac OS X 10.6.8 (and had initially SAV 8.x). It seems that this bug (if it is one) has been introduced with 9.1.x (the affected endpoints have SAV versions 9.1.6 to 9.1.8). Can't say how to resolve it - it's not a real problem for us as the Primary was preconfigured.

    Dunno if 9.2.x corrects this. Guess you better contact Support directly.

    Christian

    :55339
  • 0

    Per Sophos Support, I installed version 9.2.2d3 special on all of our endpoints.  This did not resolve the issue.   I have tried contacting Sophos Support for a couple of months.  They will not touch this issue anymore.

    -Brandt

    :55345
  • 0

    Hello Brandt,

    directed some Macs to the Preview (9.2.2.3) CID and found most but not all reverting - might be triggered by a reboot.

    Christian

    :55444
  • 0

    Watched the Macs, things didn't improve with 9.2.2 and with the current 9.2.4. still a significant portion is reverting (actually I didn't notice any change).

    The good news is that the issue seems to be finally gone in 9.2.6. I had previously bestowed the Preview version upon several endpoints (with diverse OS X versions) and not one has reverted since upgrading to 9.2.6. I'll put another bunch on Preview and keep an eye on them.

    Christian

    :57351
  • 0

    I did finally discover that endpoints are "reverting" in the SEC only.  If I go to the actual endpoint and check the update settings, it is still pointed at the new server.  Which makes this issue less urgent.  Annoying, but less urgent.

    :57352
  • 0

    Hello mr_future,

    thanks for the info. I'm pretty (though not absolutely) sure that in the past the settings themselves were incorrect. Apparently the policy from the install is - for whatever reason - preserved somewhere.

    Christian

    :57363